def views_permissions_factory(action):
"""Return ILS views permissions factory."""
is_authenticated_user = ["circulation-loan-request", "patron-loans"]
is_backoffice_permission = [
"circulation-loan-checkout",
"circulation-loan-force-checkout",
"circulation-overdue-loan-email",
"circulation-loan-update-dates",
"relations-create",
"relations-delete",
"stats-most-loaned",
"document-request-actions",
"bucket-create",
"ill-brwreq-patron-loan-create",
"ill-brwreq-patron-loan-extension-accept",
"ill-brwreq-patron-loan-extension-decline",
]
is_patron_owner_permission = [
"document-request-decline",
"ill-brwreq-patron-loan-extension-request",
]
if action in is_authenticated_user:
return authenticated_user_permission()
elif action in is_backoffice_permission:
return backoffice_permission()
elif action in is_patron_owner_permission:
return PatronOwnerPermission
return deny_all()
def views_permissions_factory(action):
"""Return ILS views permissions factory."""
if action == "circulation-loan-request":
return authenticated_user_permission()
elif action == "circulation-loan-checkout":
return backoffice_permission()
elif action == "circulation-loan-force-checkout":
return backoffice_permission()
elif action == "circulation-overdue-loan-email":
return backoffice_permission()
elif action == "relations-create":
return backoffice_permission()
elif action == "relations-delete":
return backoffice_permission()
elif action == "stats-most-loaned":
return backoffice_permission()
elif action == "document-request-accept":
return backoffice_permission()
elif action == "document-request-pending":
return backoffice_permission()
elif action == "document-request-reject":
return backoffice_permission()
elif action == "bucket-create":
return backoffice_permission()
else:
return deny_all()
def views_permissions_factory(action):
"""Return ILS views permissions factory."""
if action == "circulation-loan-request":
return authenticated_user_permission()
elif action == "circulation-loan-checkout":
return backoffice_permission()
elif action == "circulation-loan-force-checkout":
return backoffice_permission()
elif action == "circulation-overdue-loan-email":
return backoffice_permission()
elif action == "relations-create":
return backoffice_permission()
elif action == "relations-delete":
return backoffice_permission()
elif action == "stats-most-loaned":
return backoffice_permission()
elif action == "document-request-actions":
return backoffice_permission()
elif action == "document-request-decline":
# return a factory that accepts a record as parameter
return PatronOwnerPermission
elif action == "bucket-create":
return backoffice_permission()
elif action == "ill-brwreq-patron-loan-create":
return backoffice_permission()
elif action == "ill-brwreq-patron-loan-extension-request":
# return a factory that accepts a record as parameter
return PatronOwnerPermission
elif action == "ill-brwreq-patron-loan-extension-accept":
return backoffice_permission()
elif action == "ill-brwreq-patron-loan-extension-decline":
return backoffice_permission()
return deny_all()
def views_permissions_factory(action):
"""Return ILS views permissions factory."""
if action == "circulation-loan-request":
return authenticated_user_permission()
elif action == "circulation-loan-create":
return backoffice_permission()
else:
return deny_all()
def owner_permission_impl(record, *args, **kwargs):
f"""Record owner permission factory.
* Allows access to record if current_user if record is owned by the current user.
* If the record is not owned by any user, access to the record is denied.
"""
owner = current_oarepo_communities.get_owned_by_field(record)
if owner:
return Permission(UserNeed(owner))
return deny_all()
def file_download_permission(obj):
"""File download permissions."""
bucket_id = str(obj.bucket_id)
search_cls = current_app_ils.eitem_search_cls
results = search_cls().search_by_bucket_id(bucket_id)
if len(results) != 1:
return deny_all()
eitem_cls = current_app_ils.eitem_record_cls
record = eitem_cls.get_record_by_pid(results[0].pid)
if record.get("open_access", False):
return allow_all()
return authenticated_user_permission()
def inner(record, *args, **kwargs):
community_id = community_id_from_request()
if community_id:
return Permission(RoleNeed(f'community:{community_id}:{role}'))
return deny_all()
def test_views_permissions_factory(action):
"""Test views permissions factory."""
if action == 'loan-read-access':
return has_read_loan_permission()
else:
return deny_all()
from invenio_jsonschemas import current_jsonschemas
from werkzeug.routing import Rule
url_map.add(
Rule("{0}/<path:path>".format(
current_app.config['JSONSCHEMAS_ENDPOINT']),
endpoint=current_jsonschemas.get_schema,
host=current_app.config['SERVER_NAME']))
# global config
FLASK_TAXONOMIES_URL_PREFIX = '/2.0/taxonomies/'
FLASK_TAXONOMIES_PERMISSION_FACTORIES = {
'taxonomy_list': [allow_all()],
'taxonomy_read': [allow_all()],
'taxonomy_create': [deny_all()],
'taxonomy_update': [deny_all()],
'taxonomy_delete': [deny_all()],
'taxonomy_term_read': [allow_all()],
'taxonomy_term_create': [deny_all()],
'taxonomy_term_update': [deny_all()],
'taxonomy_term_delete': [deny_all()],
'taxonomy_term_move': [deny_all()]
}
PREFERRED_URL_SCHEME = 'https'
RATELIMIT_ENABLED = True
RATELIMIT_PER_ENDPOINT = {
'oarepo_records_draft.draft-datasets_presigned_part':
'25000 per hour',
'oarepo_records_draft.draft-datasets-community_presigned_part':
def test_views_permissions_factory(action):
"""Test views permissions factory."""
if action == 'loan-read-access':
return loan_reader()
else:
return deny_all()