def check_user_can_view_record(user_info, recid): """Check if the user is authorized to view the given recid. The function grants access in two cases: either user has author rights on this record, or he has view rights to the primary collection this record belongs to. :param user_info: the user_info dictionary that describe the user. :type user_info: user_info dictionary :param recid: the record identifier. :type recid: positive integer :return: (0, ''), when authorization is granted, (>0, 'message') when authorization is not granted """ from invenio.modules.access.engine import acc_authorize_action from invenio.modules.access.local_config import VIEWRESTRCOLL from invenio.modules.collections.cache import is_record_in_any_collection from invenio.legacy.search_engine import record_public_p, record_exists policy = cfg['CFG_WEBSEARCH_VIEWRESTRCOLL_POLICY'].strip().upper() if isinstance(recid, str): recid = int(recid) # At this point, either webcoll has not yet run or there are some # restricted collections. Let's see first if the user own the record. if is_user_owner_of_record(user_info, recid): # Perfect! It's authorized then! return (0, '') if is_user_viewer_of_record(user_info, recid): # Perfect! It's authorized then! return (0, '') restricted_collections = get_restricted_collections_for_recid( recid, recreate_cache_if_needed=False) if not restricted_collections and record_public_p(recid): # The record is public and not part of any restricted collection return (0, '') if restricted_collections: # If there are restricted collections the user must be authorized to # all/any of them (depending on the policy) auth_code, auth_msg = 0, '' for collection in restricted_collections: (auth_code, auth_msg) = acc_authorize_action(user_info, VIEWRESTRCOLL, collection=collection) if auth_code and policy != 'ANY': # Ouch! the user is not authorized to this collection return (auth_code, auth_msg) elif auth_code == 0 and policy == 'ANY': # Good! At least one collection is authorized return (0, '') # Depending on the policy, the user will be either authorized or not return auth_code, auth_msg if is_record_in_any_collection(recid, recreate_cache_if_needed=False): # the record is not in any restricted collection return (0, '') elif record_exists(recid) > 0: # We are in the case where webcoll has not run. # Let's authorize SUPERADMIN (auth_code, auth_msg) = acc_authorize_action(user_info, VIEWRESTRCOLL, collection=None) if auth_code == 0: return (0, '') else: # Too bad. Let's print a nice message: return ( 1, "The record you are trying to access has just been " "submitted to the system and needs to be assigned to the " "proper collections. It is currently restricted for security " "reasons until the assignment will be fully completed. Please " "come back later to properly access this record.") else: # The record either does not exists or has been deleted. # Let's handle these situations outside of this code. return (0, '')
def check_user_can_view_record(user_info, recid): """Check if the user is authorized to view the given recid. The function grants access in two cases: either user has author rights on this record, or he has view rights to the primary collection this record belongs to. :param user_info: the user_info dictionary that describe the user. :type user_info: user_info dictionary :param recid: the record identifier. :type recid: positive integer :return: (0, ''), when authorization is granted, (>0, 'message') when authorization is not granted """ from invenio_records.api import get_record from invenio.modules.access.engine import acc_authorize_action from invenio.modules.access.local_config import VIEWRESTRCOLL from invenio.modules.collections.cache import is_record_in_any_collection from invenio.legacy.search_engine import record_exists policy = cfg["CFG_WEBSEARCH_VIEWRESTRCOLL_POLICY"].strip().upper() if isinstance(recid, str): recid = int(recid) # At this point, either webcoll has not yet run or there are some # restricted collections. Let's see first if the user own the record. if is_user_owner_of_record(user_info, recid): # Perfect! It's authorized then! return (0, "") if is_user_viewer_of_record(user_info, recid): # Perfect! It's authorized then! return (0, "") restricted_collections = get_restricted_collections_for_recid(recid, recreate_cache_if_needed=False) if not restricted_collections and is_record_public(get_record(recid)): # The record is public and not part of any restricted collection return (0, "") if restricted_collections: # If there are restricted collections the user must be authorized to # all/any of them (depending on the policy) auth_code, auth_msg = 0, "" for collection in restricted_collections: (auth_code, auth_msg) = acc_authorize_action(user_info, VIEWRESTRCOLL, collection=collection) if