def setUp(self):
"""Create a fake role."""
self.role_name = 'test'
self.role_description = 'test role'
self.role_definition = 'allow email /.*@cern.ch/'
self.role_id, dummy, dummy, dummy = acc_add_role(self.role_name,
self.role_description,
serialize(compile_role_definition(self.role_definition)),
self.role_definition)
def setUp(self):
"""Create a fake role."""
self.role_name = 'test'
self.role_description = 'test role'
self.role_definition = 'allow email /.*@cern.ch/'
self.role_id, dummy, dummy, dummy = acc_add_role(
self.role_name, self.role_description,
serialize(compile_role_definition(self.role_definition)),
self.role_definition)
def setUp(self):
"""Create a fake role."""
from invenio.access_control_admin import acc_add_role
from invenio.access_control_firerole import compile_role_definition, \
serialize
self.role_name = 'test'
self.role_description = 'test role'
self.role_definition = 'allow email /.*@cern.ch/'
self.role_id, dummy, dummy, dummy = acc_add_role(
self.role_name, self.role_description,
serialize(compile_role_definition(self.role_definition)),
self.role_definition)
def create_needed_roles(restrictions, apache_group):
"""Create a role for the corresponding apache_group."""
role_name = CFG_PROPOSED_ROLE_NAME % apache_group
role_description = CFG_PROPOSED_ROLE_DESCRIPTION % ', '.join(get_collections_for_group(restrictions, apache_group))
role_definition_src = 'allow apache_group "%s"' % apache_group
print "Creating role '%s' ('%s') with firerole '%s'..." % (role_name, role_description, role_definition_src),
res = acc_add_role(role_name, role_description, serialize(compile_role_definition(role_definition_src)), role_definition_src)
if res == 0:
print "Already existed!"
else:
print "OK!"
return role_name
def create_needed_roles(restrictions, apache_group):
"""Create a role for the corresponding apache_group."""
role_name = CFG_PROPOSED_ROLE_NAME % apache_group
role_description = CFG_PROPOSED_ROLE_DESCRIPTION % ', '.join(
get_collections_for_group(restrictions, apache_group))
role_definition_src = 'allow apache_group "%s"' % apache_group
print "Creating role '%s' ('%s') with firerole '%s'..." % (
role_name, role_description, role_definition_src),
res = acc_add_role(role_name, role_description,
serialize(compile_role_definition(role_definition_src)),
role_definition_src)
if res == 0:
print "Already existed!"
else:
print "OK!"
return role_name
return errorMsg(str(e), req, ln=ln)
(auth_code, auth_message) = acc_authorize_action(req, "cfgwebsubmit", verbose=0)
if auth_code != 0:
## user is not authorised to use WebSubmit Admin:
return page_not_authorized(req=req, text=auth_message)
# request for deleting a user
if todo == "deleteuser":
acc_delete_user_role(id, name_role=role)
# request for adding user(s)
if todo == "adduser":
role = "referee_%s_%s" % (doctype, categ[1])
roleId = acc_get_role_id(role)
# if the role does not exists, we create it
if roleId == 0:
if acc_add_role(role, "referees for document type %s category %s" % (doctype, categ[1])) == 0:
return errorMsg("Cannot create referee role", req)
else:
roleId = acc_get_role_id(role)
# if the action does not exist, we create it
actionId = acc_get_action_id("referee")
if actionId == 0:
if acc_add_action("referee", "", "no", ("doctype","categ")) == 0:
return errorMsg("Cannot create action 'referee'", req)
else:
actionId = acc_get_action_id("referee")
#create arguments
arg1Id = acc_add_argument("doctype", doctype)
arg2Id = acc_add_argument("categ", categ[1])
# then link the role with the action
if acc_add_role_action_arguments(roleId, actionId, -1, 0, 0, [arg1Id, arg2Id]) == 0:
def index(req, c=CFG_SITE_NAME, ln=CFG_SITE_LANG, todo="", id="", doctype="",
categ="", addusers="", warningText="", role=""):
"""Main entry point for the management of referees."""
