Example #1
0
    def __init__(self, template_name=None,
                 schema=None,
                 schema_form=None,
                 create_permission_factory=None):

        self.template_name = template_name
        self.schema = schema
        self.schema_form = schema_form
        try:
            assert create_permission_factory
            self._create_deposit_permission = \
                DynamicPermission(*obj_or_import_string(
                    create_permission_factory))
        except:
            abort(403)
Example #2
0
def files_permission_factory(obj, action=None):
    """Permission for files are always based on the type of bucket.

    1. Community bucket: Read access for everyone
    2. Record bucket: Read access only with open and restricted access.
    3. Deposit bucket: Read/update with restricted access.
    4. Any other bucket is restricted to admins only.
    """
    # Extract bucket id
    bucket_id = None
    if isinstance(obj, Bucket):
        bucket_id = str(obj.id)
    elif isinstance(obj, ObjectVersion):
        bucket_id = str(obj.bucket_id)
    elif isinstance(obj, MultipartObject):
        bucket_id = str(obj.bucket_id)
    elif isinstance(obj, FileObject):
        bucket_id = str(obj.bucket_id)

    # Retrieve record
    if bucket_id is not None:
        # Community bucket
        if str(bucket_id) == current_app.config['COMMUNITIES_BUCKET_UUID']:
            return CommunityBucketPermission(action)

        # Record or deposit bucket
        rb = RecordsBuckets.query.filter_by(bucket_id=bucket_id).one_or_none()
        if rb is not None:
            record = Record.get_record(rb.record_id)
            if is_record(record):
                return RecordFilesPermission.create(record, action)
            elif is_deposit(record):
                return DepositFilesPermission.create(record, action)

    return DynamicPermission(ActionNeed('admin-access'))
Example #3
0
def has_admin_permission(user=None, record=None):
    """Check if user has admin access to record.

    This function has to accept 2 parameters (as all other has_foo_permissions,
    to allow for dynamic dispatch.
    """
    # Allow administrators
    return DynamicPermission(action_admin_access).can()
class NewItemView(View):
    def __init__(self,
                 template_name=None,
                 schema=None,
                 schema_form=None,
                 create_permission_factory=None):

        self.template_name = template_name
        self.schema = schema
        self.schema_form = schema_form
        try:
            assert create_permission_factory
            self._create_deposit_permission = \
                DynamicPermission(*obj_or_import_string(
                    create_permission_factory))
        except:
            abort(403)

    # def render_template(self, context):
    #     return render_template(self.template_name, **context)

    @login_required
    def dispatch_request(self):
        if self._create_deposit_permission.can():
            deposit = {
                "metadata": {
                    '_deposit': {
                        'id': None
                    }
                },
                "meta_info": DEPOSIT_DEFAULT_METAINFO,
                "record": {
                    '_deposit': {
                        'id': None
                    }
                },
                "schema": self.schema,
                "schema_form": self.schema_form,
            }

            self.schema = '/'.join(
                (current_app.config['JSONSCHEMAS_URL_SCHEME'] + ":/",
                 current_app.config['JSONSCHEMAS_HOST'], self.schema))
            deposit["meta_info"]["schema"] = self.schema
            deposit["meta_info"]["schema_form"] = self.schema_form
            return jsonify(deposit)
        else:
            abort(403)
class NewItemView(View):

    def __init__(self, template_name=None,
                 schema=None,
                 schema_form=None,
                 create_permission_factory=None):

        self.template_name = template_name
        self.schema = schema
        self.schema_form = schema_form
        try:
            assert create_permission_factory
            self._create_deposit_permission = \
                DynamicPermission(*obj_or_import_string(
                    create_permission_factory))
        except:
            abort(403)

    # def render_template(self, context):
    #     return render_template(self.template_name, **context)

    @login_required
    def dispatch_request(self):
        if self._create_deposit_permission.can():
            deposit = {
                "metadata": {'_deposit': {'id': None}},
                "meta_info": DEPOSIT_DEFAULT_METAINFO,
                "record": {'_deposit': {'id': None}},
                "schema": self.schema,
                "schema_form": self.schema_form,
            }

