def setUp(self):
     """Create a fake role."""
     self.role_name = 'test'
     self.role_description = 'test role'
     self.role_definition = 'allow email /.*@cern.ch/'
     self.role_id, dummy, dummy, dummy = acc_add_role(self.role_name,
         self.role_description,
         serialize(compile_role_definition(self.role_definition)),
         self.role_definition)
Пример #2
0
 def setUp(self):
     """Create a fake role."""
     self.role_name = 'test'
     self.role_description = 'test role'
     self.role_definition = 'allow email /.*@cern.ch/'
     self.role_id, dummy, dummy, dummy = acc_add_role(
         self.role_name, self.role_description,
         serialize(compile_role_definition(self.role_definition)),
         self.role_definition)
 def setUp(self):
     """Create a fake role."""
     from invenio.access_control_admin import acc_add_role
     from invenio.access_control_firerole import compile_role_definition, \
         serialize
     self.role_name = 'test'
     self.role_description = 'test role'
     self.role_definition = 'allow email /.*@cern.ch/'
     self.role_id, dummy, dummy, dummy = acc_add_role(
         self.role_name, self.role_description,
         serialize(compile_role_definition(self.role_definition)),
         self.role_definition)
def create_needed_roles(restrictions, apache_group):
    """Create a role for the corresponding apache_group."""

    role_name = CFG_PROPOSED_ROLE_NAME % apache_group
    role_description = CFG_PROPOSED_ROLE_DESCRIPTION % ', '.join(get_collections_for_group(restrictions, apache_group))
    role_definition_src = 'allow apache_group "%s"' % apache_group
    print "Creating role '%s' ('%s') with firerole '%s'..." % (role_name, role_description, role_definition_src),
    res = acc_add_role(role_name, role_description, serialize(compile_role_definition(role_definition_src)), role_definition_src)
    if res == 0:
        print "Already existed!"
    else:
        print "OK!"
    return role_name
Пример #5
0
def create_needed_roles(restrictions, apache_group):
    """Create a role for the corresponding apache_group."""

    role_name = CFG_PROPOSED_ROLE_NAME % apache_group
    role_description = CFG_PROPOSED_ROLE_DESCRIPTION % ', '.join(
        get_collections_for_group(restrictions, apache_group))
    role_definition_src = 'allow apache_group "%s"' % apache_group
    print "Creating role '%s' ('%s') with firerole '%s'..." % (
        role_name, role_description, role_definition_src),
    res = acc_add_role(role_name, role_description,
                       serialize(compile_role_definition(role_definition_src)),
                       role_definition_src)
    if res == 0:
        print "Already existed!"
    else:
        print "OK!"
    return role_name
Пример #6
0
        return errorMsg(str(e), req, ln=ln)
    (auth_code, auth_message) = acc_authorize_action(req, "cfgwebsubmit", verbose=0)
    if auth_code != 0:
        ## user is not authorised to use WebSubmit Admin:
        return page_not_authorized(req=req, text=auth_message)

    # request for deleting a user
    if todo == "deleteuser":
        acc_delete_user_role(id, name_role=role)
    # request for adding user(s)
    if todo == "adduser":
        role = "referee_%s_%s" % (doctype, categ[1])
        roleId = acc_get_role_id(role)
        # if the role does not exists, we create it
        if roleId == 0:
            if acc_add_role(role, "referees for document type %s category %s" % (doctype, categ[1])) == 0:
                return errorMsg("Cannot create referee role", req)
            else:
                roleId = acc_get_role_id(role)
            # if the action does not exist, we create it
            actionId = acc_get_action_id("referee")
            if actionId == 0:
                if acc_add_action("referee", "", "no", ("doctype","categ")) == 0:
                    return errorMsg("Cannot create action 'referee'", req)
                else:
                    actionId = acc_get_action_id("referee")
            #create arguments
            arg1Id = acc_add_argument("doctype", doctype)
            arg2Id = acc_add_argument("categ", categ[1])
            # then link the role with the action
            if acc_add_role_action_arguments(roleId, actionId, -1, 0, 0, [arg1Id, arg2Id]) == 0:
Пример #7
0
def index(req, c=CFG_SITE_NAME, ln=CFG_SITE_LANG, todo="", id="", doctype="",
          categ="", addusers="", warningText="", role=""):
    """Main entry point for the management of referees."""
    ln = wash_language(ln)
    # get user ID:
    uid = getUid(req)
    (auth_code, auth_message) = acc_authorize_action(req, "cfgwebsubmit", verbose=0)
    if auth_code != 0:
        ## user is not authorised to use WebSubmit Admin:
        return page_not_authorized(req=req, text=auth_message)

