def loan_extend_circulation_permission(loan): """Return permission to allow only owner and librarians to extend loan.""" if not has_request_context(): # not in a request context, probably from CLI return allow_all() if current_user.is_anonymous: abort(401) if current_user.id == int(loan["patron_pid"]): Document = current_app_ils.document_record_cls document_rec = Document.get_record_by_pid(loan["document_pid"]) document = document_rec.replace_refs() is_overbooked = document.get("circulation", {}).get("overbooked") if is_overbooked is None: # NOTE: this should never happen, if it happens it means that the # document does not have `circulation.overbooked` field. Fix it! abort(500) elif is_overbooked: raise InvalidLoanExtendError( "The extension cannot be automatically accepted due to high " "demand for this literature. Please contact the library to " "request a loan extension." ) return PatronOwnerPermission(loan)
def file_download_permission(obj): """File download permissions.""" bucket_id = str(obj.bucket_id) search_cls = current_app_ils.eitem_search_cls results = search_cls().search_by_bucket_id(bucket_id) if len(results) != 1: return deny_all() eitem_cls = current_app_ils.eitem_record_cls record = eitem_cls.get_record_by_pid(results[0].pid) if record.get("open_access", False): return allow_all() return authenticated_user_permission()
def test_views_permissions_factory(transition): """Test permissions factory.""" return allow_all()
def patron_owner_permission(record): """Return permission to allow owner and librarian to access the record.""" if not has_request_context(): # allows performing the actions out of the request context f.e. CLI return allow_all() return PatronOwnerPermission(record)
# # REST # OAREPO_ENROLLMENT_USER_RESTFUL_SERIALIZATION_CLASS = 'oarepo_enrollments.views.api.UserField' # # Permissions # def allow_all(*args, **kwargs): return type('Allow', (), {'can': lambda self: True})() # Factory (or import string) returning Permission (or an object with ``can`` method) that limits access to listing OAREPO_ENROLLMENT_LIST_PERMISSION_FACTORY = lambda **kwargs: allow_all() # A function (or import string) that takes ``Enrollment.query`` as argument and returns filtered # query set. The function might, for example, limit the enrollments only to those created # by the ``current_user``. OAREPO_ENROLLMENT_LIST_PERMISSION_FILTER = lambda queryset: queryset # Factory (or import string) that takes ``enrollment: Enrollment`` instance and returns Permission. OAREPO_ENROLLMENT_RETRIEVE_PERMISSION_FACTORY = lambda enrollment=None, **kwargs: allow_all( ) # Factory (or import string) that returns Permission representing if user can create an enrollment. # The factory gets enrollment data passed in request as ``enrollment`` named parameter. OAREPO_ENROLLMENT_ENROLL_PERMISSION_FACTORY = lambda enrollment=None, **kwargs: allow_all( )
def views_permissions_factory(action): """Circulation views permissions factory.""" if action == 'loan-read-access': return allow_all() elif action == 'loan-actions': return allow_all()
""" from flask import current_app from invenio_jsonschemas import current_jsonschemas from werkzeug.routing import Rule url_map.add( Rule("{0}/<path:path>".format( current_app.config['JSONSCHEMAS_ENDPOINT']), endpoint=current_jsonschemas.get_schema, host=current_app.config['SERVER_NAME'])) # global config FLASK_TAXONOMIES_URL_PREFIX = '/2.0/taxonomies/' FLASK_TAXONOMIES_PERMISSION_FACTORIES = { 'taxonomy_list': [allow_all()], 'taxonomy_read': [allow_all()], 'taxonomy_create': [deny_all()], 'taxonomy_update': [deny_all()], 'taxonomy_delete': [deny_all()], 'taxonomy_term_read': [allow_all()], 'taxonomy_term_create': [deny_all()], 'taxonomy_term_update': [deny_all()], 'taxonomy_term_delete': [deny_all()], 'taxonomy_term_move': [deny_all()] } PREFERRED_URL_SCHEME = 'https' RATELIMIT_ENABLED = True RATELIMIT_PER_ENDPOINT = { 'oarepo_records_draft.draft-datasets_presigned_part':