def check_transaction_permissions(uid, bibref, pid, action): ''' Check if the user can perform the given action on the given pid,bibrefrec pair. return in: granted, denied, warning_granted, warning_denied @param uid: The internal ID of a user @type uid: int @param bibref: the bibref pair to check permissions for @type bibref: string @param pid: the Person ID to check on @type pid: int @param action: the action that is to be performed @type action: string @return: granted, denied, warning_granted xor warning_denied @rtype: string ''' c_own = True c_override = False is_superadmin = isUserSuperAdmin({'uid': uid}) access_right = _resolve_maximum_acces_rights(uid) bibref_status = dbapi.get_bibref_modification_status(bibref) old_flag = bibref_status[0] if old_flag == 2 or old_flag == -2: if action in ['confirm', 'assign']: new_flag = 2 elif action in ['repeal']: new_flag = -2 elif action in ['reset']: new_flag = 0 if old_flag != new_flag: c_override = True uid_pid = dbapi.get_personid_from_uid([[uid]]) if not uid_pid[1] or pid != uid_pid[0][0]: c_own = False #if we cannot override an already touched bibref, no need to go on checking if c_override: if is_superadmin: return 'warning_granted' if access_right[1] < bibref_status[1]: return "warning_denied" else: if is_superadmin: return 'granted' #let's check if invenio is allowing us the action we want to perform if c_own: action = bconfig.CLAIMPAPER_CLAIM_OWN_PAPERS else: action = bconfig.CLAIMPAPER_CLAIM_OTHERS_PAPERS auth = acc_authorize_action(uid, action) if auth[0] != 0: return "denied" #now we know if claiming for ourselfs, we can ask for external ideas if c_own: action = 'claim_own_paper' else: action = 'claim_other_paper' ext_permission = external_user_can_perform_action(uid) #if we are here invenio is allowing the thing and we are not overwriting a #user with higher privileges, if externals are ok we go on! if ext_permission: if not c_override: return "granted" else: return "warning_granted" return "denied"