def Send_SRV_Mail(parameters, curdir, form, user_info=None):
"""
This function sends an email to warn people a revision has been
carried out.
Parameters:
* notefile: name of the file in which the note can be found
* emailfile: name of the file containing the submitter's email
* addressesSRV: email addresses of the people who will receive
this email (comma separated list). this
parameter may contain the <CATEG> string. In
which case the variable computed from the
[categformatDAM] parameter replaces this
string.
eg.:"<CATEG>[email protected]"
* categformatDAM: contains a regular expression used to compute
the category of the document given the
reference of the document.
eg.: if [categformatAFP]="TEST-<CATEG>-.*"
and the reference of the document is
"TEST-CATEGORY1-2001-001", then the computed
category equals "CATEGORY1"
"""
global rn,doctype,sysno
# variables declaration
FROMADDR = '%s Submission Engine <%s>' % (CFG_SITE_NAME,CFG_SITE_SUPPORT_EMAIL)
addresses = parameters['addressesSRV']
addresses = addresses.strip()
if parameters['emailFile'] is not None and parameters['emailFile']!="" and os.path.exists("%s/%s" % (curdir,parameters['emailFile'])):
fp = open("%s/%s" % (curdir,parameters['emailFile']), "r")
SuE = fp.read()
fp.close()
else:
SuE = ""
SuE = SuE.replace("\n",",")
if parameters['noteFile'] is not None and parameters['noteFile']!= "" and os.path.exists("%s/%s" % (curdir,parameters['noteFile'])):
fp = open("%s/%s" % (curdir,parameters['noteFile']), "r")
note = fp.read()
fp.close()
else:
note = ""
title = Get_Field("245__a",sysno)
author = Get_Field('100__a',sysno)
author += Get_Field('700__a',sysno)
# create message
message = "A revised version of document %s has been submitted.\n\nTitle: %s\nAuthor(s): %s\nURL: <%s/%s/%s>%s" % (rn,title,author,CFG_SITE_URL,CFG_SITE_RECORD,sysno,note)
# send the email
send_email(FROMADDR, SuE, "%s revised" % rn, message, copy_to_admin=CFG_WEBSUBMIT_COPY_MAILS_TO_ADMIN)
return ""
def Get_Info_In_DB(rn, parameters, curdir):
global titlevalue, emailvalue, authorvalue, sysno
if sysno != "":
titlevalue = Get_Field('245__a', sysno)
emailvalue = Get_Field('8560_f', sysno)
authorvalue = Get_Field('100__a', sysno)
authorvalue += "\n%s" % Get_Field('700__a', sysno)
# save result
fp = open("%s/SN" % curdir, "w")
fp.write(sysno)
fp.close()
return 1
else:
return 0
def Is_Original_Submitter(parameters, curdir, form, user_info=None):
"""
This function compares the current logged in user email with the
email of the original submitter of the record. If it is the same
(or if the current user has superuser rights), we go on. If it
differs, an error message is issued.
"""
global uid_email,sysno,uid
doctype = form['doctype']
act = form['act']
email = Get_Field("8560_f",sysno)
email = re.sub("[\n\r ]+","",email)
uid_email = re.sub("[\n\r ]+","",uid_email)
(auth_code, auth_message) = acc_authorize_action(user_info, "submit",verbose=0,doctype=doctype, act=act)
if re.search(uid_email,email,re.IGNORECASE) is None and auth_code != 0:
raise InvenioWebSubmitFunctionStop("""
<SCRIPT>
document.forms[0].action="/submit";
document.forms[0].curpage.value = 1;
document.forms[0].step.value = 0;
user_must_confirm_before_leaving_page = false;
document.forms[0].submit();
alert('Only the submitter of this document has the right to do this action. \\nYour login (%s) is different from the one of the submitter (%s).');
</SCRIPT>""" % (uid_email,email))
elif re.search(uid_email,email, re.IGNORECASE) is None and \
auth_code == 0:
if not os.path.exists(os.path.join(curdir, 'is_original_submitter_warning')):
write_file(os.path.join(curdir, 'is_original_submitter_warning'), '')
return ("""
<SCRIPT>
alert('Only the submitter of this document has the right to do this action. \\nYour login (%s) is different from the one of the submitter (%s).\\n\\nAnyway, as you have a special authorization for this type of documents,\\nyou are allowed to proceed! Watch out your actions!');
</SCRIPT>""" % (uid_email,email))
return ""
def Create_Modify_Interface_getfieldval_fromDBrec(fieldcode, recid):
"""Read a field's value from the record stored in the DB.
