def tag_edit(id_tag):
"""List of documents attached to this tag."""
id_user = current_user.get_id()
tag = WtgTAG.query.get(id_tag)
if not tag:
flash(_("Invalid tag id"), "error")
return redirect(url_for(".display_cloud"))
if tag.id_user != id_user:
flash(_("You are not authorized to view this tag"), "error")
return redirect(url_for(".display_cloud"))
form = EditTagForm(request.values, csrf_enabled=False, obj=tag)
if form.validate_on_submit():
form.populate_obj(tag)
name_count = db.session.query(WtgTAG).filter_by(id_user=id_user, name=tag.name).count()
if name_count == 1:
db.session.add(tag)
db.session.commit()
flash(_("Tag Successfully edited."), "success")
else:
flash(_("Tag name") + " <strong>" + tag.name + "</strong> " + _("is already in use."), "error")
return dict(tag=tag, form=form)
def resetpassword(reset_key):
"""Reset password form (loaded after asked new password)."""
email = None
try:
email = EmailConfirmationSerializer().load_token(
reset_key
)['data']['email']
except KeyError:
flash(
_('This request for resetting a password has already been used.'),
'error'
)
except (BadData, SignatureExpired):
flash(_('This request for resetting a password is not valid or is '
'expired.'), 'error')
if email is None or cfg['CFG_ACCESS_CONTROL_LEVEL_ACCOUNTS'] >= 3:
return redirect(url_for('webaccount.index'))
form = ResetPasswordForm(request.values)
if form.validate_on_submit():
password = request.values['password']
# change password
user = User.query.filter_by(email=email).one()
user.password = password
db.session.merge(user)
db.session.commit()
flash(_("The password was correctly reset."), 'success')
return redirect(url_for('webaccount.index'))
return render_template('accounts/resetpassword.html', form=form)
def validate_tag_name(dummy_form, field):
"""Check validity of tag name."""
max_len = cfg['CFG_TAGS_NAME_MAX_LENGTH']
max_char = cfg['CFG_TAGS_MAX_CHARACTER']
if field.data:
suggested_silent = wash_tag_silent(field.data)
suggested = wash_tag_blocking(suggested_silent)
field.data = suggested_silent
if suggested != suggested_silent:
raise validators.ValidationError(
_('Forbidden characters. Try ') + suggested + '.')
if len(suggested) <= 0:
raise validators.ValidationError(
_('The name must contain valid characters.'))
if len(suggested_silent) > max_len:
raise validators.ValidationError(
_('The name cannot exeed %(x_max_len)d characters.',
x_max_len=max_len))
if max(ord(letter) for letter in suggested_silent) > max_char:
raise validators.ValidationError(_('Forbidden character.'))
def send_reset_password_email(email):
"""Reset password by sending a email with the unique link."""
expires_in = cfg.get('CFG_WEBSESSION_ADDRESS_ACTIVATION_EXPIRE_IN_DAYS')
reset_key = EmailConfirmationSerializer(
expires_in=timedelta(days=expires_in).total_seconds()
).create_token(email, {'email': email})
if not reset_key:
raise AccountSecurityError(
_('Something goes wrong when the cookie has been generated')
)
email_text = render_template(
'accounts/email_reset_password.html',
reset_key=reset_key, email=email
)
return send_email(
fromaddr=cfg['CFG_SITE_SUPPORT_EMAIL'],
subject=_("Password reset request for %(website)s",
website=cfg['CFG_SITE_URL']),
toaddr=email,
content=email_text
)
def manage(group_id):
"""Manage your group."""
group = Group.query.get_or_404(group_id)
form = GroupForm(request.form, obj=group)
if form.validate_on_submit():
if group.can_edit(current_user):
try:
group.update(**form.data)
flash(_('Group "%(name)s" was updated', name=group.name),
'success')
except Exception as e:
flash(str(e), 'error')
return render_template(
"groups/new.html",
form=form,
group=group,
)
else:
flash(
_(
'You cannot edit group %(group_name)s',
group_name=group.name
),
'error'
)
return render_template(
"groups/new.html",
form=form,
group=group,
)
def inner(*args, **kwargs):
try:
return f(*args, **kwargs)
except InvalidDepositionType:
if request.is_xhr:
abort(400)
flash(_("Invalid deposition type."), "danger")
return redirect(url_for(endpoint))
except (DepositionDoesNotExists,):
flash(_("Deposition does not exists."), "danger")
return redirect(url_for(endpoint))
except (DepositionNotDeletable,):
flash(_("Deposition cannot be deleted."), "danger")
return redirect(url_for(endpoint))
except (InvalidDepositionAction,):
flash(_("Invalid action."), "warning")
return redirect(url_for(endpoint))
except (DraftDoesNotExists,):
abort(400)
except (FormDoesNotExists,):
abort(400)
except (UploadError,):
abort(400)
except (ForbiddenAction,):
flash(_("Not allowed."), "danger")
return redirect(url_for(endpoint))
except (UploadError,):
abort(400)
def new_member(group_id):
"""Add (invite) new member."""
group = Group.query.get_or_404(group_id)
if group.can_invite_others(current_user):
form = NewMemberForm()
if form.validate_on_submit():
emails = filter(None, form.data['emails'].splitlines())
group.invite_by_emails(emails)
flash(_('Requests sent!'), 'success')
return redirect(url_for('.members', group_id=group.id))
return render_template(
"groups/new_member.html",
group=group,
form=form
)
flash(
_(
'You cannot invite user or yourself (i.e. join) to the group '
'%(group_name)s',
group_name=group.name
),
'error'
)
return redirect(url_for('.index'))
def access():
"""Access."""
try:
email = EmailConfirmationSerializer().load_token(
request.values['mailcookie']
)['data']['email']
u = User.query.filter(User.email == email).one()
u.note = 1
try:
db.session.commit()
except SQLAlchemyError:
db.session.rollback()
flash(_('Authorization failled.'), 'error')
redirect('/')
if current_user.is_authenticated:
current_user.reload()
flash(_('Your email address has been validated'), 'success')
else:
UserInfo(u.id).reload()
flash(
_('Your email address has been validated, and you can '
'now proceed to sign-in.'),
'success'
)
except Exception:
current_app.logger.exception("Authorization failed.")
flash(_('The authorization token is invalid.'), 'error')
return redirect('/')
def check_for_software_updates(flash_message=False):
"""Check for a new release of Invenio.
