Allow AuthorizationHandlers to customize authorization status check process

[leio10]

🎩 What? Why?

This change is the second part of #2435, explained in #2314. It adds a DefaultActionAuthorizer class with public methods that could be overriden by child classes. The class to be used for each handler is defined in the handler's WorkflowManifest.

Most of the logic of the status_data method of the ActionAuthorizer class was moved to the authorize method of the new class.

More than the half of the effort of this PR was to allow authorization handler to inform the user about the implemented logic, this include:

• Allow to define new status codes, with all it related translations. Authorization modals view was refactored to implement this.
• Show additional messages to the user. This change is also included in authorization modals view changes.
• Allow forms to change behavior based on the authorization options. These options are added to query string when redirecting the user to the form.

A future PR should allow authorization handlers to define forms for options setting and avoid admin users to learn JSON.

📌 Related Issues

• Related to Short-term authorizations #2314
• Related to AuthorizationHandler initialization moved outside of the AuthorizationStatus class #2435

📋 Subtasks

• Add hooks
• Add an example of use
• Complete tests
• Update docs and changelog

📷 Screenshots (optional)

👻 GIF

[codecov]

Codecov Report

Merging #2438 into master will increase coverage by <.01%.
The diff coverage is 99.31%.

@@            Coverage Diff             @@
##           master    #2438      +/-   ##
==========================================
+ Coverage   98.68%   98.69%   +<.01%     
==========================================
  Files        1296     1297       +1     
  Lines       30363    30354       -9     
==========================================
- Hits        29964    29958       -6     
+ Misses        399      396       -3

[josepjaume]

This should probably be called DefaultHooks, as it comes with a default implementation.

[josepjaume]

Also, not sure about hook as a name for this abstraction.

[leio10]

What about calling it DefaultAuthorizationHandlerAuthorizer? it is a little long, but I think is the most accurate name, since it provides the logic for ActionAuthorizer that is inside the specific authorization handler. I would also change all references to hooks with authorizer.

[josepjaume]

What about using DefaultActionAuthorizer and action_authorizer as a method name?

[leio10]

Ok, I will prepare that change. 👍

[oriolgual]

Maybe mention an example so a developer or a user can understand its value?

[oriolgual]

And also an example on how to set it at the admin zone (like the screenshot)

[leio10]

What do you think about this? I'm not very good in english developer-human communications, any help would be very appreciated. 😅

[oriolgual]

Nice work!

[oriolgual]

Works for me!

[mrcasals]

@leio10 is this ready for reviews?

[leio10]

@mrcasals it should be ready to merge now.
The root of the conflicts is the changelog file, because I'm trying to fix a typo in the markdown used to refer to the related PR in the last six entries: we are using [\1234] instead of [\#1234]. Everyone is copying the format from last entry in the CHANGELOG, so everyone is making the same mistake 🙈. So, it will be mergeable until the next merge to the master, when conflicts will appear again.

[mrcasals]

@leio10 LOL thanks!! I'm gonna review it and hopefully we can merge this without any other conflicts!

[leio10]

@mrcasals It seems that codecov is stuck with this PR 😢

[mrcasals]

@leio10 shhhhhhhhh 🤐

[mrcasals]

Merged! 🎉

About CodeCov, it's not the first time it gets stuck, and in some other PRs we've skipped the checks and merged the Pr anyway.