コード例 #1
0
    def _get_config_for_search(self, domain, index_type, account):
        # load the query route config and the path we are being requested for
        qrs = app.config.get("QUERY_ROUTE", {})

        # get the configuration for this url route
        route_cfg = None
        for key in qrs:
            if domain == key:
                route_cfg = qrs.get(key)
                break

        if route_cfg is None:
            raise exceptions.AuthoriseException(
                exceptions.AuthoriseException.NOT_AUTHORISED)

        cfg = route_cfg.get(index_type)
        if cfg is None:
            raise exceptions.AuthoriseException(
                exceptions.AuthoriseException.NOT_AUTHORISED)

        # does the user have to be authenticated
        if cfg.get("auth", True):
            if account is None:
                raise exceptions.AuthoriseException(
                    exceptions.AuthoriseException.NOT_AUTHORISED)

            # if so, does the user require a role
            role = cfg.get("role")
            if role is not None and not account.has_role(role):
                raise exceptions.AuthoriseException(
                    exceptions.AuthoriseException.WRONG_ROLE)

        return cfg
コード例 #2
0
ファイル: authorisation.py プロジェクト: mauromsl/doaj
    def can_view_application(self, account, application):
        """
        Is the given account allowed to view the update request application

        :param account: the account doing the action
        :param application: the application the account wants to edit
        :return:
        """
        # first validate the incoming arguments to ensure that we've got the right thing
        argvalidate("can_edit_update_request", [
            {
                "arg": account,
                "instance": models.Account,
                "allow_none": False,
                "arg_name": "account"
            },
            {
                "arg": application,
                "instance": models.Suggestion,
                "allow_none": False,
                "arg_name": "application"
            },
        ], exceptions.ArgumentException)

        # if this is the super user, they have all rights
        if account.is_super:
            return True
        if not account.has_role("publisher"):
            raise exceptions.AuthoriseException(
                reason=exceptions.AuthoriseException.WRONG_ROLE)
        if account.id != application.owner:
            raise exceptions.AuthoriseException(
                reason=exceptions.AuthoriseException.NOT_OWNER)

        return True
コード例 #3
0
    def _get_query(self, cfg, raw_query):
        query = Query()
        if raw_query is not None:
            query = Query(raw_query)

        # validate the query, to make sure it is of a permitted form
        if not self._validate_query(cfg, query):
            raise exceptions.AuthoriseException()

        # add any required filters to the query
        query = self._pre_filter_search_query(cfg, query)
        return query
コード例 #4
0
ファイル: authorisation.py プロジェクト: mauromsl/doaj
    def can_create_update_request(self, account, journal):
        """
        Is the given account allowed to create an update request from the given journal

        :param account: the account doing the action
        :param journal: the journal the account wants to create an update request from
        :return:
        """
        # first validate the incoming arguments to ensure that we've got the right thing
        argvalidate("can_create_update_request", [
            {
                "arg": account,
                "instance": models.Account,
                "allow_none": False,
                "arg_name": "account"
            },
            {
                "arg": journal,
                "instance": models.Journal,
                "allow_none": False,
                "arg_name": "journal"
            },
        ], exceptions.ArgumentException)

        # if this is the super user, they have all rights
        if account.is_super:
            return True

        if not account.has_role("publisher"):
            raise exceptions.AuthoriseException(
                reason=exceptions.AuthoriseException.WRONG_ROLE)
        if account.id != journal.owner:
            raise exceptions.AuthoriseException(
                reason=exceptions.AuthoriseException.NOT_OWNER)

        return True
コード例 #5
0
    def search(self, domain, index_type, raw_query, account,
               additional_parameters):
        cfg = self._get_config_for_search(domain, index_type, account)

        # check that the request values permit a query to this endpoint
        required_parameters = cfg.get("required_parameters")
        if required_parameters is not None:
            for k, vs in required_parameters.iteritems():
                val = additional_parameters.get(k)
                if val is None or val not in vs:
                    raise exceptions.AuthoriseException()

        dao_klass = self._get_dao_klass(cfg)

        # get the query
        query = self._get_query(cfg, raw_query)

        # send the query
        res = dao_klass.query(q=query.as_dict())

        # filter the results as needed
        res = self._post_filter_search_results(cfg, res)

        return res
コード例 #6
0
ファイル: application.py プロジェクト: katrinleinweber/doaj
    def accept_application(self,
                           application,
                           account,
                           manual_update=True,
                           provenance=True,
                           save_journal=True,
                           save_application=True):
        """
        Take the given application and create the Journal object in DOAJ for it.

        The account provided must have permission to create journals from applications.