:return: True if you have latest version, else False if you need to upgrade
or None if server was not reachable.
"""
from invenio_base.globals import cfg
from invenio_base.i18n import _
try:
find = re.compile('Invenio v[0-9]+.[0-9]+.[0-9]+(\-rc[0-9])?'
' is released')
release_notes = 'https://raw.githubusercontent.com/' \
'inveniosoftware/invenio/master/RELEASE-NOTES'
webFile = urllib.request.urlopen(release_notes)
temp = ""
version = ""
version1 = ""
while True:
temp = webFile.readline()
match1 = find.match(temp)
try:
version = match1.group()
break
except Exception:
pass
if not temp:
break
webFile.close()
submatch = re.compile('[0-9]+.[0-9]+.[0-9]+(\-rc[0-9])?')
version1 = submatch.search(version)
web_version = version1.group().split(".")
local_version = cfg['CFG_VERSION'].split(".")
if (web_version[0] > local_version[0] or
web_version[0] == local_version[0] and
web_version[1] > local_version[1] or
web_version[0] == local_version[0] and
web_version[1] == local_version[1] and
web_version[2] > local_version[2]):
if flash_message:
flash(_('A newer version of Invenio is available for '
'download. You may want to visit '
'<a href="%(wiki)s">%()s</a>',
wiki='<a href=\"http://inveniosoftware.org/wiki/'
'/Installation/Download'), 'warning(html_safe)')
return False
except Exception as e:
print(e)
if flash_message:
flash(_('Cannot download or parse release notes '
'from %(release_notes)s', release_notes=release_notes),
'error')
return None
return True
def login(nickname=None, password=None, login_method=None,
remember=False, referer=None):
"""Login."""
if cfg.get('CFG_ACCESS_CONTROL_LEVEL_SITE') > 0:
return abort(401) # page is not authorized
if 'action' in request.values:
warnings.warn('Action argument "{}" is not used anymore.'.format(
request.values['action']), DeprecationWarning)
form = LoginForm(CombinedMultiDict(
[ImmutableMultiDict({'referer': referer, 'login_method': 'Local'}
if referer else {'login_method': 'Local'}),
request.values]), csrf_enabled=False)
if request.method == "POST":
try:
if login_method == 'Local' and form.validate_on_submit() and \
authenticate(nickname, password, login_method=login_method,
remember=remember):
flash(
_("You are logged in as %(nick)s.", nick=nickname),
"success"
)
return login_redirect(referer)
else:
flash(_("Invalid credentials."), "error")
except Exception as e:
current_app.logger.error(
'Exception during login process: %s', str(e)
)
flash(_("Problem with login."), "error")
return render_template('accounts/login.html', form=form), 401
def approve(group_id, user_id):
"""Approve a user."""
membership = Membership.query.get_or_404((user_id, group_id))
group = membership.group
if group.can_edit(current_user):
try:
membership.accept()
except Exception as e:
flash(str(e), 'error')
return redirect(url_for('.requests', group_id=membership.group.id))
flash(_('%(user)s accepted to %(name)s group.',
user=membership.user.email,
name=membership.group.name), 'success')
return redirect(url_for('.requests', group_id=membership.group.id))
flash(
_(
'You cannot approve memberships for the group %(group_name)s',
group_name=group.name
),
'error'
)
return redirect(url_for('.index'))
def leave(group_id):
"""Leave group."""
group = Group.query.get_or_404(group_id)
if group.can_leave(current_user):
try:
group.remove_member(current_user)
except Exception as e:
flash(str(e), "error")
return redirect(url_for('.index'))
flash(
_(
'You have successfully left %(group_name)s group.',
group_name=group.name
),
'success'
)
return redirect(url_for('.index'))
flash(
_(
'You cannot leave the group %(group_name)s',
group_name=group.name
),
'error'
)
return redirect(url_for('.index'))
def formatoptions(self):
"""Return list of format options."""
if len(self._formatoptions):
return [dict(f) for f in self._formatoptions]
else:
return [{'code': u'hb',
'name': _("HTML %(format)s", format=_("brief")),
'content_type': u'text/html'}]
def notes(recid):
"""Note page."""
"""View for the record notes extracted from comments"""
if not cfg["ANNOTATIONS_NOTES_ENABLED"]:
return redirect(url_for("comments.comments", recid=recid))
from invenio_access.local_config import VIEWRESTRCOLL
from invenio_access.mailcookie import mail_cookie_create_authorize_action
from invenio_comments.api import check_user_can_view_comments
auth_code, auth_msg = check_user_can_view_comments(current_user, recid)
if auth_code and current_user.is_guest:
cookie = mail_cookie_create_authorize_action(VIEWRESTRCOLL, {"collection": g.collection})
url_args = {"action": cookie, "ln": g.ln, "referer": request.referrer}
flash(_("Authorization failure"), "error")
return redirect(url_for("webaccount.login", **url_args))
elif auth_code:
flash(auth_msg, "error")
abort(401)
page = request.args.get("page", type=int)
if cfg["ANNOTATIONS_PREVIEW_ENABLED"] and not request.is_xhr:
# the notes will be requested again via AJAX
notes = []
elif page is None or page == -1:
notes = prepare_notes(get_annotations({"where.record": recid}))
else:
import re
rgx = re.compile("^P\.([0-9]*?\,)*?" + str(page) + "(,|$|[_]\.*)")
notes = prepare_notes(get_annotations({"where.marker": rgx, "where.record": recid}))
if request.is_xhr:
template = "annotations/notes_fragment.html"
else:
template = "annotations/notes.html"
flash(
_(
'This is a summary of all the comments that includes only the \
existing annotations. The full discussion is available \
<a href="'
+ url_for("comments.comments", recid=recid)
+ '">here</a>.'