auth_code and policy != "ANY": # Ouch! the user is not authorized to this collection return (auth_code, auth_msg) elif auth_code == 0 and policy == "ANY": # Good! At least one collection is authorized return (0, "") # Depending on the policy, the user will be either authorized or not return auth_code, auth_msg if is_record_in_any_collection(recid, recreate_cache_if_needed=False): # the record is not in any restricted collection return (0, "") elif record_exists(recid) > 0: # We are in the case where webcoll has not run. # Let's authorize SUPERADMIN (auth_code, auth_msg) = acc_authorize_action(user_info, VIEWRESTRCOLL, collection=None) if auth_code == 0: return (0, "") else: # Too bad. Let's print a nice message: return ( 1, "The record you are trying to access has just been " "submitted to the system and needs to be assigned to the " "proper collections. It is currently restricted for security " "reasons until the assignment will be fully completed. Please " "come back later to properly access this record.", ) else: # The record either does not exists or has been deleted. # Let's handle these situations outside of this code. return (0, "")
def is_processed(self): """Return True is recods is processed (not in any collection).""" from invenio.modules.collections.cache import is_record_in_any_collection return not is_record_in_any_collection(self.id, recreate_cache_if_needed=False)
def detailed_record_container_top(self, recid, tabs, ln=CFG_SITE_LANG, show_similar_rec_p=True, creationdate=None, modificationdate=None, show_short_rec_p=True, citationnum=-1, referencenum=-1, discussionnum=-1, include_jquery = False, include_mathjax = False): """Prints the box displayed in detailed records pages, with tabs at the top. Returns content as it is if the number of tabs for this record is smaller than 2 Parameters: @param recid: int - the id of the displayed record @param tabs: ** - the tabs displayed at the top of the box. @param ln: *string* - the language of the page in which the box is displayed @param show_similar_rec_p: *bool* print 'similar records' link in the box @param creationdate: *string* - the creation date of the displayed record @param modificationdate: *string* - the last modification date of the displayed record @param show_short_rec_p: *boolean* - prints a very short version of the record as reminder. @param citationnum: show (this) number of citations in the citations tab @param referencenum: show (this) number of references in the references tab @param discussionnum: show (this) number of comments/reviews in the discussion tab """ from invenio.modules.collections.cache import get_all_restricted_recids from invenio.modules.collections.cache import is_record_in_any_collection # load the right message language _ = gettext_set_language(ln) # Prepare restriction flag restriction_flag = '' if recid in get_all_restricted_recids(): restriction_flag = '<div class="restrictedflag"><span>%s</span></div>' % _("Restricted") elif not is_record_in_any_collection(recid, recreate_cache_if_needed=False): restriction_flag = '<div class="restrictedflag restrictedflag-pending"><span>%s</span></div>' % _("Restricted (Processing Record)") # If no tabs, returns nothing (excepted if restricted) if len(tabs) <= 1: return restriction_flag # Build the tabs at the top of the page out_tabs = '' if len(tabs) > 1: first_tab = True for (label, url, selected, enabled) in tabs: addnum = "" if (citationnum > -1) and url.count("/citation") == 1: addnum = "(" + str(citationnum) + ")" if (referencenum > -1) and url.count("/references") == 1: addnum = "(" + str(referencenum) + ")" if (discussionnum > -1) and url.count("/comments") == 1: addnum = "(" + str(discussionnum) + ")" css_class = [] if selected: css_class.append('on') if first_tab: css_class.append('first') first_tab = False if not enabled: css_class.append('disabled') css_class = ' class="%s"' % ' '.join(css_class) if not enabled: out_tabs += '<li%(class)s><a>%(label)s %(addnum)s</a></li>' % \ {'class':css_class, 'label':label, 'addnum':addnum} else: out_tabs += '<li%(class)s><a href="%(url)s">%(label)s %(addnum)s </a></li>' % \ {'class':css_class, 'url':url, 'label':label, 'addnum':addnum} if out_tabs != '': out_tabs = ''' <div class="detailedrecordtabs"> <div> <ul class="detailedrecordtabs">%s</ul> <div id="tabsSpacer" style="clear:both;height:0px"> </div></div> </div>''' % out_tabs # Add the clip icon and the brief record reminder if necessary record_brief = '' if show_short_rec_p: record_brief = format_record(recID=recid, of='hs', ln=ln) record_brief = '''<div id="detailedrecordshortreminder"> <div id="clip"> </div> <div id="HB"> %(record_brief)s </div> </div> <div style="clear:both;height:1px"> </div> ''' % {'record_brief': record_brief} additional_scripts = "" if include_jquery: additional_scripts += """<script type="text/javascript" src="%s/js/jquery.min.js">' \ '</script>\n""" % (CFG_BASE_URL, ) if include_mathjax: additional_scripts += get_mathjax_header() # Print the content out = """ %(additional_scripts)s<div class="detailedrecordbox"> %(tabs)s <div class="detailedrecordboxcontent"> <div class="top-left-folded"></div> <div class="top-right-folded"></div> <div class="inside"> <!