def is_no_quota_user(uid):
"""Return True if the user belongs to any of the no_quota roles."""
no_quota_role_ids = [acc_get_role_id(role) for role in cfg["CFG_WEBMESSAGE_ROLES_WITHOUT_QUOTA"]]
user_info = UserInfo(uid)
for role_id in no_quota_role_ids:
if acc_is_user_in_role(user_info, role_id):
return True
return False
def check_quota(nb_messages):
"""
@param nb_messages: max number of messages a user can have
@return: a dictionary of users over-quota
"""
from invenio_access.control import acc_is_user_in_role, acc_get_role_id
no_quota_role_ids = [acc_get_role_id(
role) for role in CFG_WEBMESSAGE_ROLES_WITHOUT_QUOTA]
res = {}
for uid, n in run_sql(
"SELECT id_user_to, COUNT(id_user_to) FROM user_msgMESSAGE GROUP BY id_user_to HAVING COUNT(id_user_to) > %s", (nb_messages, )):
user_info = UserInfo(uid)
for role_id in no_quota_role_ids:
if acc_is_user_in_role(user_info, role_id):
break
else:
res[uid] = n
return res
def _precache(self, info, force=False):
"""Calculate permissions for user actions.
FIXME: compatibility layer only !!!
"""
try:
from invenio_accounts.models import User
except ImportError:
return {}
CFG_BIBAUTHORID_ENABLED = current_app.config.get(
'CFG_BIBAUTHORID_ENABLED', False)
# get authorization key
acc_key = self.get_acc_key()
acc = cache.get(acc_key)
if not force and acc_key is not None and acc is not None:
return acc
# FIXME: acc_authorize_action should use flask request directly
user_info = info
user_info.update(self.req)
user = User.query.get(user_info['uid'])
from invenio_access.engine import acc_authorize_action
from invenio_access.control import acc_get_role_id, \
acc_is_user_in_role
from invenio_search.utils import \
get_permitted_restricted_collections
from invenio_deposit.cache import \
get_authorized_deposition_types
data = {}
data['precached_permitted_restricted_collections'] = \
get_permitted_restricted_collections(user_info)
data['precached_allowed_deposition_types'] = \
get_authorized_deposition_types(user_info)
data['precached_useloans'] = acc_authorize_action(
user_info, 'useloans')[0] == 0
data['precached_usegroups'] = acc_authorize_action(
user_info, 'usegroups')[0] == 0
data['precached_usemessages'] = acc_authorize_action(
user_info, 'usemessages')[0] == 0
data['precached_useadmin'] = user.has_admin_role
data['precached_usesuperadmin'] = user.has_super_admin_role
data['precached_canseehiddenmarctags'] = acc_authorize_action(
user_info, 'runbibedit')[0] == 0
usepaperclaim = False
usepaperattribution = False
viewclaimlink = False
if (CFG_BIBAUTHORID_ENABLED and acc_is_user_in_role(
user_info, acc_get_role_id("paperclaimviewers"))):
usepaperclaim = True
if (CFG_BIBAUTHORID_ENABLED and acc_is_user_in_role(
user_info, acc_get_role_id("paperattributionviewers"))):
usepaperattribution = True
viewlink = False
try:
viewlink = session['personinfo']['claim_in_process']
except (KeyError, TypeError):
pass
if (current_app.config.get('CFG_BIBAUTHORID_ENABLED') and
usepaperattribution and viewlink):
viewclaimlink = True
# if (CFG_BIBAUTHORID_ENABLED
# and ((usepaperclaim or usepaperattribution)
# and acc_is_user_in_role(
# data, acc_get_role_id("paperattributionlinkviewers")))):
# viewclaimlink = True
data['precached_viewclaimlink'] = viewclaimlink
data['precached_usepaperclaim'] = usepaperclaim
data['precached_usepaperattribution'] = usepaperattribution
timeout = current_app.config.get(
'CFG_WEBSESSION_EXPIRY_LIMIT_DEFAULT', 0) * 3600
cache.set(acc_key, data,
timeout=timeout)
return data
def _precache(self, info, force=False):
"""Calculate permissions for user actions.
FIXME: compatibility layer only !!!
