def test_access(self): # anonymous - always denied anon = AnonymousUser() self.assertFalse(auth.archive_access(anon, 'marbl')) # superuser - always allowed testadmin = authenticate(username='******', password='******') self.assertTrue(auth.archive_access(testadmin, 'marbl')) # no associated archives peon = authenticate(username='******', password='******') self.assertFalse(auth.archive_access(peon, 'marbl')) # associated with an archive marbl = authenticate(username='******', password='******') self.assertTrue(auth.archive_access(marbl, 'marbl')) self.assertFalse(auth.archive_access(marbl, 'eua')) # archive id from request req = HttpRequest() req.GET = {'archive': 'marbl'} self.assertTrue(auth.archive_access(marbl, request=req)) # should raise an exception when archive is not specified as # param or request param self.assertRaises(Exception, auth.archive_access, marbl)
def publish(request): """ Admin publication form. Allows publishing an EAD file by updating or adding it to the configured eXist database so it will be immediately visible on the public site. Files can only be published if they pass an EAD sanity check, implemented in :meth:`~findingaids.fa_admin.utils.check_ead`. On POST, sanity-check the EAD file specified in request from the configured and (if it passes all checks), publish it to make it immediately visible on the site. If publish is successful, redirects the user to main admin page with a success message that links to the published document on the site. If the sanity-check fails, displays a page with any problems found. """ # formerly supported publish from filename, but now only supports # publish from preview if 'preview_id' not in request.POST: messages.error(request, "No preview document specified for publication") return HttpResponseSeeOtherRedirect(reverse('fa-admin:index')) id = request.POST['preview_id'] # retrieve info about the document from preview collection try: # because of the way existdb.query.queryset constructs returns with 'also' fields, # it is simpler and better to retrieve document name separately ead = get_findingaid(id, preview=True) ead_docname = get_findingaid(id, preview=True, only=['document_name']) filename = ead_docname.document_name except (ExistDBException, Http404): # not found in exist OR permission denied messages.error(request, '''Publish failed. Could not retrieve <b>%s</b> from preview collection. Please reload and try again.''' % id) # if ead could not be retrieved from preview mode, skip processing return HttpResponseSeeOtherRedirect(reverse('fa-admin:index')) # determine archive this ead is associated with archive = None if not ead.repository: messages.error(request, '''Publish failed. Could not determine which archive <b>%s</b> belongs to. Please update subarea, reload, and try again.''' % id) else: archive_name = ead.repository[0] # NOTE: EAD supports multiple subarea tags, but in practice we only # use one, so it should be safe to assume the first should be used for permissions try: archive = Archive.objects.get(name=archive_name) except ObjectDoesNotExist: messages.error(request, '''Publish failed. Could not find archive <b>%s</b>.''' % archive_name) # bail out if archive could not be identified if archive is None: return HttpResponseSeeOtherRedirect(reverse('fa-admin:index')) # check that user is allowed to publish this document if not archive_access(request.user, archive.slug): messages.error(request, '''You do not have permission to publish <b>%s</b> materials.''' \ % archive.label) return HttpResponseSeeOtherRedirect(reverse('fa-admin:index')) errors = [] try: # NOTE: *not* using serialized xml here, because it may introduce # whitespace errors not present in the original file. ok, response, dbpath, fullpath = _prepublication_check(request, filename, archive) if ok is not True: # publication check failed - do not publish return response # only load to exist if there are no errors found db = ExistDB() # get information to determine if an existing file is being replaced replaced = db.describeDocument(dbpath) try: # move the document from preview collection to configured public collection success = db.moveDocument(settings.EXISTDB_PREVIEW_COLLECTION, settings.EXISTDB_ROOT_COLLECTION, filename) # FindingAid instance ead already set above except ExistDBException, e: # special-case error message errors.append("Failed to move document %s from preview collection to main collection." \ % filename) # re-raise and let outer exception