Esempio n. 1
0
def loan_extend_circulation_permission(loan):
    """Return permission to allow only owner and librarians to extend loan."""
    if not has_request_context():
        # not in a request context, probably from CLI
        return allow_all()

    if current_user.is_anonymous:
        abort(401)

    if current_user.id == int(loan["patron_pid"]):
        Document = current_app_ils.document_record_cls
        document_rec = Document.get_record_by_pid(loan["document_pid"])
        document = document_rec.replace_refs()
        is_overbooked = document.get("circulation", {}).get("overbooked")
        if is_overbooked is None:
            # NOTE: this should never happen, if it happens it means that the
            # document does not have `circulation.overbooked` field. Fix it!
            abort(500)
        elif is_overbooked:
            raise InvalidLoanExtendError(
                "The extension cannot be automatically accepted due to high "
                "demand for this literature. Please contact the library to "
                "request a loan extension."
            )
    return PatronOwnerPermission(loan)
Esempio n. 2
0
def file_download_permission(obj):
    """File download permissions."""
    bucket_id = str(obj.bucket_id)
    search_cls = current_app_ils.eitem_search_cls
    results = search_cls().search_by_bucket_id(bucket_id)
    if len(results) != 1:
        return deny_all()

    eitem_cls = current_app_ils.eitem_record_cls
    record = eitem_cls.get_record_by_pid(results[0].pid)
    if record.get("open_access", False):
        return allow_all()
    return authenticated_user_permission()
Esempio n. 3
0
def test_views_permissions_factory(transition):
    """Test permissions factory."""
    return allow_all()
Esempio n. 4
0
def patron_owner_permission(record):
    """Return permission to allow owner and librarian to access the record."""
    if not has_request_context():
        # allows performing the actions out of the request context f.e. CLI
        return allow_all()
    return PatronOwnerPermission(record)
Esempio n. 5
0
#
# REST
#
OAREPO_ENROLLMENT_USER_RESTFUL_SERIALIZATION_CLASS = 'oarepo_enrollments.views.api.UserField'


#
# Permissions
#
def allow_all(*args, **kwargs):
    return type('Allow', (), {'can': lambda self: True})()


# Factory (or import string) returning Permission (or an object with ``can`` method) that limits access to listing
OAREPO_ENROLLMENT_LIST_PERMISSION_FACTORY = lambda **kwargs: allow_all()

# A function (or import string) that takes ``Enrollment.query`` as argument and returns filtered
# query set. The function might, for example, limit the enrollments only to those created
# by the ``current_user``.
OAREPO_ENROLLMENT_LIST_PERMISSION_FILTER = lambda queryset: queryset

# Factory (or import string) that takes ``enrollment: Enrollment`` instance and returns Permission.
OAREPO_ENROLLMENT_RETRIEVE_PERMISSION_FACTORY = lambda enrollment=None, **kwargs: allow_all(
)

# Factory (or import string) that returns Permission representing if user can create an enrollment.
# The factory gets enrollment data passed in request as ``enrollment`` named parameter.
OAREPO_ENROLLMENT_ENROLL_PERMISSION_FACTORY = lambda enrollment=None, **kwargs: allow_all(
)
Esempio n. 6
0
def views_permissions_factory(action):
    """Circulation views permissions factory."""
    if action == 'loan-read-access':
        return allow_all()
    elif action == 'loan-actions':
        return allow_all()
Esempio n. 7
0
    """
    from flask import current_app
    from invenio_jsonschemas import current_jsonschemas
    from werkzeug.routing import Rule
    url_map.add(
        Rule("{0}/<path:path>".format(
            current_app.config['JSONSCHEMAS_ENDPOINT']),
             endpoint=current_jsonschemas.get_schema,
             host=current_app.config['SERVER_NAME']))


# global config
FLASK_TAXONOMIES_URL_PREFIX = '/2.0/taxonomies/'

FLASK_TAXONOMIES_PERMISSION_FACTORIES = {
    'taxonomy_list': [allow_all()],
    'taxonomy_read': [allow_all()],
    'taxonomy_create': [deny_all()],
    'taxonomy_update': [deny_all()],
    'taxonomy_delete': [deny_all()],
    'taxonomy_term_read': [allow_all()],
    'taxonomy_term_create': [deny_all()],
    'taxonomy_term_update': [deny_all()],
    'taxonomy_term_delete': [deny_all()],
    'taxonomy_term_move': [deny_all()]
}

PREFERRED_URL_SCHEME = 'https'
RATELIMIT_ENABLED = True
RATELIMIT_PER_ENDPOINT = {
    'oarepo_records_draft.draft-datasets_presigned_part':