--<div style="height:0.1em;"> </div> <p class="notopgap"> </p>--> %(record_brief)s """ % {'additional_scripts': additional_scripts, 'tabs':out_tabs, 'record_brief':record_brief} out = restriction_flag + out return out
def detailed_record_container_top(self, recid, tabs, ln=CFG_SITE_LANG, show_similar_rec_p=True, creationdate=None, modificationdate=None, show_short_rec_p=True, citationnum=-1, referencenum=-1, discussionnum=-1, include_jquery=False, include_mathjax=False): """Prints the box displayed in detailed records pages, with tabs at the top. Returns content as it is if the number of tabs for this record is smaller than 2 Parameters: @param recid: int - the id of the displayed record @param tabs: ** - the tabs displayed at the top of the box. @param ln: *string* - the language of the page in which the box is displayed @param show_similar_rec_p: *bool* print 'similar records' link in the box @param creationdate: *string* - the creation date of the displayed record @param modificationdate: *string* - the last modification date of the displayed record @param show_short_rec_p: *boolean* - prints a very short version of the record as reminder. @param citationnum: show (this) number of citations in the citations tab @param referencenum: show (this) number of references in the references tab @param discussionnum: show (this) number of comments/reviews in the discussion tab """ from invenio.modules.collections.cache import get_all_restricted_recids from invenio.modules.collections.cache import is_record_in_any_collection # load the right message language _ = gettext_set_language(ln) # Prepare restriction flag restriction_flag = '' if recid in get_all_restricted_recids(): restriction_flag = '<div class="restrictedflag"><span>%s</span></div>' % _( "Restricted") elif not is_record_in_any_collection(recid, recreate_cache_if_needed=False): restriction_flag = '<div class="restrictedflag restrictedflag-pending"><span>%s</span></div>' % _( "Restricted (Processing Record)") # If no tabs, returns nothing (excepted if restricted) if len(tabs) <= 1: return restriction_flag # Build the tabs at the top of the page out_tabs = '' if len(tabs) > 1: first_tab = True for (label, url, selected, enabled) in tabs: addnum = "" if (citationnum > -1) and url.count("/citation") == 1: addnum = "(" + str(citationnum) + ")" if (referencenum > -1) and url.count("/references") == 1: addnum = "(" + str(referencenum) + ")" if (discussionnum > -1) and url.count("/comments") == 1: addnum = "(" + str(discussionnum) + ")" css_class = [] if selected: css_class.append('on') if first_tab: css_class.append('first') first_tab = False if not enabled: css_class.append('disabled') css_class = ' class="%s"' % ' '.join(css_class) if not enabled: out_tabs += '<li%(class)s><a>%(label)s %(addnum)s</a></li>' % \ {'class':css_class, 'label':label, 'addnum':addnum} else: out_tabs += '<li%(class)s><a href="%(url)s">%(label)s %(addnum)s </a></li>' % \ {'class':css_class, 'url':url, 'label':label, 'addnum':addnum} if out_tabs != '': out_tabs = ''' <div class="detailedrecordtabs"> <div> <ul class="detailedrecordtabs">%s</ul> <div id="tabsSpacer" style="clear:both;height:0px"> </div></div> </div>''' % out_tabs # Add the clip icon and the brief record reminder if necessary record_brief = '' if show_short_rec_p: record_brief = format_record(recID=recid, of='hs', ln=ln) record_brief = '''<div id="detailedrecordshortreminder"> <div id="clip"> </div> <div id="HB"> %(record_brief)s </div> </div> <div style="clear:both;height:1px"> </div> ''' % { 'record_brief': record_brief } additional_scripts = "" if include_jquery: additional_scripts += """<script type="text/javascript" src="%s/js/jquery.min.js">' \ '</script>\n""" % (CFG_BASE_URL, ) if include_mathjax: additional_scripts += get_mathjax_header() # Print the content out = """ %(additional_scripts)s<div class="detailedrecordbox"> %(tabs)s <div class="detailedrecordboxcontent"> <div class="top-left-folded"></div> <div class="top-right-folded"></div> <div class="inside"> <!--<div style="height:0.1em;"> </div> <p class="notopgap"> </p>--> %(record_brief)s """ % { 'additional_scripts': additional_scripts, 'tabs': out_tabs, 'record_brief': record_brief } out = restriction_flag + out return out