handling take care of it raise e except ExistDBException as err: errors.append(err.message()) success = False if success: # request the cache to reload the PDF - queue asynchronous task result = reload_cached_pdf.delay(ead.eadid.value) task = TaskResult(label='PDF reload', object_id=ead.eadid.value, url=reverse('fa:findingaid', kwargs={'id': ead.eadid.value}), task_id=result.task_id) task.save() ead_url = reverse('fa:findingaid', kwargs={'id': ead.eadid.value}) change = "updated" if replaced else "added" messages.success(request, 'Successfully %s <b>%s</b>. View <a href="%s">%s</a>.' % (change, filename, ead_url, unicode(ead.unittitle))) # redirect to main admin page and display messages return HttpResponseSeeOtherRedirect(reverse('fa-admin:index')) else: return render(request, 'fa_admin/publish-errors.html', {'errors': errors, 'filename': filename, 'mode': 'publish', 'exception': err})
def publish(request): """ Admin publication form. Allows publishing an EAD file by updating or adding it to the configured eXist database so it will be immediately visible on the public site. Files can only be published if they pass an EAD sanity check, implemented in :meth:`~findingaids.fa_admin.utils.check_ead`. On POST, sanity-check the EAD file specified in request from the configured and (if it passes all checks), publish it to make it immediately visible on the site. If publish is successful, redirects the user to main admin page with a success message that links to the published document on the site. If the sanity-check fails, displays a page with any problems found. """ # formerly supported publish from filename, but now only supports # publish from preview if 'preview_id' not in request.POST: messages.error(request, "No preview document specified for publication") return HttpResponseSeeOtherRedirect(reverse('fa-admin:index')) id = request.POST['preview_id'] # retrieve info about the document from preview collection try: # because of the way eulcore.existdb.queryset constructs returns with 'also' fields, # it is simpler and better to retrieve document name separately ead = get_findingaid(id, preview=True) ead_docname = get_findingaid(id, preview=True, only=['document_name']) filename = ead_docname.document_name except Http404: # not found in exist messages.error(request, '''Publish failed. Could not retrieve <b>%s</b> from preview collection. Please reload and try again.''' % id) # if ead could not be retrieved from preview mode, skip processing return HttpResponseSeeOtherRedirect(reverse('fa-admin:index')) # determine archive this ead is associated with xml = ead.serialize() archive = None if not ead.repository: messages.error(request, '''Publish failed. Could not determine which archive <b>%s</b> belongs to. Please update subarea, reload, and try again.''' % id) else: archive_name = ead.repository[0] # NOTE: EAD supports multiple subarea tags, but in practice we only # use one, so it should be safe to assume the first should be used for permissions try: archive = Archive.objects.get(name=archive_name) except ObjectDoesNotExist: messages.error(request, '''Publish failed. Could not find archive <b>%s</b>.''' % archive_name) # bail out if archive could not be identified if archive is None: return HttpResponseSeeOtherRedirect(reverse('fa-admin:index')) # check that user is allowed to publish this document if not archive_access(request.user, archive.slug): messages.error(request, '''You do not have permission to publish <b>%s</b> materials.''' \ % archive.label) return HttpResponseSeeOtherRedirect(reverse('fa-admin:index')) errors = [] try: ok, response, dbpath, fullpath = _prepublication_check(request, filename, archive, xml=xml) if ok is not True: # publication check failed - do not publish return response # only load to exist if there are no errors found db = ExistDB() # get information to determine if an existing file is being replaced replaced = db.describeDocument(dbpath) try: # move the document from preview collection to configured public collection success = db.moveDocument(settings.EXISTDB_PREVIEW_COLLECTION, settings.EXISTDB_ROOT_COLLECTION, filename) # FindingAid instance ead already set above except ExistDBException, e: # special-case error message errors.append("Failed to move document %s from preview collection to main collection." \ % filename) # re-raise and let outer exception handling take care of it raise e except ExistDBException, e: errors.append(e.message()) success = False