コード例 #1
0
class UserInfo(CombinedMultiDict, UserMixin):

    """Provide legacy implementation.

    Methods that Flask-Login and Invenio 1.x expect user objects to have.
    """

    def __init__(self, uid=None, force=False):
        """Retrieve information about user."""
        def on_update(self):
            """Change own status when the user info is modified."""
            self.modified = True

        self.modified = False
        self.uid = uid
        self.req = self._get_request_info()
        acc = {}

        if uid is not None and uid > 0:
            data = self._login(uid, force)
            acc = self._precache(data, force)
        else:
            data = self._create_guest()

        self.info = CallbackDict(data, on_update)
        # FIXME remove req after everybody start using flask request.
        CombinedMultiDict.__init__(self, [self.req, self.info, acc,
                                          dict(CFG_USER_DEFAULT_INFO)])
        self.save()

    def get_key(self):
        """Generate key for caching user information."""
        key = 'current_user::' + str(self.uid)
        return key

    def get_acc_key(self):
        """Generate key for caching autorizations."""
        remote_ip = str(request.remote_addr) if has_request_context() else '0'
        return 'current_user::' + str(self.uid) + '::' + remote_ip

    def save(self):
        """Save modified data pernamently for logged users."""
        if not self.is_guest and self.modified:
            timeout = current_app.config.get(
                'CFG_WEBSESSION_EXPIRY_LIMIT_DEFAULT', 0)*3600
            cache.set(self.get_key(), dict(self.info),
                      timeout=timeout)

    def reload(self):
        """Reload user login information and saves them."""
        data = self._login(self.uid, force=True)
        acc = self._precache(data, force=True)
        self.info.update(data)
        CombinedMultiDict.__init__(self, [self.req, self.info, acc,
                                          dict(CFG_USER_DEFAULT_INFO)])
        self.save()

    def update_request_info(self):
        """Update request information."""
        self.req = self._get_request_info()

    def _get_request_info(self):
        """Get request information."""
        # FIXME: we should support IPV6 too. (hint for FireRole)
        data = {}
        if has_request_context():
            data['remote_ip'] = request.remote_addr or ''
            data['remote_host'] = request.environ.get('REMOTE_HOST', '')
            data['referer'] = request.referrer
            data['uri'] = request.environ['PATH_INFO'] or ''
            data['agent'] = request.headers.get('User-Agent', 'N/A')
        return data

    def _create_guest(self):
        data = {'settings': {}}
        # Minimal information about user.
        data['id'] = data['uid'] = 0
        return data

    def _login(self, uid, force=False):
        """Get account information about currently logged user from database.

        Should raise an exception when session.uid is not valid User.id.
        """
        data = cache.get(self.get_key())
        if not force and data is not None:
            return data

        from invenio.modules.accounts.models import User
        data = {}

        try:
            user = User.query.get(uid)
            data['id'] = data['uid'] = user.id or -1
            data['nickname'] = user.nickname or ''
            data['given_names'] = user.given_names or ''
            data['family_name'] = user.family_name or ''
            data['email'] = user.email or ''
            data['note'] = user.note or ''
            data['group'] = map(lambda x: x.usergroup.name,
                                user.usergroups or [])
            data.update(user.settings or {})
            data['settings'] = user.settings or {}
            data['guest'] = str(int(user.guest))  # '1' or '0'
            self.modified = True
        except Exception:
            data = self._create_guest()

        return data

    def _precache(self, info, force=False):
        """Calculate prermitions for user actions.

        FIXME: compatibility layer only !!!
        """
        CFG_BIBAUTHORID_ENABLED = current_app.config.get(
            'CFG_BIBAUTHORID_ENABLED', False)
        # get autorization key
        acc_key = self.get_acc_key()
        acc = cache.get(acc_key)
        if not force and acc_key is not None and acc is not None:
            return acc

        # FIXME: acc_authorize_action should use flask request directly
        user_info = info
        user_info.update(self.req)

        from invenio.legacy.webuser import isUserSubmitter, isUserReferee, \
            isUserAdmin, isUserSuperAdmin
        from invenio.modules.access.engine import acc_authorize_action
        from invenio.modules.access.control import acc_get_role_id, \
            acc_is_user_in_role
        from invenio.modules.search.utils import \
            get_permitted_restricted_collections