),
"info",
)
return render_template(
template,
notes=notes,
option="notes",
get_note_title=get_note_title,
note_is_collapsed=note_is_collapsed,
get_original_comment=get_original_comment,
wash_html_id=wash_html_id,
)
def validate_tag_exists(dummy_form, field):
"""Check if id_tag matches a tag in database."""
if field.data:
try:
field.data = int(field.data)
except ValueError:
raise validators.ValidationError(_("Tag ID must be an integer."))
if not db.session.query(WtgTAG).get(field.data):
raise validators.ValidationError(_("Tag does not exist."))
def subscribe(recid):
uid = current_user.get_id()
subscription = CmtSUBSCRIPTION(id_bibrec=recid, id_user=uid,
creation_time=datetime.now())
try:
db.session.add(subscription)
db.session.commit()
flash(_('You have been successfully subscribed'), 'success')
except:
flash(_('You are already subscribed'), 'error')
return redirect(url_for('.comments', recid=recid))
def current_user_password_validator(form, field):
"""Validate password field if is the password of the user."""
id_user = current_user.get_id()
if not id_user:
raise validators.ValidationError(
_("Nobody is currently logged-in."))
user = User.query.filter_by(id=id_user).one()
if not user.verify_password(field.data):
raise validators.ValidationError(
_('The password inserted is not valid.')
)
def report(recid, id):
if CommentRights(id).can_perform_action():
CmtRECORDCOMMENT.query.filter(CmtRECORDCOMMENT.id == id).update(dict(
nb_abuse_reports=CmtRECORDCOMMENT.nb_abuse_reports + 1),
synchronize_session='fetch')
log_comment_action(cfg['CFG_WEBCOMMENT_ACTION_CODE']['REPORT_ABUSE'],
id, recid)
flash(_('Comment has been reported.'), 'success')
else:
flash(_('Comment has been already reported.'), 'error')
return redirect(url_for('comments.comments', recid=recid))
def delete_all(confirmed=0):
"""
Delete every message belonging a logged user.
@param confirmed: 0 will produce a confirmation message.
"""
uid = current_user.get_id()
if confirmed != 1:
return render_template('messages/confirm_delete.html')
if dbquery.delete_all_messages(uid):
flash(_("Your mailbox has been emptied."), "info")
else:
flash(_("Could not empty your mailbox."), "warning")
return redirect(url_for('.index'))
def vote(recid, id, value):
if CommentRights(id).can_perform_action():
value = 1 if int(value) > 0 else 0
CmtRECORDCOMMENT.query.filter(CmtRECORDCOMMENT.id == id).update(dict(
nb_votes_total=CmtRECORDCOMMENT.nb_votes_total + 1,
nb_votes_yes=CmtRECORDCOMMENT.nb_votes_yes + value),
synchronize_session='fetch')
log_comment_action(cfg['CFG_WEBCOMMENT_ACTION_CODE']['VOTE'], id,
recid)
flash(_('Thank you for your vote.'), 'success')
else:
flash(_('You can not vote for this comment.'), 'error')
return redirect(url_for('comments.comments', recid=recid))
def lost():
"""Lost."""
form = LostPasswordForm(request.values)
if form.validate_on_submit():
email = request.values["email"]
try:
if send_reset_password_email(email=email):
flash(_("A password reset link has been sent to %(whom)s", whom=email), "success")
else:
flash(_("Error happen when the email was send. " "Please contact the administrator."), "error")
except AccountSecurityError as e:
flash(e, "error")
return render_template("accounts/lost.html", form=form)
def create_year_selectbox(name, from_year=-1, length=10, selected_year=0,
ln=None):
"""Creates an HTML menu (dropdownbox) for year selection.
@param name: name of control( i.e. name of the variable you'll get)
@param from_year: year on which to begin. if <0 assume it is current year
@param length: number of items in menu
@param selected_year: initial selected year (if in range), else: label is
selected
@param ln: language
@return: html as string
"""
ln = default_ln(ln)
_ = gettext_set_language(ln)
if from_year < 0:
from_year = time.localtime()[0]
out = "<select name=\"%s\">\n" % name
out += ' <option value="0"'
if selected_year == 0:
out += ' selected="selected"'
out += ">%s</option>\n" % _("Year")
for i in range(from_year, from_year + length):
out += "<option value=\"%i\"" % i
if (i == selected_year):
out += " selected=\"selected\""
out += ">%i</option>\n" % i
out += "</select>\n"
return out
def edit_form(self, obj=None):
"""Edit form."""
kbtype = request.args['kbtype'] if 'kbtype' in request.args else 'w'
if kbtype == KnwKB.KNWKB_TYPES['written_as']:
self.form = WrittenAsKnowledgeForm
elif kbtype == KnwKB.KNWKB_TYPES['dynamic']:
self.form = DynamicKnowledgeForm
else:
self.form = TaxonomyKnowledgeForm
form = self.form(obj=obj)
if not form.is_submitted():
# load extra data: obj => form
if kbtype == KnwKB.KNWKB_TYPES['dynamic']:
if obj.kbdefs:
form.id_collection.data = obj.kbdefs.id_collection
form.output_tag.data = obj.kbdefs.output_tag
form.search_expression.data = obj.kbdefs.search_expression
if kbtype == KnwKB.KNWKB_TYPES['taxonomy']:
file_name = obj.get_filename()
if os.path.isfile(file_name):
form.tfile.label.text = form.tfile.label.text + " *"
# TODO add the possibility to download the file
form.tfile.description = _("Already uploaded %(name)s",
name=obj.get_filename())
form.kbtype.data = kbtype
return form
def restart_record_prev(objectid):
"""Restart the last task for current object."""
continue_oid_delayed(oid=objectid, start_point="restart_task")
return jsonify(dict(
category="success",
message=_("Object restarted task successfully.")
