def get(self, cr_id):
"""
Get dataset from metax and strip it from having sensitive information
:param cr_id: id to use to fetch the record from metax
:return:
"""
is_authd = authentication.is_authenticated()
cr = cr_service.get_catalog_record(cr_id, True, True)
if not cr:
abort(400, message="Unable to get catalog record from Metax")
# Sort data items
sort_array_of_obj_by_key(
cr.get('research_dataset', {}).get('remote_resources', []),
'title')
sort_array_of_obj_by_key(
cr.get('research_dataset', {}).get('directories', []), 'details',
'directory_name')
sort_array_of_obj_by_key(
cr.get('research_dataset', {}).get('files', []), 'details',
'file_name')
ret_obj = {
'catalog_record':
authorization.strip_information_from_catalog_record(cr, is_authd),
'email_info':
get_email_info(cr)
}
if cr_service.is_rems_catalog_record(cr):
ret_obj[
'has_permit'] = authorization.user_has_rems_permission_for_catalog_record(
cr_id, authentication.get_user_id(), is_authd)
return ret_obj, 200
def func(*args, **kwargs):
"""
Log requests.
:param args:
:param kwargs:
:return:
"""
user_id = authentication.get_user_id() if not app.testing else ''
log.info('{0} - {1} - {2} - {3} - {4}'.format(
request.environ['HTTP_X_REAL_IP']
if 'HTTP_X_REAL_IP' in request.environ else 'N/A',
user_id if user_id else '', request.environ['REQUEST_METHOD'],
request.path, request.user_agent))
return f(*args, **kwargs)
def user_is_allowed_to_download_from_ida(catalog_record, is_authd):
"""
Based on catalog record's research_dataset.access_rights.access_type,
decide whether user is allowed to download from Fairdata download service
:param catalog_record:
:param is_authd: Is the user authenticated
:return:
"""
# TODO: After testing with this is done and after test datas have proper ida data catalog identifiers, remove
# TODO: 'not app.debug and' from below
if not app.debug and get_catalog_record_data_catalog_id(catalog_record) != DATA_CATALOG_IDENTIFIERS['ida']:
return False
access_type_id = get_catalog_record_access_type(catalog_record)
if not access_type_id:
return False
if access_type_id == ACCESS_TYPES['open']:
return True
elif access_type_id == ACCESS_TYPES['embargo']:
if _embargo_time_passed(catalog_record):
return True
elif access_type_id == ACCESS_TYPES['restricted']:
return False
elif access_type_id == ACCESS_TYPES['permit']:
return user_has_rems_permission_for_catalog_record(catalog_record['identifier'], get_user_id(), is_authd)
elif access_type_id == ACCESS_TYPES['login']:
if is_authd:
return True
return False
def strip_dir_api_object(dir_api_obj, is_authd, catalog_record):
"""
Based on catalog record's research_dataset.access_rights.access_type,
decide whether to strip dir_api_obj partially or not.
:param dir_api_obj:
:param is_authd: Is the user authenticated
:param catalog_record: Catalog record, to which the dir_api_obj is bound
:return: dir_api_obj after possible modifications
"""
access_type_id = get_catalog_record_access_type(catalog_record)
if not access_type_id:
dir_api_obj = {}
if access_type_id == ACCESS_TYPES['open']:
pass
elif access_type_id == ACCESS_TYPES['embargo']:
if not _embargo_time_passed(catalog_record):
_strip_directory_api_obj_partially(dir_api_obj)
elif access_type_id == ACCESS_TYPES['restricted']:
_strip_directory_api_obj_partially(dir_api_obj)
elif access_type_id == ACCESS_TYPES['permit']:
if not user_has_rems_permission_for_catalog_record(catalog_record['identifier'], get_user_id(), is_authd):
_strip_directory_api_obj_partially(dir_api_obj)
elif access_type_id == ACCESS_TYPES['login']:
if not is_authd:
_strip_directory_api_obj_partially(dir_api_obj)
return dir_api_obj
def strip_information_from_catalog_record(catalog_record, is_authd):
"""
Based on catalog record's research_dataset.access_rights.access_type,
decide whether to strip ida-related file and directory data partially or not. In any case, strip sensitive
information.
:param catalog_record:
:param is_authd: Is the user authenticated
:return: catalog_record after possible modifications
"""
catalog_record = _strip_sensitive_information_from_catalog_record(catalog_record)
access_type_id = get_catalog_record_access_type(catalog_record)
if not access_type_id:
return remove_keys_recursively(catalog_record, ['files', 'directories', 'remote_resources'])
if access_type_id == ACCESS_TYPES['open']:
pass
elif access_type_id == ACCESS_TYPES['embargo']:
if not _embargo_time_passed(catalog_record):
_strip_catalog_record_ida_data_partially(catalog_record)
elif access_type_id == ACCESS_TYPES['restricted']:
_strip_catalog_record_ida_data_partially(catalog_record)
elif access_type_id == ACCESS_TYPES['permit']:
if not user_has_rems_permission_for_catalog_record(catalog_record['identifier'], get_user_id(), is_authd):
_strip_catalog_record_ida_data_partially(catalog_record)
elif access_type_id == ACCESS_TYPES['login']:
if not is_authd:
_strip_catalog_record_ida_data_partially(catalog_record)
return catalog_record