        data = {}
        data['precached_permitted_restricted_collections'] = \
            get_permitted_restricted_collections(user_info)
        data['precached_usebaskets'] = acc_authorize_action(
            user_info, 'usebaskets')[0] == 0
        data['precached_useloans'] = acc_authorize_action(
            user_info, 'useloans')[0] == 0
        data['precached_usegroups'] = acc_authorize_action(
            user_info, 'usegroups')[0] == 0
        data['precached_usealerts'] = acc_authorize_action(
            user_info, 'usealerts')[0] == 0
        data['precached_usemessages'] = acc_authorize_action(
            user_info, 'usemessages')[0] == 0
        data['precached_usestats'] = acc_authorize_action(
            user_info, 'runwebstatadmin')[0] == 0
        try:
            data['precached_viewsubmissions'] = isUserSubmitter(user_info)
        except Exception:
            data['precached_viewsubmissions'] = None
        data['precached_useapprove'] = isUserReferee(user_info)
        data['precached_useadmin'] = isUserAdmin(user_info)
        data['precached_usesuperadmin'] = isUserSuperAdmin(user_info)
        data['precached_canseehiddenmarctags'] = acc_authorize_action(
            user_info, 'runbibedit')[0] == 0
        usepaperclaim = False
        usepaperattribution = False
        viewclaimlink = False

        if (CFG_BIBAUTHORID_ENABLED and acc_is_user_in_role(
                user_info, acc_get_role_id("paperclaimviewers"))):
            usepaperclaim = True

        if (CFG_BIBAUTHORID_ENABLED and acc_is_user_in_role(
                user_info, acc_get_role_id("paperattributionviewers"))):
            usepaperattribution = True

        viewlink = False
        try:
            viewlink = session['personinfo']['claim_in_process']
        except (KeyError, TypeError):
            pass

        if (current_app.config.get('CFG_BIBAUTHORID_ENABLED') and
           usepaperattribution and viewlink):
            viewclaimlink = True

#       if (CFG_BIBAUTHORID_ENABLED
#               and ((usepaperclaim or usepaperattribution)
#               and acc_is_user_in_role(
#                   data, acc_get_role_id("paperattributionlinkviewers")))):
#           viewclaimlink = True

        data['precached_viewclaimlink'] = viewclaimlink
        data['precached_usepaperclaim'] = usepaperclaim
        data['precached_usepaperattribution'] = usepaperattribution

        timeout = current_app.config.get(
            'CFG_WEBSESSION_EXPIRY_LIMIT_DEFAULT', 0)*3600
        cache.set(acc_key, data,
                  timeout=timeout)
        return data

    def is_authenticated(self):
        """Check if user is authenticated."""
        return not self.is_guest

    def is_authorized(self, name, **kwargs):
        """Check if user is authorized."""
        from invenio.modules.access.engine import acc_authorize_action
        return acc_authorize_action(self, name)[0] == 0

    def is_active(self):
        """Check if user is active."""
        return not self.is_guest

    def is_confirmed(self):
        """Return true if accounts has been confirmed."""
        return self['note'] == "1"

    @property
    def is_guest(self):
        """Check if user is guest."""
        return True if self['email'] == '' else False

    @property
    def is_admin(self):
        """Check if user is admin."""
        return self.get('precached_useadmin', False)

    @property
    def is_super_admin(self):
        """Check if user is super admin."""
        return self.get('precached_usesuperadmin', False)

    def get_id(self):
        """Get user id."""
        return self.get('id', -1)
コード例 #2
0
class UserInfo(CombinedMultiDict, UserMixin):
    def __init__(self, uid=None, force=False):
        """
        Keeps information about user.
        """
        def on_update(self):
            """ Changes own status when the user info is modified. """
            self.modified = True

        self.modified = False
        self.uid = uid
        self.req = self._get_request_info()
        acc = {}

        if uid > 0:
            data = self._login(uid, force)
            acc = self._precache(data, force)
        else:
            data = self._create_guest()

        self.info = CallbackDict(data, on_update)
        #FIXME remove req after everybody start using flask request.
        CombinedMultiDict.__init__(
            self, [self.req, self.info, acc,
                   dict(CFG_USER_DEFAULT_INFO)])
        self.save()

    def get_key(self):
        """ Generates key for caching user information. """
        key = 'current_user::' + str(self.uid)
        return key

    def get_acc_key(self):
        """ Generates key for caching autorizations. """
        remote_ip = str(request.remote_addr) if has_request_context() else '0'
        return 'current_user::' + str(self.uid) + '::' + remote_ip

    def save(self):
        """
        Saves modified data pernamently for logged users.
        """
        if not self.is_guest and self.modified:
            cache.set(self.get_key(),
                      dict(self.info),
                      timeout=CFG_WEBSESSION_EXPIRY_LIMIT_DEFAULT * 3600)

    def reload(self):
        """
        Reloads user login information and saves them.
        """
        data = self._login(self.uid, force=True)
        acc = self._precache(data, force=True)
        self.info.update(data)
        CombinedMultiDict.__init__(
            self, [self.req, self.info, acc,
                   dict(CFG_USER_DEFAULT_INFO)])
        self.save()

    def update_request_info(self):
        self.req = self._get_request_info()

    def _get_request_info(self):
        """
        Get request information.
        """