))
def delete_from_db(objectid):
"""Delete the object from the db."""
BibWorkflowObject.delete(objectid)
return jsonify(dict(
category="success",
message=_("Object deleted successfully.")
))
def index(p, so, page):
"""Index page with uploader and list of existing depositions."""
ctx = mycommunities_ctx()
if not so:
so = cfg.get('COMMUNITIES_DEFAULT_SORTING_OPTION')
communities = Community.filter_communities(p, so)
featured_community = FeaturedCommunity.get_current()
form = SearchForm(p=p)
per_page = cfg.get('COMMUNITIES_DISPLAYED_PER_PAGE', 10)
page = max(page, 1)
p = Pagination(page, per_page, communities.count())
ctx.update({
'r_from': max(p.per_page * (p.page - 1), 0),
'r_to': min(p.per_page * p.page, p.total_count),
'r_total': p.total_count,
'pagination': p,
'form': form,
'title': _('Community Collections'),
'communities': communities.slice(
per_page * (page - 1), per_page * page).all(),
'featured_community': featured_community,
'format_record': format_record,
})
return render_template(
"communities/index.html",
**ctx
)
def delete():
"""Delete a tag."""
response = {}
response["action"] = "delete"
id_tags = request.values.getlist("id_tag", type=int)
# Validate
for id_tag in id_tags:
try:
field = Field("data", id_tag)
validate_tag_exists(None, field)
validate_user_owns_tag(None, field)
except validators.ValidationError as ex:
flash(ex.message, "error")
for id_tag in id_tags:
tag = WtgTAG.query.get(id_tag)
db.session.delete(tag)
db.session.commit()
# WtgTAG.query\
# .filter(WtgTAG.id.in_(id_tags))\
# .delete(synchronize_session=False)
flash(_("Successfully deleted tags."), "success")
return redirect(url_for(".display_list"))
def __iter__(self):
"""Get all the output formats."""
from invenio_formatter import registry
yield ('', _('Default'))
for code, format_ in iteritems(registry.output_formats):
yield (code, format_['name'])
def continue_record(objectid):
"""Continue workflow for current object."""
continue_oid_delayed(oid=objectid, start_point='continue_next')
return jsonify(dict(
category="success",
message=_("Object continued with next task successfully.")
))
def create(deposition_type=None):
"""Create a new deposition."""
if request.is_xhr and request.method != "POST":
return ("", 405)
deposition_type = DepositionType.get_default() if deposition_type is None else deposition_type
if deposition_type is None:
flash(_("Invalid deposition type."), "error")
return ("", 400) if request.is_xhr else redirect(url_for(".index"))
deposition = Deposition.create(current_user, type=deposition_type)
deposition.save()
return (
(str(deposition.id), 200)
if request.is_xhr
else redirect(
url_for(
".run",
deposition_type=(None if deposition.type.is_default() else deposition.type.get_identifier()),
uuid=deposition.id,
)
)
)
def collection_breadcrumbs(collection, endpoint=None):
"""TODO."""
b = []
if endpoint is None:
endpoint = request.endpoint
if collection.id > 1:
qargs = request.values.to_dict()
k = 'cc' if 'cc' in qargs else 'c'
del qargs[k]
b = [(_('Home'), endpoint, qargs)] + collection.breadcrumbs(
builder=crumb_builder(endpoint), ln=g.ln)[1:]
return b
class EasySearchForm(InvenioBaseForm):
"""Defines form for easy seach popup."""
author = AutocompleteField(_('Author'),
data_provide="typeahead-url",
data_source=lambda: url_for(
'search.autocomplete', field='exactauthor'))
title = StringField(_('Title'))
rn = AutocompleteField(_('Report number'),
data_provide="typeahead-url",
data_source=lambda: url_for('search.autocomplete',
field='reportnumber'))
aff = AutocompleteField(_('Affiliation'),
data_provide="typeahead-url",
data_source=lambda: url_for('search.autocomplete',
field='affiliation'))
cn = AutocompleteField(_('Collaboration'),
data_provide="typeahead-url",
data_source=lambda: url_for('search.autocomplete',
field='collaboration'))
k = AutocompleteField(
_('Keywords'),
data_provide="typeahead-url",
data_source=lambda: url_for('search.autocomplete', field='keyword'))
journal = FormField(JournalForm,
widget=RowWidget(classes={
0: 'col-xs-6',
1: 'col-xs-3',
2: 'col-xs-3'
}))
def tag_details(id_tag):
"""List of documents attached to this tag."""
if not id_tag:
flash(_('Invalid tag id'), "error")
return redirect(url_for('.display_cloud'))
tag = WtgTAG.query.get(id_tag)
if not tag:
flash(_('Invalid tag id'), "error")
return redirect(url_for('.display_cloud'))
if tag.id_user != current_user.get_id():
flash(_('You are not authorized to view this tag'), "error")
return redirect(url_for('.display_cloud'))
if not tag.records:
flash(_('There are no documents tagged with ') + tag.name)
return redirect(url_for('.display_cloud'))
return response_formated_records([bibrec.id for bibrec in tag.records],
Collection.query.get(1), 'hb')
def validate_bibrec_exists(dummy_form, field):
"""Check if id_bibrec matches a bibrec in database."""
if field.data:
try:
field.data = int(field.data)
except ValueError:
raise validators.ValidationError(
_('Record ID must be an integer.'))
record = db.session.query(Record).get(field.data)
if (not record):
raise validators.ValidationError(_('Record does not exist.'))