"""
CFG_BIBAUTHORID_ENABLED = current_app.config.get("CFG_BIBAUTHORID_ENABLED", False)
# get authorization key
acc_key = self.get_acc_key()
acc = cache.get(acc_key)
if not force and acc_key is not None and acc is not None:
return acc
# FIXME: acc_authorize_action should use flask request directly
user_info = info
user_info.update(self.req)
from invenio.legacy.webuser import isUserSubmitter, isUserReferee, isUserAdmin, isUserSuperAdmin
from invenio_access.engine import acc_authorize_action
from invenio_access.control import acc_get_role_id, acc_is_user_in_role
from invenio_search.utils import get_permitted_restricted_collections
from invenio_deposit.cache import get_authorized_deposition_types
data = {}
data["precached_permitted_restricted_collections"] = get_permitted_restricted_collections(user_info)
data["precached_allowed_deposition_types"] = get_authorized_deposition_types(user_info)
data["precached_useloans"] = acc_authorize_action(user_info, "useloans")[0] == 0
data["precached_usegroups"] = acc_authorize_action(user_info, "usegroups")[0] == 0
data["precached_usemessages"] = acc_authorize_action(user_info, "usemessages")[0] == 0
try:
data["precached_viewsubmissions"] = isUserSubmitter(user_info)
except Exception:
data["precached_viewsubmissions"] = None
data["precached_useapprove"] = isUserReferee(user_info)
data["precached_useadmin"] = isUserAdmin(user_info)
data["precached_usesuperadmin"] = isUserSuperAdmin(user_info)
data["precached_canseehiddenmarctags"] = acc_authorize_action(user_info, "runbibedit")[0] == 0
usepaperclaim = False
usepaperattribution = False
viewclaimlink = False
if CFG_BIBAUTHORID_ENABLED and acc_is_user_in_role(user_info, acc_get_role_id("paperclaimviewers")):
usepaperclaim = True
if CFG_BIBAUTHORID_ENABLED and acc_is_user_in_role(user_info, acc_get_role_id("paperattributionviewers")):
usepaperattribution = True
viewlink = False
try:
viewlink = session["personinfo"]["claim_in_process"]
except (KeyError, TypeError):
pass
if current_app.config.get("CFG_BIBAUTHORID_ENABLED") and usepaperattribution and viewlink:
viewclaimlink = True
# if (CFG_BIBAUTHORID_ENABLED
# and ((usepaperclaim or usepaperattribution)
# and acc_is_user_in_role(
# data, acc_get_role_id("paperattributionlinkviewers")))):
# viewclaimlink = True
data["precached_viewclaimlink"] = viewclaimlink
data["precached_usepaperclaim"] = usepaperclaim
data["precached_usepaperattribution"] = usepaperattribution
timeout = current_app.config.get("CFG_WEBSESSION_EXPIRY_LIMIT_DEFAULT", 0) * 3600
cache.set(acc_key, data, timeout=timeout)
return data
def _precache(self, info, force=False):
"""Calculate permissions for user actions.
FIXME: compatibility layer only !!!
"""
try:
from invenio_accounts.models import User
except ImportError:
return {}
CFG_BIBAUTHORID_ENABLED = current_app.config.get(
'CFG_BIBAUTHORID_ENABLED', False)
# get authorization key
acc_key = self.get_acc_key()
acc = cache.get(acc_key)
if not force and acc_key is not None and acc is not None:
return acc
# FIXME: acc_authorize_action should use flask request directly
user_info = info
user_info.update(self.req)
user = User.query.get(user_info['uid'])
data = {}
data['precached_useadmin'] = getattr(user, 'has_admin_role', False)
data['precached_usesuperadmin'] = getattr(user, 'has_super_admin_role',
False)
try:
from invenio_search.utils import \
get_permitted_restricted_collections
data['precached_permitted_restricted_collections'] = \
get_permitted_restricted_collections(user_info)
except Exception:
current_app.logger.exception(
'Permitted restricted collections were not loaded.')
try:
from invenio_deposit.cache import \
get_authorized_deposition_types
data['precached_allowed_deposition_types'] = \
get_authorized_deposition_types(user_info)
except Exception:
current_app.logger.exception(
'Allowed deposition types were not loaded.')
usepaperclaim = False
usepaperattribution = False
viewclaimlink = False
try:
from invenio_access.engine import acc_authorize_action
from invenio_access.control import acc_get_role_id, \
acc_is_user_in_role
data['precached_useloans'] = acc_authorize_action(
user_info, 'useloans')[0] == 0
data['precached_usegroups'] = acc_authorize_action(
user_info, 'usegroups')[0] == 0
data['precached_usemessages'] = acc_authorize_action(
user_info, 'usemessages')[0] == 0
data['precached_canseehiddenmarctags'] = acc_authorize_action(
user_info, 'runbibedit')[0] == 0
if (CFG_BIBAUTHORID_ENABLED and acc_is_user_in_role(
user_info, acc_get_role_id("paperclaimviewers"))):
usepaperclaim = True
if (CFG_BIBAUTHORID_ENABLED and acc_is_user_in_role(
user_info, acc_get_role_id("paperattributionviewers"))):
usepaperattribution = True
except Exception:
current_app.logger.exception("Access control module is broken.")
viewlink = False
try:
viewlink = session['personinfo']['claim_in_process']
except (KeyError, TypeError):
pass
if (current_app.config.get('CFG_BIBAUTHORID_ENABLED')
and usepaperattribution and viewlink):
viewclaimlink = True
# if (CFG_BIBAUTHORID_ENABLED
# and ((usepaperclaim or usepaperattribution)
# and acc_is_user_in_role(
# data, acc_get_role_id("paperattributionlinkviewers")))):
# viewclaimlink = True
data['precached_viewclaimlink'] = viewclaimlink
data['precached_usepaperclaim'] = usepaperclaim
data['precached_usepaperattribution'] = usepaperattribution
timeout = current_app.config.get('CFG_WEBSESSION_EXPIRY_LIMIT_DEFAULT',
0) * 3600
cache.set(acc_key, data, timeout=timeout)
return data