        #FIXME: we should support IPV6 too. (hint for FireRole)
        data = {}
        if has_request_context():
            data['remote_ip'] = request.remote_addr or ''
            data['remote_host'] = request.environ.get('REMOTE_HOST', '')
            data['referer'] = request.referrer
            data['uri'] = request.environ['PATH_INFO'] or ''
            data['agent'] = request.headers.get('User-Agent', 'N/A')
            #data['session'] = session.sid
        return data

    def _create_guest(self):
        data = {'settings': {}}

        if CFG_WEBSESSION_DIFFERENTIATE_BETWEEN_GUESTS:
            from invenio.sqlalchemyutils import db
            from invenio.websession_model import User
            note = '1' if CFG_ACCESS_CONTROL_LEVEL_GUESTS == 0 else '0'
            u = User(email='', note=note, password='******')
            db.session.add(u)
            db.session.commit()
            data.update(u.__dict__)
        else:
            # Minimal information about user.
            data['id'] = data['uid'] = 0

        return data

    def _login(self, uid, force=False):
        """
        Get account information about currently logged user from database.

        Should raise an exception when session.uid is not valid User.id.
        """
        data = cache.get(self.get_key())
        if not force and data is not None:
            return data

        from invenio.websession_model import User
        data = {}

        try:
            user = User.query.get(uid)
            data['id'] = data['uid'] = user.id or -1
            data['nickname'] = user.nickname or ''
            data['email'] = user.email or ''
            data['note'] = user.note or ''
            data.update(user.settings or {})
            data['settings'] = user.settings or {}
            data['guest'] = str(int(user.guest))  # '1' or '0'
            self.modified = True
        except:
            data = self._create_guest()

        return data

    def _precache(self, info, force=False):
        """
        Calculate prermitions for user actions.

        FIXME: compatibility layer only !!!
        """
        # get autorization key
        acc_key = self.get_acc_key()
        acc = cache.get(acc_key)
        if not force and acc_key is not None and acc is not None:
            return acc

        #FIXME: acc_authorize_action should use flask request directly
        user_info = info
        user_info.update(self.req)

        from invenio.webuser import isUserSubmitter, isUserReferee, \
            isUserAdmin, isUserSuperAdmin
        from invenio.access_control_engine import acc_authorize_action
        from invenio.access_control_admin import acc_get_role_id, \
            acc_is_user_in_role
        from invenio.search_engine import get_permitted_restricted_collections

        data = {}
        data['precached_permitted_restricted_collections'] = \
            get_permitted_restricted_collections(user_info)
        data['precached_usebaskets'] = acc_authorize_action(
            user_info, 'usebaskets')[0] == 0
        data['precached_useloans'] = acc_authorize_action(
            user_info, 'useloans')[0] == 0
        data['precached_usegroups'] = acc_authorize_action(
            user_info, 'usegroups')[0] == 0
        data['precached_usealerts'] = acc_authorize_action(
            user_info, 'usealerts')[0] == 0
        data['precached_usemessages'] = acc_authorize_action(
            user_info, 'usemessages')[0] == 0
        data['precached_usestats'] = acc_authorize_action(
            user_info, 'runwebstatadmin')[0] == 0
        data['precached_viewsubmissions'] = isUserSubmitter(user_info)
        data['precached_useapprove'] = isUserReferee(user_info)
        data['precached_useadmin'] = isUserAdmin(user_info)
        data['precached_usesuperadmin'] = isUserSuperAdmin(user_info)
        data['precached_canseehiddenmarctags'] = acc_authorize_action(
            user_info, 'runbibedit')[0] == 0
        usepaperclaim = False
        usepaperattribution = False
        viewclaimlink = False

        if (CFG_BIBAUTHORID_ENABLED and acc_is_user_in_role(
                user_info, acc_get_role_id("paperclaimviewers"))):
            usepaperclaim = True

        if (CFG_BIBAUTHORID_ENABLED and acc_is_user_in_role(
                user_info, acc_get_role_id("paperattributionviewers"))):
            usepaperattribution = True

        viewlink = False
        try:
            viewlink = session['personinfo']['claim_in_process']
        except (KeyError, TypeError):
            pass

        if (CFG_BIBAUTHORID_ENABLED and usepaperattribution and viewlink):
            viewclaimlink = True