# Switch to merged record if present
merged_id = record.merged_recid_final
if merged_id != record.id:
record = db.session.query(Record).get(merged_id)
field.data = merged_id
if record.deleted:
raise validators.ValidationError(_('Record has been deleted.'))
class CreateTagForm(InvenioBaseForm):
"""Defines form for creating a new tag."""
name = StringField(_('Name'), [
validators.DataRequired(), validate_tag_name, validate_name_available
])
# Ajax requests only:
# Send a record ID if the tag should be attached to the record
# right after creation
id_bibrec = HiddenField(
'Tagged record',
[validate_bibrec_exists, validate_user_can_see_bibrec])
def __iter__(self):
"""Iter function."""
id_user = current_user.get_id()
options = [('0', _('Private'))]
options += db.session.query(Group.id, Group.name)\
.join(Membership)\
.filter(Membership.id_user == id_user)\
.all()
for (gid, name) in options:
yield (str(gid), name)
def add_comment(recid):
uid = current_user.get_id()
in_reply = request.args.get('in_reply', type=int)
if in_reply is not None:
comment = CmtRECORDCOMMENT.query.get(in_reply)
if comment.id_bibrec != recid or comment.is_deleted:
abort(401)
if comment is not None:
c = CmtRECORDCOMMENT()
c.title = _('Re: ') + comment.title
c.body = email_quote_txt(comment.body or '')
c.in_reply_to_id_cmtRECORDCOMMENT = in_reply
form = AddCmtRECORDCOMMENTForm(request.form, obj=c)
return render_template('comments/add.html', form=form)
form = AddCmtRECORDCOMMENTForm(request.values)
if form.validate_on_submit():
c = CmtRECORDCOMMENT()
form.populate_obj(c)
c.id_bibrec = recid
c.id_user = uid
c.date_creation = datetime.now()
c.star_score = 0
try:
db.session.add(c)
db.session.commit()
flash(_('Comment was sent'), "info")
from urlparse import urlparse
if 'notes' in urlparse(request.referrer).path:
return redirect(url_for('comments.notes', recid=recid) +
'#' + form.pdf_page.data)
return redirect(url_for('comments.comments', recid=recid))
except:
db.session.rollback()
return render_template('comments/add.html', form=form)
def login(nickname=None,
password=None,
login_method=None,
remember=False,
referer=None):
"""Login."""
if cfg.get('CFG_ACCESS_CONTROL_LEVEL_SITE') > 0:
return abort(401) # page is not authorized
if 'action' in request.values:
warnings.warn(
'Action argument "{}" is not used anymore.'.format(
request.values['action']), DeprecationWarning)
form = LoginForm(CombinedMultiDict([
ImmutableMultiDict({
'referer': referer,
'login_method': 'Local'
} if referer else {'login_method': 'Local'}), request.values
]),
csrf_enabled=False)
if request.method == "POST":
try:
if login_method == 'Local' and form.validate_on_submit() and \
authenticate(nickname, password, login_method=login_method,
remember=remember):
flash(_("You are logged in as %(nick)s.", nick=nickname),
"success")
return login_redirect(referer)
else:
flash(_("Invalid credentials."), "error")
except Exception as e:
current_app.logger.error('Exception during login process: %s',
str(e))
flash(_("Problem with login."), "error")
return render_template('accounts/login.html', form=form), 401
class KnwKBRVALForm(Form):
"""KnwKBRVAL Form."""
m_key = StringField(label="Map From")
m_value = StringField(label="To")
id_knwKB = SelectField(
label=_('Knowledge'),
choices=LocalProxy(lambda: [
(k.id, k.name) for k in
query_get_kb_by_type('written_as').all()]
),
coerce=int,
)
class AddCmtRECORDCOMMENTFormReview(AddCmtRECORDCOMMENTForm):
"""Define form for record comment review."""
star_score = SelectField(_('Stars'), choices=[('1', _('*')),
('2', _('**')),
('3', _('***')),
('4', _('****')),
('5', _('*****'))])
def add_kb(kb_name=u"Untitled", kb_type=None, tries=10):
"""Add a new kb in database, return the id.
Add a new kb in database, and returns its id
The name of the kb will be 'Untitled#'
such that it is unique.
:param kb_name: the name of the kb
:param kb_type: the type of the kb, incl 'taxonomy' and 'dynamic'.
None for typical (leftside-rightside).
