def loan_extend_circulation_permission(loan):
"""Return permission to allow only owner and librarians to extend loan."""
if not has_request_context():
# not in a request context, probably from CLI
return allow_all()
if current_user.is_anonymous:
abort(401)
if current_user.id == int(loan["patron_pid"]):
Document = current_app_ils.document_record_cls
document_rec = Document.get_record_by_pid(loan["document_pid"])
document = document_rec.replace_refs()
is_overbooked = document.get("circulation", {}).get("overbooked")
if is_overbooked is None:
# NOTE: this should never happen, if it happens it means that the
# document does not have `circulation.overbooked` field. Fix it!
abort(500)
elif is_overbooked:
raise InvalidLoanExtendError(
"The extension cannot be automatically accepted due to high "
"demand for this literature. Please contact the library to "
"request a loan extension."
)
return PatronOwnerPermission(loan)
def file_download_permission(obj):
"""File download permissions."""
bucket_id = str(obj.bucket_id)
search_cls = current_app_ils.eitem_search_cls
results = search_cls().search_by_bucket_id(bucket_id)
if len(results) != 1:
return deny_all()
eitem_cls = current_app_ils.eitem_record_cls
record = eitem_cls.get_record_by_pid(results[0].pid)
if record.get("open_access", False):
return allow_all()
return authenticated_user_permission()
def test_views_permissions_factory(transition):
"""Test permissions factory."""
return allow_all()
def patron_owner_permission(record):
"""Return permission to allow owner and librarian to access the record."""
if not has_request_context():
# allows performing the actions out of the request context f.e. CLI
return allow_all()
return PatronOwnerPermission(record)
#
# REST
#
OAREPO_ENROLLMENT_USER_RESTFUL_SERIALIZATION_CLASS = 'oarepo_enrollments.views.api.UserField'
#
# Permissions
#
def allow_all(*args, **kwargs):
return type('Allow', (), {'can': lambda self: True})()
# Factory (or import string) returning Permission (or an object with ``can`` method) that limits access to listing
OAREPO_ENROLLMENT_LIST_PERMISSION_FACTORY = lambda **kwargs: allow_all()
# A function (or import string) that takes ``Enrollment.query`` as argument and returns filtered
# query set. The function might, for example, limit the enrollments only to those created
# by the ``current_user``.
OAREPO_ENROLLMENT_LIST_PERMISSION_FILTER = lambda queryset: queryset
# Factory (or import string) that takes ``enrollment: Enrollment`` instance and returns Permission.
OAREPO_ENROLLMENT_RETRIEVE_PERMISSION_FACTORY = lambda enrollment=None, **kwargs: allow_all(
)
# Factory (or import string) that returns Permission representing if user can create an enrollment.
# The factory gets enrollment data passed in request as ``enrollment`` named parameter.
OAREPO_ENROLLMENT_ENROLL_PERMISSION_FACTORY = lambda enrollment=None, **kwargs: allow_all(
)
def views_permissions_factory(action):
"""Circulation views permissions factory."""
if action == 'loan-read-access':
return allow_all()
elif action == 'loan-actions':
return allow_all()
"""
from flask import current_app
from invenio_jsonschemas import current_jsonschemas
from werkzeug.routing import Rule
url_map.add(
Rule("{0}/<path:path>".format(
current_app.config['JSONSCHEMAS_ENDPOINT']),
endpoint=current_jsonschemas.get_schema,
host=current_app.config['SERVER_NAME']))
# global config
FLASK_TAXONOMIES_URL_PREFIX = '/2.0/taxonomies/'
FLASK_TAXONOMIES_PERMISSION_FACTORIES = {
'taxonomy_list': [allow_all()],
'taxonomy_read': [allow_all()],
'taxonomy_create': [deny_all()],
'taxonomy_update': [deny_all()],
'taxonomy_delete': [deny_all()],
'taxonomy_term_read': [allow_all()],
'taxonomy_term_create': [deny_all()],
'taxonomy_term_update': [deny_all()],
'taxonomy_term_delete': [deny_all()],
'taxonomy_term_move': [deny_all()]
}
PREFERRED_URL_SCHEME = 'https'
RATELIMIT_ENABLED = True
RATELIMIT_PER_ENDPOINT = {
'oarepo_records_draft.draft-datasets_presigned_part':