#                if (CFG_BIBAUTHORID_ENABLED
#                    and ((usepaperclaim or usepaperattribution)
#                         and acc_is_user_in_role(data, acc_get_role_id("paperattributionlinkviewers")))):
#                    viewclaimlink = True

        data['precached_viewclaimlink'] = viewclaimlink
        data['precached_usepaperclaim'] = usepaperclaim
        data['precached_usepaperattribution'] = usepaperattribution

        cache.set(acc_key,
                  data,
                  timeout=CFG_WEBSESSION_EXPIRY_LIMIT_DEFAULT * 3600)
        return data

    def is_authenticated(self):
        return not self.is_guest

    def is_authorized(self, name, **kwargs):
        from invenio.access_control_engine import acc_authorize_action
        return acc_authorize_action(self, name)[0] == 0

    def is_active(self):
        return not self.is_guest

    @property
    def is_guest(self):
        return True if self['email'] == '' else False

    @property
    def is_admin(self):
        return self.get('precached_useadmin', False)

    @property
    def is_super_admin(self):
        return self.get('precached_usesuperadmin', False)

    def get_id(self):
        return self.get('id', -1)
コード例 #3
0
ファイル: legacy_user.py プロジェクト: jirikuncar/invenio-ext
class UserInfo(CombinedMultiDict, UserMixin):

    """Provide legacy implementation.

    Methods that Flask-Login and Invenio 1.x expect user objects to have.
    """

    def __init__(self, uid=None, force=False):
        """Retrieve information about user."""

        def on_update(self):
            """Change own status when the user info is modified."""
            self.modified = True

        self.modified = False
        self.uid = uid
        self.req = self._get_request_info()
        acc = {}

        if uid is not None and uid > 0:
            data = self._login(uid, force)
            acc = self._precache(data, force)
        else:
            data = self._create_guest()

        self.info = CallbackDict(data, on_update)
        # FIXME remove req after everybody start using flask request.
        CombinedMultiDict.__init__(self, [self.req, self.info, acc, dict(CFG_USER_DEFAULT_INFO)])
        self.save()

    def get_key(self):
        """Generate key for caching user information."""
        key = "current_user::" + str(self.uid)
        return key

    def get_acc_key(self):
        """Generate key for caching authorizations."""
        remote_ip = str(request.remote_addr) if has_request_context() else "0"
        return "current_user::" + str(self.uid) + "::" + remote_ip

    def save(self):
        """Save modified data permanently for logged users."""
        if not self.is_guest and self.modified:
            timeout = current_app.config.get("CFG_WEBSESSION_EXPIRY_LIMIT_DEFAULT", 0) * 3600
            cache.set(self.get_key(), dict(self.info), timeout=timeout)

    def reload(self):
        """Reload user login information and saves them."""
        data = self._login(self.uid, force=True)
        acc = self._precache(data, force=True)
        self.info.update(data)
        CombinedMultiDict.__init__(self, [self.req, self.info, acc, dict(CFG_USER_DEFAULT_INFO)])
        self.save()

    def update_request_info(self):
        """Update request information."""
        self.req = self._get_request_info()

    def _get_request_info(self):
        """Get request information."""
        # FIXME: we should support IPV6 too. (hint for FireRole)
        data = {}
        if has_request_context():
            data["remote_ip"] = request.remote_addr or ""
            data["remote_host"] = request.environ.get("REMOTE_HOST", "")
            data["referer"] = request.referrer
            data["uri"] = request.environ["PATH_INFO"] or ""
            data["agent"] = request.headers.get("User-Agent", "N/A")
        return data

    def _create_guest(self):
        # Minimal information about user.
        return {"settings": {}, "id": 0, "uid": 0}

    def _login(self, uid, force=False):
        """Get account information about currently logged user from database.

        Should raise an exception when session.uid is not valid User.id.
        """
        data = cache.get(self.get_key())
        if not force and data is not None:
            return data

        from invenio_accounts.models import User

        data = {}

        try:
            user = User.query.get(uid)
            data["id"] = data["uid"] = user.id or -1
            data["nickname"] = user.nickname or ""
            data["given_names"] = user.given_names or ""
            data["family_name"] = user.family_name or ""
            data["email"] = user.email or ""
            data["note"] = user.note or ""
            data["group"] = map(lambda x: x.group.name, getattr(user, "groups", []))
            data.update(user.settings or {})
            data["settings"] = user.settings or {}
            data["guest"] = str(int(user.guest))  # '1' or '0'
            self.modified = True
        except Exception:
            data = self._create_guest()

        return data

    def _precache(self, info, force=False):
        """Calculate permissions for user actions.

