def _validate_group_scope(group, target_uri): if not group.scopes: return # The scope (origin) of the target URI must match at least one # of a group's defined scopes, if the group has any group_scopes = [scope.origin for scope in group.scopes] if not group_scope_match(target_uri, group_scopes): raise schemas.ValidationError('group scope: ' + _('Annotations for this target URI ' 'are not allowed in this group'))
def _validate_group_scope(group, target_uri): # If no scopes are present, or if the group is configured to allow # annotations outside of its scope, there's nothing to do here if not group.scopes or group.enforce_scope is False: return # The scope (origin) of the target URI must match at least one # of a group's defined scopes, if the group has any group_scopes = [scope.origin for scope in group.scopes] if not group_scope_match(target_uri, group_scopes): raise schemas.ValidationError("group scope: " + _("Annotations for this target URI " "are not allowed in this group"))
def create_annotation(request, data, group_service): """ Create an annotation from already-validated data. :param request: the request object :type request: pyramid.request.Request :param data: an annotation data dict that has already been validated by :py:class:`h.schemas.annotation.CreateAnnotationSchema` :type data: dict :param group_service: a service object that implements :py:class:`h.interfaces.IGroupService` :type group_service: :py:class:`h.interfaces.IGroupService` :returns: the created and flushed annotation :rtype: :py:class:`h.models.Annotation` """ created = updated = datetime.utcnow() document_uri_dicts = data['document']['document_uri_dicts'] document_meta_dicts = data['document']['document_meta_dicts'] del data['document'] # Replies must have the same group as their parent. if data['references']: top_level_annotation_id = data['references'][0] top_level_annotation = fetch_annotation(request.db, top_level_annotation_id) if top_level_annotation: data['groupid'] = top_level_annotation.groupid else: raise schemas.ValidationError( 'references.0: ' + _('Annotation {id} does not exist').format( id=top_level_annotation_id)) # The user must have permission to create an annotation in the group # they've asked to create one in. If the application didn't configure # a groupfinder we will allow writing this annotation without any # further checks. group = group_service.find(data['groupid']) if group is None or not request.has_permission('write', context=group): raise schemas.ValidationError('group: ' + _('You may not create annotations ' 'in the specified group!')) if request.feature('filter_groups_by_scope') and group.scopes: # The scope (origin) of the target URI must match at least one # of a group's defined scopes, if the group has any group_scopes = [scope.origin for scope in group.scopes] if not group_scope_match(data['target_uri'], group_scopes): raise schemas.ValidationError('group scope: ' + _('Annotations for this target URI ' 'are not allowed in this group')) annotation = models.Annotation(**data) annotation.created = created annotation.updated = updated document = update_document_metadata(request.db, annotation.target_uri, document_meta_dicts, document_uri_dicts, created=created, updated=updated) annotation.document = document request.db.add(annotation) request.db.flush() return annotation