:param tries: exit after <n> retry
:return: the id of the newly created kb
"""
created = False
name = kb_name
i = 0
while (i < tries and created is False):
try:
kb = models.KnwKB(name=name, description="", kbtype=kb_type)
created = True
db.session.add(kb)
db.session.commit()
except IntegrityError:
db.session.rollback()
# get the highest id to calculate the new name
result = db.session.execute(
db.select([models.KnwKB.id]).order_by(db.desc(
models.KnwKB.id)).limit(1)).first()
index = result[0] + 1 if result is not None else 1
name = kb_name + " " + str(index)
i = i + 1
created = False
except Exception:
db.session.rollback()
raise
if created is False:
# TODO raise the right exception
raise Exception(
_(
"Can't create knowledge base \"%(name)s\".\n"
"Probabily the server is busy! "
"Try again later.",
name=kb_name))
return kb.id
class WebSearchUserSettingsForm(InvenioBaseForm):
"""User settings for search."""
rg = SelectField(_('Results per page'),
choices=[('10', '10'), ('25', '25'), ('50', '50'),
('100', '100')])
websearch_hotkeys = SelectField(_('Hotkeys'),
choices=[('0', _('Disable')),
('1', _('Enable'))])
c = SelectMultipleField(_('Collections'), choices=GetCollections())
of = SelectField(_('Personal output format'), choices=GetOutputFormats())
def add_review(recid):
uid = current_user.get_id()
form = AddCmtRECORDCOMMENTFormReview(request.values)
if form.validate_on_submit():
c = CmtRECORDCOMMENT()
form.populate_obj(c)
c.id_bibrec = recid
c.id_user = uid
c.date_creation = datetime.now()
try:
db.session.add(c)
db.session.commit()
flash(_('Review was sent'), "info")
return redirect(url_for('comments.reviews', recid=recid))
except:
db.session.rollback()
return render_template('comments/add_review.html', form=form)
def validate_email(self, field):
"""Validate email address.
Ensures that the email address is not already registered.
"""
field.data = field.data.lower()
validate_email(field.data.lower())
try:
User.query.filter(User.email == field.data).one()
raise validators.ValidationError(
_(
"Email address %(addr)s already exists in the"
" database. If this is your address, please sign-in and go"
" to Profile > Linked Accounts to link your account.",
addr=field.data))
except SQLAlchemyError:
pass
def create(deposition_type=None):
"""Create a new deposition."""
if request.is_xhr and request.method != 'POST':
return ('', 405)
deposition_type = DepositionType.get_default() if deposition_type is None \
else deposition_type
if deposition_type is None:
flash(_('Invalid deposition type.'), 'error')
return ('', 400) if request.is_xhr else redirect(url_for('.index'))
deposition = Deposition.create(current_user, type=deposition_type)
deposition.save()
return (str(deposition.id), 200) if request.is_xhr else redirect(
url_for(".run",
deposition_type=(None if deposition.type.is_default() else
deposition.type.get_identifier()),
uuid=deposition.id))
class SimpleRecordTestForm(WebDepositForm):
keywords = fields.DynamicFieldList(
fields.StringField(
widget_classes='form-control',
widget=field_widgets.ColumnInput(class_="col-xs-10"),
),
label='Keywords',
add_label='Add another keyword',
icon='fa fa-tags fa-fw',
widget_classes='',
min_entries=1,
)
publication_date = fields.Date(
label=_('Publication date'),
icon='fa fa-calendar fa-fw',
description='Required. Format: YYYY-MM-DD.',
default=date.today(),
validators=[],
widget=field_widgets.date_widget,
widget_classes='input-sm',
export_key='imprint.date',
)
def reviews(recid):
"""Display reviews."""
from invenio_access.local_config import VIEWRESTRCOLL
from invenio_access.mailcookie import \
mail_cookie_create_authorize_action
from .api import check_user_can_view_comments
auth_code, auth_msg = check_user_can_view_comments(current_user, recid)
if auth_code and current_user.is_guest:
cookie = mail_cookie_create_authorize_action(VIEWRESTRCOLL, {
'collection': g.collection})
url_args = {'action': cookie, 'ln': g.ln, 'referer': request.referrer}
flash(_("Authorization failure"), 'error')
return redirect(url_for('webaccount.login', **url_args))
elif auth_code:
flash(auth_msg, 'error')
abort(401)
comments = CmtRECORDCOMMENT.query.filter(db.and_(
CmtRECORDCOMMENT.id_bibrec == recid,
CmtRECORDCOMMENT.in_reply_to_id_cmtRECORDCOMMENT == 0,
CmtRECORDCOMMENT.star_score > 0
)).order_by(CmtRECORDCOMMENT.date_creation).all()
return render_template('comments/reviews.html', comments=comments)
return decorated
return wrapper
#
# Views
#
@blueprint.route("/", methods=['GET', 'POST'])
@ssl_required
@login_required
@register_menu(
blueprint,
'settings.applications',
_('%(icon)s Applications', icon='<i class="fa fa-shield fa-fw"></i>'),
order=5,
active_when=lambda: request.endpoint.startswith("oauth2server_settings."))
@register_breadcrumb(blueprint, 'breadcrumbs.settings.applications',
_('Applications'))
def index():
clients = Client.query.filter_by(
user_id=current_user.get_id(),
is_internal=False,
).all()
tokens = Token.query.options(db.joinedload('client')).filter(
Token.user_id == current_user.get_id(),
Token.is_personal == True, # noqa
Token.is_internal == False,
Client.is_internal == True,
def check_for_software_updates(flash_message=False):
"""Check for a new release of Invenio.
:return: True if you have latest version, else False if you need to upgrade
or None if server was not reachable.
"""
from invenio_base.globals import cfg
from invenio_base.i18n import _
try:
find = re.compile('Invenio v[0-9]+.[0-9]+.[0-9]+(\-rc[0-9])?'