ln = wash_language(ln)
# get user ID:
uid = getUid(req)
(auth_code, auth_message) = acc_authorize_action(req, "cfgwebsubmit", verbose=0)
if auth_code != 0:
## user is not authorised to use WebSubmit Admin:
return page_not_authorized(req=req, text=auth_message)
# request for deleting a user
if todo == "deleteuser":
acc_delete_user_role(id, name_role=role)
# request for adding user(s)
if todo == "adduser":
role = "referee_%s_%s" % (doctype, categ[1])
roleId = acc_get_role_id(role)
# if the role does not exists, we create it
if roleId == 0:
if acc_add_role(role, "referees for document type %s category %s" % (doctype, categ[1])) == 0:
return errorMsg("Cannot create referee role", req, uid)
else:
roleId = acc_get_role_id(role)
# if the action does not exist, we create it
actionId = acc_get_action_id("referee")
if actionId == 0:
if acc_add_action("referee", "", "no", ("doctype","categ")) == 0:
return errorMsg("Cannot create action 'referee'", req, uid)
else:
actionId = acc_get_action_id("referee")
#create arguments
arg1Id = acc_add_argument("doctype", doctype)
arg2Id = acc_add_argument("categ", categ[1])
# then link the role with the action
if acc_add_role_action_arguments(roleId, actionId, -1, 0, 0, [arg1Id, arg2Id]) == 0:
return errorMsg("Cannot link role with action", req, uid)
roleId = acc_get_role_id(role)
# For each id in the array
if isinstance(addusers, types.ListType):
for adduser in addusers:
# First check whether this id is not already associated with this rule
myRoles = acc_get_user_roles(adduser)
if not roleId in myRoles:
# Actually add the role to the user
acc_add_user_role(adduser, roleId)
else:
warningText = '<span style="color:#f00">Sorry... This user is already a referee for this category.</span>'
else:
# First check whether this id is not already associated with this rule
myRoles = acc_get_user_roles(addusers)
if not roleId in myRoles:
# Actually add the role to the user
acc_add_user_role(addusers, roleId)
else:
warningText = '<span style="color:#f00">Sorry... This user is already a referee for this category.</span>'
return page(title="websubmit admin - referee selection",
body=displayRefereesPage(doctype, warningText),
description="",
keywords="",
uid=uid,
language=ln,
req=req)
def index(req,
c=CFG_SITE_NAME,
ln=CFG_SITE_LANG,
todo="",
id="",
doctype="",
categ="",
addusers="",
warningText="",
role=""):
"""Main entry point for the management of referees."""
ln = wash_language(ln)
# get user ID:
uid = getUid(req)
(auth_code, auth_message) = acc_authorize_action(req,
"cfgwebsubmit",
verbose=0)
if auth_code != 0:
## user is not authorised to use WebSubmit Admin:
return page_not_authorized(req=req, text=auth_message)
# request for deleting a user
if todo == "deleteuser":
acc_delete_user_role(id, name_role=role)
# request for adding user(s)
if todo == "adduser":
role = "referee_%s_%s" % (doctype, categ[1])
roleId = acc_get_role_id(role)
# if the role does not exists, we create it
if roleId == 0:
if acc_add_role(
role, "referees for document type %s category %s" %
(doctype, categ[1])) == 0:
return errorMsg("Cannot create referee role", req, uid)
else:
roleId = acc_get_role_id(role)
# if the action does not exist, we create it
actionId = acc_get_action_id("referee")
if actionId == 0:
if acc_add_action("referee", "", "no",
("doctype", "categ")) == 0:
return errorMsg("Cannot create action 'referee'", req, uid)
else:
actionId = acc_get_action_id("referee")
#create arguments
arg1Id = acc_add_argument("doctype", doctype)
arg2Id = acc_add_argument("categ", categ[1])
# then link the role with the action
if acc_add_role_action_arguments(roleId, actionId, -1, 0, 0,
[arg1Id, arg2Id]) == 0:
return errorMsg("Cannot link role with action", req, uid)
roleId = acc_get_role_id(role)
# For each id in the array
if isinstance(addusers, types.ListType):
for adduser in addusers:
# First check whether this id is not already associated with this rule
myRoles = acc_get_user_roles(adduser)
if not roleId in myRoles:
# Actually add the role to the user
acc_add_user_role(adduser, roleId)
else:
warningText = '<span style="color:#f00">Sorry... This user is already a referee for this category.</span>'
else:
# First check whether this id is not already associated with this rule
myRoles = acc_get_user_roles(addusers)
if not roleId in myRoles:
# Actually add the role to the user
acc_add_user_role(addusers, roleId)
else:
warningText = '<span style="color:#f00">Sorry... This user is already a referee for this category.</span>'
return page(title="websubmit admin - referee selection",
body=displayRefereesPage(doctype, warningText),
description="",
keywords="",
uid=uid,
language=ln,
req=req)