        :param application: The application to be converted
        :param account: The account doing the conversion
        :param manual_update: Whether to record this update as a manual update on both the application and journal objects
        :param provenance: Whether to write provenance records for this operation
        :param save_journal: Whether to save the journal that is produced
        :param save_application: Whether to save the application after it has been modified
        :return: The journal that was created
        """
        # first validate the incoming arguments to ensure that we've got the right thing
        argvalidate("accept_application", [{
            "arg": application,
            "instance": models.Suggestion,
            "allow_none": False,
            "arg_name": "application"
        }, {
            "arg": account,
            "instance": models.Account,
            "allow_none": False,
            "arg_name": "account"
        }, {
            "arg": manual_update,
            "instance": bool,
            "allow_none": False,
            "arg_name": "manual_update"
        }, {
            "arg": provenance,
            "instance": bool,
            "allow_none": False,
            "arg_name": "provenance"
        }, {
            "arg": save_journal,
            "instance": bool,
            "allow_none": False,
            "arg_name": "save_journal"
        }, {
            "arg": save_application,
            "instance": bool,
            "allow_none": False,
            "arg_name": "save_application"
        }], exceptions.ArgumentException)

        if app.logger.isEnabledFor("debug"):
            app.logger.debug("Entering accept_application")

        # ensure that the account holder has a suitable role
        if not account.has_role("accept_application"):
            raise exceptions.AuthoriseException(
                message="User {x} is not permitted to accept application {y}".
                format(x=account.id, y=application.id),
                reason=exceptions.AuthoriseException.WRONG_ROLE)

        # ensure the application status is "accepted"
        if application.application_status != constants.APPLICATION_STATUS_ACCEPTED:
            application.set_application_status(
                constants.APPLICATION_STATUS_ACCEPTED)

        # make the resulting journal (and save it if requested)
        j = self.application_2_journal(application,
                                       manual_update=manual_update)
        if save_journal is True:
            saved = j.save()
            if saved is None:
                raise exceptions.SaveException(
                    "Save of resulting journal in accept_application failed")

        # retrieve the id of the current journal if there is one
        cj = application.current_journal

        # if there is a current_journal record, remove it
        if cj is not None:
            application.remove_current_journal()

        # set the relationship with the journal
        application.set_related_journal(j.id)

        # if we were asked to record this as a manual update, record that on the application
        # (the journal is done implicitly above)
        if manual_update:
            application.set_last_manual_update()

        if provenance:
            # record the event in the provenance tracker
            models.Provenance.make(account,
                                   constants.PROVENANCE_STATUS_ACCEPTED,
                                   application)

        # save the application if requested
        if save_application is True:
            application.save()

        if app.logger.isEnabledFor("debug"):
            app.logger.debug("Completed accept_application")

        return j
コード例 #7
0
ファイル: application.py プロジェクト: katrinleinweber/doaj
    def reject_application(self,
                           application,
                           account,
                           provenance=True,
                           note=None,
                           manual_update=True):
        """
        Reject an application.  This will:
        * set the application status to "rejected" (if not already)
        * remove the current_journal field, and move it to related_journal (if needed)
        * remove the current_application field from the related journal (if needed)
        * save the application
        * write a provenance record for the rejection (if requested)

        :param application:
        :param account:
        :param provenance:
        :param manual_update:
        :return:
        """
        # first validate the incoming arguments to ensure that we've got the right thing
        argvalidate("reject_application", [{
            "arg": application,
            "instance": models.Suggestion,
            "allow_none": False,
            "arg_name": "application"
        }, {
            "arg": account,
            "instance": models.Account,
            "allow_none": False,
            "arg_name": "account"
        }, {
            "arg": provenance,
            "instance": bool,
            "allow_none": False,
            "arg_name": "provenance"
        }, {
            "arg": note,
            "instance": basestring,
            "allow_none": True,
            "arg_name": "note"
        }, {
            "arg": manual_update,
            "instance": bool,
            "allow_none": False,
            "arg_name": "manual_update"
        }], exceptions.ArgumentException)

        if app.logger.isEnabledFor("debug"):
            app.logger.debug("Entering reject_application")

        journalService = DOAJ.journalService()

        # check we're allowed to carry out this action
        if not account.has_role("reject_application"):
            raise exceptions.AuthoriseException(
                message="This user is not allowed to reject applications",
                reason=exceptions.AuthoriseException.WRONG_ROLE)

        # ensure the application status is "rejected"
        if application.application_status != constants.APPLICATION_STATUS_REJECTED:
            application.set_application_status(
                constants.APPLICATION_STATUS_REJECTED)

        # add the note to the application
        if note is not None:
            application.add_note(note)

        # retrieve the id of the current journal if there is one
        cj_id = application.current_journal
        cj = None

        # if there is a current_journal record, remove it, and record
        # it as a related journal.  This will let us come back later and know
        # which journal record this was intended as an update against if needed.
        if cj_id is not None:
            cj, _ = journalService.journal(cj_id)
            application.remove_current_journal()
            if cj is not None:
                application.set_related_journal(cj_id)
                cj.remove_current_application()

        # if there is a current journal, we will have modified it above, so save it
        if cj is not None:
            saved = cj.save()
            if saved is None:
                raise exceptions.SaveException(
                    "Save on current_journal in reject_application failed")

        # if we were asked to record this as a manual update, record that on the application
        if manual_update:
            application.set_last_manual_update()

        saved = application.save()
        if saved is None:
            raise exceptions.SaveException(
                "Save on application in reject_application failed")

        # record a provenance record that this action took place
        if provenance:
            models.Provenance.make(account,
                                   constants.PROVENANCE_STATUS_REJECTED,
                                   application)

        if app.logger.isEnabledFor("debug"):
            app.logger.debug("Completed reject_application")