        FIXME: compatibility layer only !!!
        """
        CFG_BIBAUTHORID_ENABLED = current_app.config.get("CFG_BIBAUTHORID_ENABLED", False)
        # get authorization key
        acc_key = self.get_acc_key()
        acc = cache.get(acc_key)
        if not force and acc_key is not None and acc is not None:
            return acc

        # FIXME: acc_authorize_action should use flask request directly
        user_info = info
        user_info.update(self.req)

        from invenio.legacy.webuser import isUserSubmitter, isUserReferee, isUserAdmin, isUserSuperAdmin
        from invenio_access.engine import acc_authorize_action
        from invenio_access.control import acc_get_role_id, acc_is_user_in_role
        from invenio_search.utils import get_permitted_restricted_collections
        from invenio_deposit.cache import get_authorized_deposition_types

        data = {}
        data["precached_permitted_restricted_collections"] = get_permitted_restricted_collections(user_info)
        data["precached_allowed_deposition_types"] = get_authorized_deposition_types(user_info)
        data["precached_useloans"] = acc_authorize_action(user_info, "useloans")[0] == 0
        data["precached_usegroups"] = acc_authorize_action(user_info, "usegroups")[0] == 0
        data["precached_usemessages"] = acc_authorize_action(user_info, "usemessages")[0] == 0
        try:
            data["precached_viewsubmissions"] = isUserSubmitter(user_info)
        except Exception:
            data["precached_viewsubmissions"] = None
        data["precached_useapprove"] = isUserReferee(user_info)
        data["precached_useadmin"] = isUserAdmin(user_info)
        data["precached_usesuperadmin"] = isUserSuperAdmin(user_info)
        data["precached_canseehiddenmarctags"] = acc_authorize_action(user_info, "runbibedit")[0] == 0
        usepaperclaim = False
        usepaperattribution = False
        viewclaimlink = False

        if CFG_BIBAUTHORID_ENABLED and acc_is_user_in_role(user_info, acc_get_role_id("paperclaimviewers")):
            usepaperclaim = True

        if CFG_BIBAUTHORID_ENABLED and acc_is_user_in_role(user_info, acc_get_role_id("paperattributionviewers")):
            usepaperattribution = True

        viewlink = False
        try:
            viewlink = session["personinfo"]["claim_in_process"]
        except (KeyError, TypeError):
            pass

        if current_app.config.get("CFG_BIBAUTHORID_ENABLED") and usepaperattribution and viewlink:
            viewclaimlink = True

        #       if (CFG_BIBAUTHORID_ENABLED
        #               and ((usepaperclaim or usepaperattribution)
        #               and acc_is_user_in_role(
        #                   data, acc_get_role_id("paperattributionlinkviewers")))):
        #           viewclaimlink = True

        data["precached_viewclaimlink"] = viewclaimlink
        data["precached_usepaperclaim"] = usepaperclaim
        data["precached_usepaperattribution"] = usepaperattribution

        timeout = current_app.config.get("CFG_WEBSESSION_EXPIRY_LIMIT_DEFAULT", 0) * 3600
        cache.set(acc_key, data, timeout=timeout)
        return data

    def is_authenticated(self):
        """Check if user is authenticated."""
        return not self.is_guest

    def is_authorized(self, name, **kwargs):
        """Check if user is authorized."""
        from invenio_access.engine import acc_authorize_action

        return acc_authorize_action(self, name)[0] == 0

    def is_active(self):
        """Check if user is active."""
        return not self.is_guest

    def is_confirmed(self):
        """Return true if accounts has been confirmed."""
        return self["note"] == "1"

    @property
    def is_guest(self):
        """Check if user is guest."""
        return True if self["email"] == "" else False

    @property
    def is_admin(self):
        """Check if user is admin."""
        return self.get("precached_useadmin", False)

    @property
    def is_super_admin(self):
        """Check if user is super admin."""
        return self.get("precached_usesuperadmin", False)

    def get_id(self):
        """Get user id."""
        return self.get("id", -1)
コード例 #4
0
ファイル: legacy_user.py プロジェクト: egabancho/invenio-ext
class UserInfo(CombinedMultiDict, UserMixin):

    """Provide legacy implementation.

    Methods that Flask-Login and Invenio 1.x expect user objects to have.
    """

    def __init__(self, uid=None, force=False):
        """Retrieve information about user."""
        def on_update(self):
            """Change own status when the user info is modified."""
            self.modified = True

        self.modified = False
        self.uid = uid
        self.req = self._get_request_info()
        acc = {}

        if uid is not None and uid > 0:
            data = self._login(uid, force)
            acc = self._precache(data, force)
        else:
            data = self._create_guest()

        self.info = CallbackDict(data, on_update)
        # FIXME remove req after everybody start using flask request.
        CombinedMultiDict.__init__(self, [self.req, self.info, acc,
                                          dict(CFG_USER_DEFAULT_INFO)])
        self.save()

    def get_key(self):
        """Generate key for caching user information."""
        key = 'current_user::' + str(self.uid)
        return key