' is released')
release_notes = 'https://raw.githubusercontent.com/' \
'inveniosoftware/invenio/master/RELEASE-NOTES'
webFile = urllib.request.urlopen(release_notes)
temp = ""
version = ""
version1 = ""
while True:
temp = webFile.readline()
match1 = find.match(temp)
try:
version = match1.group()
break
except Exception:
pass
if not temp:
break
webFile.close()
submatch = re.compile('[0-9]+.[0-9]+.[0-9]+(\-rc[0-9])?')
version1 = submatch.search(version)
web_version = version1.group().split(".")
local_version = cfg['CFG_VERSION'].split(".")
if (web_version[0] > local_version[0]
or web_version[0] == local_version[0]
and web_version[1] > local_version[1]
or web_version[0] == local_version[0] and web_version[1]
== local_version[1] and web_version[2] > local_version[2]):
if flash_message:
flash(
_(
'A newer version of Invenio is available for '
'download. You may want to visit '
'<a href="%(wiki)s">%()s</a>',
wiki='<a href=\"http://invenio-software.org/wiki/'
'/Installation/Download'), 'warning(html_safe)')
return False
except Exception as e:
print(e)
if flash_message:
flash(
_(
'Cannot download or parse release notes '
'from %(release_notes)s',
release_notes=release_notes), 'error')
return None
return True
('claimpaperusers', 'claimpaper_view_pid_universe', {}),
('claimpaperoperators', 'claimpaper_view_pid_universe', {}),
('claimpaperusers', 'claimpaper_claim_own_papers', {}),
('claimpaperoperators', 'claimpaper_claim_own_papers', {}),
('claimpaperoperators', 'claimpaper_claim_others_papers', {}),
('claimpaperusers', 'claimpaper_change_own_data', {}),
('claimpaperoperators', 'claimpaper_change_own_data', {}),
('claimpaperoperators', 'claimpaper_change_others_data', {}),
('holdingpenusers', 'viewholdingpen', {}),
('depositusers', 'usedeposit', {}),
)
# Activities (i.e. actions) for which exists an administrative web interface.
CFG_ACC_ACTIVITIES_URLS = {
'runbibedit' : (_("Run Record Editor"), "%s/%s/edit/?ln=%%s" % (CFG_SITE_URL, CFG_SITE_RECORD)),
'runbibdocfile' : (_("Run Document File Manager"), "%s/%s/managedocfiles?ln=%%s" % (CFG_SITE_URL, CFG_SITE_RECORD)),
'runbibmerge' : (_("Run Record Merger"), "%s/%s/merge/?ln=%%s" % (CFG_SITE_URL, CFG_SITE_RECORD)),
'cfgbibknowledge' : (_("Configure BibKnowledge"), "%s/kb?ln=%%s" % CFG_SITE_URL),
'cfgoaiharvest' : (_("Configure OAI Harvest"), "%s/admin/oaiharvest/oaiharvestadmin.py?ln=%%s" % CFG_SITE_URL),
'cfgwebaccess' : (_("Configure WebAccess"), "%s/admin/webaccess/webaccessadmin.py?ln=%%s" % CFG_SITE_URL),
'cfgwebcomment' : (_("Configure WebComment"), "%s/admin/webcomment/webcommentadmin.py?ln=%%s" % CFG_SITE_URL),
'claimpaper_claim_others_papers' : (_("Run Person/Author Manager"), "%s/author/search?ln=%%s" % CFG_SITE_URL)
}
CFG_WEBACCESS_MSGS = {
0: 'Try to <a href="%s/youraccount/login?referer=%%s">login</a> with another account.' % (CFG_SITE_SECURE_URL),
1: '<br />If you think this is not correct, please contact: <a href="mailto:%s">%s</a>' % (CFG_SITE_SUPPORT_EMAIL, CFG_SITE_SUPPORT_EMAIL),
2: '<br />If you have any questions, please write to <a href="mailto:%s">%s</a>' % (CFG_SITE_SUPPORT_EMAIL, CFG_SITE_SUPPORT_EMAIL),
3: 'Guest users are not allowed, please <a href="%s/youraccount/login">login</a>.' % CFG_SITE_SECURE_URL,
4: 'The site is temporarily closed for maintenance. Please come back soon.',
('statisticsusers', 'viewstatistics', {}),
('claimpaperusers', 'claimpaper_view_pid_universe', {}),
('claimpaperoperators', 'claimpaper_view_pid_universe', {}),
('claimpaperusers', 'claimpaper_claim_own_papers', {}),
('claimpaperoperators', 'claimpaper_claim_own_papers', {}),
('claimpaperoperators', 'claimpaper_claim_others_papers', {}),
('claimpaperusers', 'claimpaper_change_own_data', {}),
('claimpaperoperators', 'claimpaper_change_own_data', {}),
('claimpaperoperators', 'claimpaper_change_others_data', {}),
('holdingpenusers', 'viewholdingpen', {}),
('depositusers', 'usedeposit', {}),
)
# Activities (i.e. actions) for which exists an administrative web interface.
CFG_ACC_ACTIVITIES_URLS = {
'runbibedit': (_("Run Record Editor"),
"%s/%s/edit/?ln=%%s" % (CFG_SITE_URL, CFG_SITE_RECORD)),
'runbibdocfile':
(_("Run Document File Manager"),
"%s/%s/managedocfiles?ln=%%s" % (CFG_SITE_URL, CFG_SITE_RECORD)),
'runbibmerge': (_("Run Record Merger"),
"%s/%s/merge/?ln=%%s" % (CFG_SITE_URL, CFG_SITE_RECORD)),
'cfgbibknowledge': (_("Configure BibKnowledge"),
"%s/kb?ln=%%s" % CFG_SITE_URL),
'cfgoaiharvest':
(_("Configure OAI Harvest"),
"%s/admin/oaiharvest/oaiharvestadmin.py?ln=%%s" % CFG_SITE_URL),
'cfgwebaccess':
(_("Configure WebAccess"),
"%s/admin/webaccess/webaccessadmin.py?ln=%%s" % CFG_SITE_URL),
'cfgwebcomment':
static_url_path='/docs',
template_folder='templates',
static_folder='static')
from invenio_collections.models import Collection
def _read_markdown_as_html(target):
input_file = markdown.codecs.open(CURRENT_DIR + target,
mode="r",
encoding="utf-8")
return markdown.markdown(input_file.read())
@blueprint.route('/b2share-about', methods=['GET'])
@register_breadcrumb(blueprint, 'breadcrumbs.about', _('About'))
def b2share_about():
html = _read_markdown_as_html("/templates/about.md")
collection = Collection.query.get_or_404(1)
return render_template('docs.html',
markdown_render=html,
collection=collection)
@blueprint.route('/b2share-tou', methods=['GET'])
@register_breadcrumb(blueprint, 'breadcrumbs.tou', _('Terms of Use'))
def b2share_tou():
html = _read_markdown_as_html("/templates/tou.md")
collection = Collection.query.get_or_404(1)
return render_template('docs.html',
markdown_render=html,
blueprint = Blueprint('webtag',
__name__,
url_prefix='/yourtags',
template_folder='templates',
static_folder='static')
default_breadcrumb_root(blueprint, '.webaccount.tags')
@blueprint.route('/', methods=['GET', 'POST'])
@blueprint.route('/display', methods=['GET', 'POST'])
@blueprint.route('/display/cloud', methods=['GET', 'POST'])
@login_required
@templated('tags/display_cloud.html')
@register_menu(blueprint, 'personalize.tags', _('Your Tags'))
@register_breadcrumb(blueprint, '.', _('Your Tags'))
def display_cloud():
"""List of user's private/group/public tags."""
