def views_permissions_factory(action): """Return ILS views permissions factory.""" is_authenticated_user = ["circulation-loan-request", "patron-loans"] is_backoffice_permission = [ "circulation-loan-checkout", "circulation-loan-force-checkout", "circulation-overdue-loan-email", "circulation-loan-update-dates", "relations-create", "relations-delete", "stats-most-loaned", "document-request-actions", "bucket-create", "ill-brwreq-patron-loan-create", "ill-brwreq-patron-loan-extension-accept", "ill-brwreq-patron-loan-extension-decline", ] is_patron_owner_permission = [ "document-request-decline", "ill-brwreq-patron-loan-extension-request", ] if action in is_authenticated_user: return authenticated_user_permission() elif action in is_backoffice_permission: return backoffice_permission() elif action in is_patron_owner_permission: return PatronOwnerPermission return deny_all()
def views_permissions_factory(action): """Return ILS views permissions factory.""" if action == "circulation-loan-request": return authenticated_user_permission() elif action == "circulation-loan-checkout": return backoffice_permission() elif action == "circulation-loan-force-checkout": return backoffice_permission() elif action == "circulation-overdue-loan-email": return backoffice_permission() elif action == "relations-create": return backoffice_permission() elif action == "relations-delete": return backoffice_permission() elif action == "stats-most-loaned": return backoffice_permission() elif action == "document-request-accept": return backoffice_permission() elif action == "document-request-pending": return backoffice_permission() elif action == "document-request-reject": return backoffice_permission() elif action == "bucket-create": return backoffice_permission() else: return deny_all()
def views_permissions_factory(action): """Return ILS views permissions factory.""" if action == "circulation-loan-request": return authenticated_user_permission() elif action == "circulation-loan-checkout": return backoffice_permission() elif action == "circulation-loan-force-checkout": return backoffice_permission() elif action == "circulation-overdue-loan-email": return backoffice_permission() elif action == "relations-create": return backoffice_permission() elif action == "relations-delete": return backoffice_permission() elif action == "stats-most-loaned": return backoffice_permission() elif action == "document-request-actions": return backoffice_permission() elif action == "document-request-decline": # return a factory that accepts a record as parameter return PatronOwnerPermission elif action == "bucket-create": return backoffice_permission() elif action == "ill-brwreq-patron-loan-create": return backoffice_permission() elif action == "ill-brwreq-patron-loan-extension-request": # return a factory that accepts a record as parameter return PatronOwnerPermission elif action == "ill-brwreq-patron-loan-extension-accept": return backoffice_permission() elif action == "ill-brwreq-patron-loan-extension-decline": return backoffice_permission() return deny_all()
def views_permissions_factory(action): """Return ILS views permissions factory.""" if action == "circulation-loan-request": return authenticated_user_permission() elif action == "circulation-loan-create": return backoffice_permission() else: return deny_all()
def owner_permission_impl(record, *args, **kwargs): f"""Record owner permission factory. * Allows access to record if current_user if record is owned by the current user. * If the record is not owned by any user, access to the record is denied. """ owner = current_oarepo_communities.get_owned_by_field(record) if owner: return Permission(UserNeed(owner)) return deny_all()
def file_download_permission(obj): """File download permissions.""" bucket_id = str(obj.bucket_id) search_cls = current_app_ils.eitem_search_cls results = search_cls().search_by_bucket_id(bucket_id) if len(results) != 1: return deny_all() eitem_cls = current_app_ils.eitem_record_cls record = eitem_cls.get_record_by_pid(results[0].pid) if record.get("open_access", False): return allow_all() return authenticated_user_permission()
def inner(record, *args, **kwargs): community_id = community_id_from_request() if community_id: return Permission(RoleNeed(f'community:{community_id}:{role}')) return deny_all()
def test_views_permissions_factory(action): """Test views permissions factory.""" if action == 'loan-read-access': return has_read_loan_permission() else: return deny_all()
from invenio_jsonschemas import current_jsonschemas from werkzeug.routing import Rule url_map.add( Rule("{0}/<path:path>".format( current_app.config['JSONSCHEMAS_ENDPOINT']), endpoint=current_jsonschemas.get_schema, host=current_app.config['SERVER_NAME'])) # global config FLASK_TAXONOMIES_URL_PREFIX = '/2.0/taxonomies/' FLASK_TAXONOMIES_PERMISSION_FACTORIES = { 'taxonomy_list': [allow_all()], 'taxonomy_read': [allow_all()], 'taxonomy_create': [deny_all()], 'taxonomy_update': [deny_all()], 'taxonomy_delete': [deny_all()], 'taxonomy_term_read': [allow_all()], 'taxonomy_term_create': [deny_all()], 'taxonomy_term_update': [deny_all()], 'taxonomy_term_delete': [deny_all()], 'taxonomy_term_move': [deny_all()] } PREFERRED_URL_SCHEME = 'https' RATELIMIT_ENABLED = True RATELIMIT_PER_ENDPOINT = { 'oarepo_records_draft.draft-datasets_presigned_part': '25000 per hour', 'oarepo_records_draft.draft-datasets-community_presigned_part':
def test_views_permissions_factory(action): """Test views permissions factory.""" if action == 'loan-read-access': return loan_reader() else: return deny_all()