            _url_root = request.url_root
            self.schema = _url_root + self.schema
            deposit["meta_info"]["schema"] = self.schema
            deposit["meta_info"]["schema_form"] = self.schema_form
            return jsonify(deposit)
        else:
            abort(403)
Example #6
0
def has_admin_permission(user, record):
    """Check if user has admin access to record."""
    # Allow administrators
    if DynamicPermission(ActionNeed('admin-access')):
        return True
Example #7
0
 def can(self):
     """Check permission."""
     if self.action == 'object-read':
         return True
     else:
         return DynamicPermission(ActionNeed('admin-access')).can()
Example #8
0
def lhcb_permission_factory(*args):
    return DynamicPermission(*lhcb_group_need)
Example #9
0
# it and/or modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation; either version 2 of the
# License, or (at your option) any later version.
#
# CERN Analysis Preservation Framework is distributed in the hope that it will
# be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
# General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with CERN Analysis Preservation Framework; if not, write to the
# Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston,
# MA 02111-1307, USA.
#
# In applying this license, CERN does not
# waive the privileges and immunities granted to it by virtue of its status
# as an Intergovernmental Organization or submit itself to any jurisdiction.
"""CAP LHCb permissions"""

from cap.modules.experiments.permissions.common import get_collaboration_group_needs, get_superuser_needs
from invenio_access import DynamicPermission

lhcb_group_need = set([g for g in get_collaboration_group_needs('LHCb')])
lhcb_group_need |= set([g for g in get_superuser_needs()])

lhcb_permission = DynamicPermission(*lhcb_group_need)


def lhcb_permission_factory(*args):
    return DynamicPermission(*lhcb_group_need)
    static_folder='../static',
)

ctx = ssl.create_default_context()
ctx.check_hostname = False
ctx.verify_mode = ssl.CERT_NONE


@cms_bp.before_request
@login_required
def restrict_bp_to_cms_members():
    g.experiment = 'CMS'


cms_group_need = RoleNeed('collaboration_cms')
cms_permission = DynamicPermission(cms_group_need)


@cms_bp.route('/')
@cms_permission.require(403)
def cms_landing():
    """Basic CMS landing view."""
    collections = Collection.query.filter(Collection.name.in_(
        ['CMS'])).one().drilldown_tree()
    return render_template('cms/landing_page.html',
                           record_types=get_collections_tree(collections))


@cms_bp.route('/records')
@cms_permission.require(403)
def cms_records():
# Copyright (C) 2016 CERN.
#
# CERN Analysis Preservation Framework is free software; you can redistribute
# it and/or modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation; either version 2 of the
# License, or (at your option) any later version.
#
# CERN Analysis Preservation Framework is distributed in the hope that it will
# be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
# General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with CERN Analysis Preservation Framework; if not, write to the
# Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston,
# MA 02111-1307, USA.
#
# In applying this license, CERN does not
# waive the privileges and immunities granted to it by virtue of its status
# as an Intergovernmental Organization or submit itself to any jurisdiction.
"""CAP ATLAS permissions"""

from invenio_access import DynamicPermission
from cap.modules.experiments.permissions.common import get_collaboration_group_needs, get_superuser_needs

atlas_group_need = set(
    [g for g in get_collaboration_group_needs('collaboration_atlas')])
atlas_group_need |= set([g for g in get_superuser_needs()])

atlas_permission = DynamicPermission(*atlas_group_need)
def atlas_permission_factory(*args):
    return DynamicPermission(*atlas_group_need)
Example #13
0
def alice_permission_factory(*args):
    return DynamicPermission(*alice_group_need)
Example #14
0
# it and/or modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation; either version 2 of the
# License, or (at your option) any later version.
#
# CERN Analysis Preservation Framework is distributed in the hope that it will
# be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
# General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with CERN Analysis Preservation Framework; if not, write to the
# Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston,
# MA 02111-1307, USA.
#
# In applying this license, CERN does not
# waive the privileges and immunities granted to it by virtue of its status
# as an Intergovernmental Organization or submit itself to any jurisdiction.
"""CAP ALICE permissions"""

from cap.modules.experiments.permissions.common import get_collaboration_group_needs, get_superuser_needs
from invenio_access import DynamicPermission

alice_group_need = set([g for g in get_collaboration_group_needs('ALICE')])
alice_group_need |= set([g for g in get_superuser_needs()])

alice_permission = DynamicPermission(*alice_group_need)


def alice_permission_factory(*args):
    return DynamicPermission(*alice_group_need)