user = User.query.get(current_user.get_id())
tags = user.tags_query.order_by(WtgTAG.name).all()
# Calculate document count for each tag
min_count = 0
max_count = 0
for tag in tags:
if tag.record_count > max_count:
max_count = tag.record_count
if tag.record_count < min_count:
min_count = tag.record_count
request args and reencode them.
"""
@wraps(f)
def decorated(*args, **kwargs):
if request.args:
request.url = request.base_url + "?" + url_encode(request.args)
return f(*args, **kwargs)
return decorated
#
# Views
#
@blueprint.route('/authorize', methods=['GET', 'POST'])
@register_breadcrumb(blueprint, '.', _('Authorize application'))
@login_required
@error_handler
@urlreencode
@oauth2.authorize_handler
def authorize(*args, **kwargs):
"""View for rendering authorization request."""
if request.method == 'GET':
client = Client.query.filter_by(
client_id=kwargs.get('client_id')).first()
if not client:
abort(404)
ctx = dict(client=client,
oauth_request=kwargs.get('request'),
def register_menu_items():
"""Register empty account breadcrumb."""
item = current_menu.submenu('breadcrumbs.settings')
item.register('', _('Account'))
@blueprint.route("/")
@ssl_required
@login_required
def index():
"""Index page."""
return redirect(url_for(".profile"))
@blueprint.route("/profile", methods=['GET', 'POST'])
@ssl_required
@login_required
@register_menu(
blueprint,
'settings.profile',
_('%(icon)s Profile', icon='<i class="fa fa-user fa-fw"></i>'),
order=0,
active_when=lambda: request.endpoint.startswith("accounts_settings."))
@register_breadcrumb(blueprint, 'breadcrumbs.settings.profile', _('Profile'))
def profile():
"""Change password form for authenticated users."""
u = User.query.filter_by(id=current_user.get_id()).first()
profile_form = ProfileForm(formdata=None, obj=u, prefix="profile")
verification_form = VerificationForm(formdata=None, prefix="verification")
password_form = ChangePasswordForm(formdata=None, prefix="password")
form = request.form.get('submit', None)
if form == 'password':
password_form.process(formdata=request.form)
if password_form.validate_on_submit():
# from invenio_access.local_config import \
# FIXME
WEBACCESSACTION = 'cfgwebaccess'
blueprint = Blueprint('webaccess_admin', __name__,
url_prefix="/admin/webaccess",
template_folder='../templates',
static_folder='../static')
@blueprint.route('/', methods=['GET', 'POST'])
@login_required
@permission_required(WEBACCESSACTION)
@templated('access/admin/index.html')
@register_breadcrumb(blueprint, 'admin.webaccess_admin', _('WebAccess'))
def index():
"""Index."""
actions = [
dict(url=url_for('.rolearea'),
title=_('Role Area'),
description=_('Main area to configure administration rights '
'and authorization rules.')),
dict(url=url_for('.actionarea'),
title=_('Action Area'),
description=_('Configure administration rights with the '
'actions as starting point.')),
dict(url=url_for('.userarea'),
title=_('User Area'),
description=_('Configure administration rights with the '
'users as starting point.')),
def index():
"""Index."""
actions = [
dict(url=url_for('.rolearea'),
title=_('Role Area'),
description=_('Main area to configure administration rights '
'and authorization rules.')),
dict(url=url_for('.actionarea'),
title=_('Action Area'),
description=_('Configure administration rights with the '
'actions as starting point.')),
dict(url=url_for('.userarea'),
title=_('User Area'),
description=_('Configure administration rights with the '
'users as starting point.')),
dict(url=url_for('.resetarea'),
title=_('Reset Area'),
description=_('Reset roles, actions and authorizations.')),
dict(url=url_for('.manageaccounts'),
title=_('Manage Accounts Area'),
description=_('Manage user accounts.')),
dict(url=url_for('.delegate_startarea'),
title=_('Delegate Rights - With Restrictions'),
description=_('Delegate your rights for some roles.')),
]
return dict(actions=actions)
def register_item():
item = app.extensions['menu'].submenu('main.admin')
item.register('admin.index',
_('Admin'),
order=10,
visible_when=lambda: current_user.is_admin)
def __init__(self):
super(WebTagSettings, self).__init__()
self.icon = 'tags'
self.title = _('Tags')
self.view = url_for('webtag.display_cloud')
self.edit = url_for('webaccount.edit', name=self.name)