    def get_acc_key(self):
        """Generate key for caching authorizations."""
        remote_ip = str(request.remote_addr) if has_request_context() else '0'
        return 'current_user::' + str(self.uid) + '::' + remote_ip

    def save(self):
        """Save modified data permanently for logged users."""
        if not self.is_guest and self.modified:
            timeout = current_app.config.get(
                'CFG_WEBSESSION_EXPIRY_LIMIT_DEFAULT', 0) * 3600
            cache.set(self.get_key(), dict(self.info),
                      timeout=timeout)

    def reload(self):
        """Reload user login information and saves them."""
        data = self._login(self.uid, force=True)
        acc = self._precache(data, force=True)
        self.info.update(data)
        CombinedMultiDict.__init__(self, [self.req, self.info, acc,
                                          dict(CFG_USER_DEFAULT_INFO)])
        self.save()

    def update_request_info(self):
        """Update request information."""
        self.req = self._get_request_info()

    def _get_request_info(self):
        """Get request information."""
        # FIXME: we should support IPV6 too. (hint for FireRole)
        data = {}
        if has_request_context():
            data['remote_ip'] = request.remote_addr or ''
            data['remote_host'] = request.environ.get('REMOTE_HOST', '')
            data['referer'] = request.referrer
            data['uri'] = request.environ['PATH_INFO'] or ''
            data['agent'] = request.headers.get('User-Agent', 'N/A')
        return data

    def _create_guest(self):
        # Minimal information about user.
        return {'settings': {}, 'id': 0, 'uid': 0}

    def _login(self, uid, force=False):
        """Get account information about currently logged user from database.

        Should raise an exception when session.uid is not valid User.id.
        """
        data = cache.get(self.get_key())
        if not force and data is not None:
            return data

        from invenio_accounts.models import User
        data = {}

        try:
            user = User.query.get(uid)
            data['id'] = data['uid'] = user.id or -1
            data['nickname'] = user.nickname or ''
            data['given_names'] = user.given_names or ''
            data['family_name'] = user.family_name or ''
            data['email'] = user.email or ''
            data['note'] = user.note or ''
            data['group'] = map(lambda x: x.group.name,
                                getattr(user, 'groups', []))
            data.update(user.settings or {})
            data['settings'] = user.settings or {}
            data['guest'] = str(int(user.guest))  # '1' or '0'
            self.modified = True
        except Exception:
            data = self._create_guest()

        return data

    def _precache(self, info, force=False):
        """Calculate permissions for user actions.

        FIXME: compatibility layer only !!!
        """
        try:
            from invenio_accounts.models import User
        except ImportError:
            return {}

        CFG_BIBAUTHORID_ENABLED = current_app.config.get(
            'CFG_BIBAUTHORID_ENABLED', False)
        # get authorization key
        acc_key = self.get_acc_key()
        acc = cache.get(acc_key)
        if not force and acc_key is not None and acc is not None:
            return acc

        # FIXME: acc_authorize_action should use flask request directly
        user_info = info
        user_info.update(self.req)
        user = User.query.get(user_info['uid'])

        from invenio_access.engine import acc_authorize_action
        from invenio_access.control import acc_get_role_id, \
            acc_is_user_in_role
        from invenio_search.utils import \
            get_permitted_restricted_collections
        from invenio_deposit.cache import \
            get_authorized_deposition_types

        data = {}
        data['precached_permitted_restricted_collections'] = \
            get_permitted_restricted_collections(user_info)
        data['precached_allowed_deposition_types'] = \
            get_authorized_deposition_types(user_info)
        data['precached_useloans'] = acc_authorize_action(
            user_info, 'useloans')[0] == 0
        data['precached_usegroups'] = acc_authorize_action(
            user_info, 'usegroups')[0] == 0
        data['precached_usemessages'] = acc_authorize_action(
            user_info, 'usemessages')[0] == 0
        data['precached_useadmin'] = user.has_admin_role
        data['precached_usesuperadmin'] = user.has_super_admin_role
        data['precached_canseehiddenmarctags'] = acc_authorize_action(
            user_info, 'runbibedit')[0] == 0
        usepaperclaim = False
        usepaperattribution = False
        viewclaimlink = False

        if (CFG_BIBAUTHORID_ENABLED and acc_is_user_in_role(
                user_info, acc_get_role_id("paperclaimviewers"))):
            usepaperclaim = True

        if (CFG_BIBAUTHORID_ENABLED and acc_is_user_in_role(
                user_info, acc_get_role_id("paperattributionviewers"))):
            usepaperattribution = True

        viewlink = False
        try:
            viewlink = session['personinfo']['claim_in_process']
        except (KeyError, TypeError):
            pass

        if (current_app.config.get('CFG_BIBAUTHORID_ENABLED') and
                usepaperattribution and viewlink):
            viewclaimlink = True