This function is called when the Create_Modify_Interface function is called for the first time
when modifying a given record, and field values must be retrieved from the database.
"""
fld_val = ""
if fieldcode != "":
for next_field_code in [x.strip() for x in fieldcode.split(",")]:
fld_val += "%s\n" % Get_Field(next_field_code, recid)
fld_val = fld_val.rstrip('\n')
return fld_val
def checkModifyPermissions(uid_email, groups, recid):
# This function gives permisson to modify a record. It is also
# called by bfe_modifylnk to create a link if modification is
# allowed. We implement a 3 step workflow:
# User submitted records:
# - they end up in private collections, one per institute. Every
# member of the institute is allowed to edit any record in those
# collections unless it reached a higher state.
# - if an EDITOR of an institute approved a record, users are no
# longer allowed to edit them. You need to be at least editor
# for one of the owning institutes to modify it.
# - if STAFF approved a record for publications database you need
# to be at least STAFF to modify it.
from invenio.access_control_config import CFG_EXTERNAL_AUTH_DEFAULT
from invenio.websubmit_functions.Retrieve_Data import Get_Field
import re
# Literal names of our EDITORS and STAFF groups
Editorsgrp = 'EDITORS'
Staffgrp = 'STAFF'
# we need editor rights if editor touched the record. This is marked
# by the record to have 980__a:EDITORS set
ReqEditorGrp = Editorsgrp
# we need staff rights if staff approved the record. This is marked
# by the record to have 980__a:VDB set, ie the final public
# collection in our workflow
ReqStaffGrp = 'VDB'
# By default we have no special privileges
Is_Submitter = False # is original submitter
Is_Editor = False # is member of EDITORS group
Is_Staff = False # is member of STAFF group
Is_Groupmember = False # is member of the group
Require_Editor = True # at least reuquire editor rights
Require_Staff = True # at least reuquire editor rights
# Check the email of the currently logged in user against the
# originator email in the record.
email = Get_Field("8560_f",recid)
email = re.sub("[\n\r ]+","",email)
uid_email = re.sub("[\n\r ]+","",uid_email)
# Is_Submitter is always sufficient as EDITORS set their name upon
# approval as does STAFF.
if re.search(uid_email,email,re.IGNORECASE) is None:
Is_Submitter = False
else:
Is_Submitter = True
# Being STAFF is enough for everything
if Staffgrp in groups:
Is_Staff = True
Is_Editor = True
if Editorsgrp in groups:
Is_Editor = True
# Get a list of all collections a document belongs to
dc = Get_Field("980__a", recid)
doccollections = dc.split('\n')
# if a document was handled by EDITORS at least another EDITOR is
# required to change it.
if ReqEditorGrp in doccollections:
Require_Editor = True
else:
Require_Editor = False
if ReqStaffGrp in doccollections:
Require_Staff = True
else:
Require_Staff = False
# Check if we are member of a suitable group
for group in groups:
# from external auth we get a postfix the we need to strip off
grp = group.replace(' ['+CFG_EXTERNAL_AUTH_DEFAULT+']', '')
if (grp != Editorsgrp) and (grp != Staffgrp):
if grp in doccollections:
Is_Groupmember = True
#-# print 'Is_Staff ', Is_Staff
#-# print 'Is_Editor ', Is_Editor
#-# print 'Is_Groupmember', Is_Groupmember
#-# print 'Require_Staff ', Require_Staff
#-# print 'Require_Editor', Require_Editor
permit = False
# Now we have extracted our group memberships and the records
# status. Compare it to our requirements for modification to finally
# give access or deny it.
if Is_Staff:
# Staff is always true
permit = True
# This is redundant, as Staff is always allowed to edit
# if Require_Staff and Is_Staff:
# permit = True
if Require_Editor and Is_Editor and Is_Groupmember:
# Only EDITORS of the contributing institutes...
permit = True
if not(Require_Staff or Require_Editor) and Is_Groupmember:
# All group members
permit = True
if Is_Submitter and not (Require_Editor or Require_Staff):
# Submitter if no higher stage is achieved
permit = True
return permit
def Is_Submitter_Or_Editor(parameters, curdir, form, user_info=None):
"""
This function compares the email of the current logged
user with the original submitter of the document. If
identical it grants editing rights. If not, it is
checked if the logged in user is in the group
EDITORS and belongs to a group named like either of
the collections associated with the record. If not
it check whether the user has special rights.
"""
global uid_email,sysno,uid
# By default we have no special privileges
Is_Submitter = 0 # 1 for original submitter
Is_Editor = 0 # 1 for member of EDITORS group
Is_Groupmember = 0 # 1 for member of the group
Editor_Auth = 0 # 1 for Editor + belongs to institute
auth_code = 1 # 0 if access is granted by higher rights
doctype = form['doctype']
act = form['act']
# Check the email of the currently logged in user against the
# originator email in the record.
email = Get_Field("8560_f",sysno)
email = re.sub("[\n\r ]+","",email)
uid_email = re.sub("[\n\r ]+","",uid_email)
if re.search(uid_email,email,re.IGNORECASE) is None:
Is_Submitter = 0
else:
Is_Submitter = 1
# Get group memberships of the user to see if she is in EDITORS
# groups = bfo.user_info['group']
groups = user_info['group']
# Get_Field returns a \n separated string of all field values it
# can find. Split it to get a list we can loop
dc = Get_Field("980__a", sysno)
doccollections = dc.split('\n')
for group in groups:
if group == 'EDITORS':
Is_Editor = 1
if group == 'STAFF':
Editor_Auth = 1
# if we are Editor, we also need to be member of the right group.
if Is_Editor == 1:
for col in doccollections:
for group in groups:
# from external auth we get a postfix the we need to strip off
grp = group.replace(' ['+CFG_EXTERNAL_AUTH_DEFAULT+']', '')
if col == grp:
Editor_Auth = 1
if (Is_Submitter == 0) and (auth_code != 0) and (Editor_Auth == 0):
# We are neither submitter nor do we have special rights
raise InvenioWebSubmitFunctionStop("""
<SCRIPT>
document.forms[0].action="/submit";
document.forms[0].curpage.value = 1;
document.forms[0].step.value = 0;
user_must_confirm_before_leaving_page = false;
// alert('You (%s) are not the submitter (%s) of this document nor editor for this group.\\nYou are not allowed to modify it.');
document.forms[0].submit();
</SCRIPT>""" % (uid_email,email))
elif Editor_Auth == 1:
# keep the alert only for testing, fall trough silently in
# productive systems
return ("""
<SCRIPT>
// alert('This record was originally submitted by %s. You (%s) are allowed to modify it as you are Editor for this group.');
</SCRIPT>""" % (email,uid_email))
elif auth_code == 0:
# keep the alert only for testing, fall trough silently in
# productive systems
return ("""
<SCRIPT>
// alert('Only the submitter of this document has the right to do this action. \\nYour login (%s) is different from the one of the submitter (%s).\\n\\nAnyway, as you have a special authorization for this type of documents,\\nyou are allowed to proceed! Watch out your actions!');
</SCRIPT>""" % (uid_email,email))
return
