def _validate_group_scope(group, target_uri):
if not group.scopes:
return
# The scope (origin) of the target URI must match at least one
# of a group's defined scopes, if the group has any
group_scopes = [scope.origin for scope in group.scopes]
if not group_scope_match(target_uri, group_scopes):
raise schemas.ValidationError('group scope: ' +
_('Annotations for this target URI '
'are not allowed in this group'))
def _validate_group_scope(group, target_uri):
if not group.scopes:
return
# The scope (origin) of the target URI must match at least one
# of a group's defined scopes, if the group has any
group_scopes = [scope.origin for scope in group.scopes]
if not group_scope_match(target_uri, group_scopes):
raise schemas.ValidationError('group scope: ' +
_('Annotations for this target URI '
'are not allowed in this group'))
def _validate_group_scope(group, target_uri):
# If no scopes are present, or if the group is configured to allow
# annotations outside of its scope, there's nothing to do here
if not group.scopes or group.enforce_scope is False:
return
# The scope (origin) of the target URI must match at least one
# of a group's defined scopes, if the group has any
group_scopes = [scope.origin for scope in group.scopes]
if not group_scope_match(target_uri, group_scopes):
raise schemas.ValidationError("group scope: " +
_("Annotations for this target URI "
"are not allowed in this group"))
def create_annotation(request, data, group_service):
"""
Create an annotation from already-validated data.
:param request: the request object
:type request: pyramid.request.Request
:param data: an annotation data dict that has already been validated by
:py:class:`h.schemas.annotation.CreateAnnotationSchema`
:type data: dict
:param group_service: a service object that implements
:py:class:`h.interfaces.IGroupService`
:type group_service: :py:class:`h.interfaces.IGroupService`
:returns: the created and flushed annotation
:rtype: :py:class:`h.models.Annotation`
"""
created = updated = datetime.utcnow()
document_uri_dicts = data['document']['document_uri_dicts']
document_meta_dicts = data['document']['document_meta_dicts']
del data['document']
# Replies must have the same group as their parent.
if data['references']:
top_level_annotation_id = data['references'][0]
top_level_annotation = fetch_annotation(request.db,
top_level_annotation_id)
if top_level_annotation:
data['groupid'] = top_level_annotation.groupid
else:
raise schemas.ValidationError(
'references.0: ' + _('Annotation {id} does not exist').format(
id=top_level_annotation_id))
# The user must have permission to create an annotation in the group
# they've asked to create one in. If the application didn't configure
# a groupfinder we will allow writing this annotation without any
# further checks.
group = group_service.find(data['groupid'])
if group is None or not request.has_permission('write', context=group):
raise schemas.ValidationError('group: ' +
_('You may not create annotations '
'in the specified group!'))
if request.feature('filter_groups_by_scope') and group.scopes:
# The scope (origin) of the target URI must match at least one
# of a group's defined scopes, if the group has any
group_scopes = [scope.origin for scope in group.scopes]
if not group_scope_match(data['target_uri'], group_scopes):
raise schemas.ValidationError('group scope: ' +
_('Annotations for this target URI '
'are not allowed in this group'))
annotation = models.Annotation(**data)
annotation.created = created
annotation.updated = updated
document = update_document_metadata(request.db,
annotation.target_uri,
document_meta_dicts,
document_uri_dicts,
created=created,
updated=updated)
annotation.document = document
request.db.add(annotation)
request.db.flush()
return annotation