#       if (CFG_BIBAUTHORID_ENABLED
#               and ((usepaperclaim or usepaperattribution)
#               and acc_is_user_in_role(
#                   data, acc_get_role_id("paperattributionlinkviewers")))):
#           viewclaimlink = True

        data['precached_viewclaimlink'] = viewclaimlink
        data['precached_usepaperclaim'] = usepaperclaim
        data['precached_usepaperattribution'] = usepaperattribution

        timeout = current_app.config.get(
            'CFG_WEBSESSION_EXPIRY_LIMIT_DEFAULT', 0) * 3600
        cache.set(acc_key, data,
                  timeout=timeout)
        return data

    def is_authenticated(self):
        """Check if user is authenticated."""
        return not self.is_guest

    def is_authorized(self, name, **kwargs):
        """Check if user is authorized."""
        from invenio_access.engine import acc_authorize_action
        return acc_authorize_action(self, name)[0] == 0

    def is_active(self):
        """Check if user is active."""
        return not self.is_guest

    def is_confirmed(self):
        """Return true if accounts has been confirmed."""
        return self['note'] == "1"

    @property
    def is_guest(self):
        """Check if user is guest."""
        return True if self['email'] == '' else False

    @property
    def is_admin(self):
        """Check if user is admin."""
        return self.get('precached_useadmin', False)

    @property
    def is_super_admin(self):
        """Check if user is super admin."""
        return self.get('precached_usesuperadmin', False)

    def get_id(self):
        """Get user id."""
        return self.get('id', -1)
コード例 #5
0
ファイル: legacy_user.py プロジェクト: mhellmic/b2share
class UserInfo(CombinedMultiDict, UserMixin):
    """
    This provides legacy implementations for the methods that Flask-Login
    and Invenio 1.x expects user objects to have.
    """

    def __init__(self, uid=None, force=False):
        """Retreave information about user."""
        def on_update(self):
            """ Changes own status when the user info is modified. """
            self.modified = True

        self.modified = False
        self.uid = uid
        self.req = self._get_request_info()
        acc = {}

        if uid is not None and uid > 0:
            data = self._login(uid, force)
            acc = self._precache(data, force)
        else:
            data = self._create_guest()

        self.info = CallbackDict(data, on_update)
        # FIXME remove req after everybody start using flask request.
        CombinedMultiDict.__init__(self, [self.req, self.info, acc,
                                          dict(CFG_USER_DEFAULT_INFO)])
        self.save()

    def get_key(self):
        """Generates key for caching user information."""
        key = 'current_user::' + str(self.uid)
        return key

    def get_acc_key(self):
        """Generates key for caching autorizations."""
        remote_ip = str(request.remote_addr) if has_request_context() else '0'
        return 'current_user::' + str(self.uid) + '::' + remote_ip

    def save(self):
        """Save modified data pernamently for logged users."""
        if not self.is_guest and self.modified:
            timeout = current_app.config.get(
                'CFG_WEBSESSION_EXPIRY_LIMIT_DEFAULT', 0)*3600
            cache.set(self.get_key(), dict(self.info),
                      timeout=timeout)

    def reload(self):
        """Reload user login information and saves them."""
        data = self._login(self.uid, force=True)
        acc = self._precache(data, force=True)
        self.info.update(data)
        CombinedMultiDict.__init__(self, [self.req, self.info, acc,
                                          dict(CFG_USER_DEFAULT_INFO)])
        self.save()

    def update_request_info(self):
        self.req = self._get_request_info()

    def _get_request_info(self):
        """Get request information."""
        # FIXME: we should support IPV6 too. (hint for FireRole)
        data = {}
        if has_request_context():
            data['remote_ip'] = request.remote_addr or ''
            data['remote_host'] = request.environ.get('REMOTE_HOST', '')
            data['referer'] = request.referrer
            data['uri'] = request.environ['PATH_INFO'] or ''
            data['agent'] = request.headers.get('User-Agent', 'N/A')
        return data

    def _create_guest(self):
        data = {'settings': {}}

        if current_app.config.get(
                'CFG_WEBSESSION_DIFFERENTIATE_BETWEEN_GUESTS', False):
            from invenio.ext.sqlalchemy import db
            from invenio.modules.accounts.models import User
            note = '1' if current_app.config.get(
                'CFG_ACCESS_CONTROL_LEVEL_GUESTS', 0) == 0 else '0'
            u = User(email='', note=note, password='******')
            db.session.add(u)
            db.session.commit()
            data.update(u.__dict__)
        else:
            # Minimal information about user.
            data['id'] = data['uid'] = 0

        return data

    def _login(self, uid, force=False):
        """Get account information about currently logged user from database.

        Should raise an exception when session.uid is not valid User.id.
        """
        data = cache.get(self.get_key())
        if not force and data is not None:
            return data

        from invenio.modules.accounts.models import User
        data = {}

        try:
            user = User.query.get(uid)
            data['id'] = data['uid'] = user.id or -1
            data['nickname'] = user.nickname or ''
            data['email'] = user.email or ''
            data['note'] = user.note or ''
            data['group'] = map(lambda x: x.usergroup.name,
                                user.usergroups or [])
            data.update(user.settings or {})
            data['settings'] = user.settings or {}
            data['guest'] = str(int(user.guest))  # '1' or '0'
            self.modified = True
        except:
            data = self._create_guest()

        return data

    def _precache(self, info, force=False):
        """Calculate prermitions for user actions.

        FIXME: compatibility layer only !!!
        """

        CFG_BIBAUTHORID_ENABLED = current_app.config.get(
            'CFG_BIBAUTHORID_ENABLED', False)
        # get autorization key
        acc_key = self.get_acc_key()
        acc = cache.get(acc_key)
        if not force and acc_key is not None and acc is not None:
            return acc

        # FIXME: acc_authorize_action should use flask request directly
        user_info = info
        user_info.update(self.req)

        from invenio.legacy.webuser import isUserSubmitter, isUserReferee, \
            isUserAdmin, isUserSuperAdmin
        from invenio.modules.access.engine import acc_authorize_action
        from invenio.modules.access.control import acc_get_role_id, \
            acc_is_user_in_role
        from invenio.legacy.search_engine import \
            get_permitted_restricted_collections

        data = {}
        data['precached_permitted_restricted_collections'] = \
            get_permitted_restricted_collections(user_info)
        data['precached_usebaskets'] = acc_authorize_action(
            user_info, 'usebaskets')[0] == 0
        data['precached_useloans'] = acc_authorize_action(
            user_info, 'useloans')[0] == 0
        data['precached_usegroups'] = acc_authorize_action(
            user_info, 'usegroups')[0] == 0
        data['precached_usealerts'] = acc_authorize_action(
            user_info, 'usealerts')[0] == 0
        data['precached_usemessages'] = acc_authorize_action(
            user_info, 'usemessages')[0] == 0
        data['precached_usestats'] = acc_authorize_action(
            user_info, 'runwebstatadmin')[0] == 0
        try:
            data['precached_viewsubmissions'] = isUserSubmitter(user_info)
        except:
            data['precached_viewsubmissions'] = None
        data['precached_useapprove'] = isUserReferee(user_info)
        data['precached_useadmin'] = isUserAdmin(user_info)
        data['precached_usesuperadmin'] = isUserSuperAdmin(user_info)
        data['precached_canseehiddenmarctags'] = acc_authorize_action(
            user_info, 'runbibedit')[0] == 0
        usepaperclaim = False
        usepaperattribution = False
        viewclaimlink = False

        if (CFG_BIBAUTHORID_ENABLED and acc_is_user_in_role(
                user_info, acc_get_role_id("paperclaimviewers"))):
            usepaperclaim = True

        if (CFG_BIBAUTHORID_ENABLED and acc_is_user_in_role(
                user_info, acc_get_role_id("paperattributionviewers"))):
            usepaperattribution = True

        viewlink = False
        try:
            viewlink = session['personinfo']['claim_in_process']
        except (KeyError, TypeError):
            pass

        if (current_app.config.get('CFG_BIBAUTHORID_ENABLED')
                and usepaperattribution and viewlink):
            viewclaimlink = True

#       if (CFG_BIBAUTHORID_ENABLED
#               and ((usepaperclaim or usepaperattribution)
#               and acc_is_user_in_role(
#                   data, acc_get_role_id("paperattributionlinkviewers")))):
#           viewclaimlink = True

        data['precached_viewclaimlink'] = viewclaimlink
        data['precached_usepaperclaim'] = usepaperclaim
        data['precached_usepaperattribution'] = usepaperattribution

        timeout = current_app.config.get(
            'CFG_WEBSESSION_EXPIRY_LIMIT_DEFAULT', 0)*3600
        cache.set(acc_key, data,
                  timeout=timeout)
        return data

    def is_authenticated(self):
        return not self.is_guest

    def is_authorized(self, name, **kwargs):
        from invenio.modules.access.engine import acc_authorize_action
        return acc_authorize_action(self, name)[0] == 0

    def is_active(self):
        return not self.is_guest

    @property
    def is_guest(self):
        return True if self['email'] == '' else False

    @property
    def is_admin(self):
        return self.get('precached_useadmin', False)

    @property
    def is_super_admin(self):
        return self.get('precached_usesuperadmin', False)

    def get_id(self):
        return self.get('id', -1)