    # request for deleting a user
    if todo == "deleteuser":
        acc_delete_user_role(id, name_role=role)
    # request for adding user(s)
    if todo == "adduser":
        role = "referee_%s_%s" % (doctype, categ[1])
        roleId = acc_get_role_id(role)
        # if the role does not exists, we create it
        if roleId == 0:
            if acc_add_role(role, "referees for document type %s category %s" % (doctype, categ[1])) == 0:
                return errorMsg("Cannot create referee role", req, uid)
            else:
                roleId = acc_get_role_id(role)
            # if the action does not exist, we create it
            actionId = acc_get_action_id("referee")
            if actionId == 0:
                if acc_add_action("referee", "", "no", ("doctype","categ")) == 0:
                    return errorMsg("Cannot create action 'referee'", req, uid)
                else:
                    actionId = acc_get_action_id("referee")
            #create arguments
            arg1Id = acc_add_argument("doctype", doctype)
            arg2Id = acc_add_argument("categ", categ[1])
            # then link the role with the action
            if acc_add_role_action_arguments(roleId, actionId, -1, 0, 0, [arg1Id, arg2Id]) == 0:
                return errorMsg("Cannot link role with action", req, uid)
        roleId = acc_get_role_id(role)
        # For each id in the array
        if isinstance(addusers, types.ListType):
            for adduser in addusers:
                # First check  whether this id is not already associated with this rule
                myRoles = acc_get_user_roles(adduser)
                if not roleId in myRoles:
                    # Actually add the role to the user
                    acc_add_user_role(adduser, roleId)
                else:
                    warningText = '<span style="color:#f00">Sorry... This user is already a referee for this category.</span>'
        else:
            # First check  whether this id is not already associated with this rule
            myRoles = acc_get_user_roles(addusers)
            if not roleId in myRoles:
                # Actually add the role to the user
                acc_add_user_role(addusers, roleId)
            else:
                warningText = '<span style="color:#f00">Sorry... This user is already a referee for this category.</span>'
    return page(title="websubmit admin - referee selection",
                    body=displayRefereesPage(doctype, warningText),
                    description="",
                    keywords="",
                    uid=uid,
                    language=ln,
                    req=req)
Пример #8
0
def index(req,
          c=CFG_SITE_NAME,
          ln=CFG_SITE_LANG,
          todo="",
          id="",
          doctype="",
          categ="",
          addusers="",
          warningText="",
          role=""):
    """Main entry point for the management of referees."""
    ln = wash_language(ln)
    # get user ID:
    uid = getUid(req)
    (auth_code, auth_message) = acc_authorize_action(req,
                                                     "cfgwebsubmit",
                                                     verbose=0)
    if auth_code != 0:
        ## user is not authorised to use WebSubmit Admin:
        return page_not_authorized(req=req, text=auth_message)

    # request for deleting a user
    if todo == "deleteuser":
        acc_delete_user_role(id, name_role=role)
    # request for adding user(s)
    if todo == "adduser":
        role = "referee_%s_%s" % (doctype, categ[1])
        roleId = acc_get_role_id(role)
        # if the role does not exists, we create it
        if roleId == 0:
            if acc_add_role(
                    role, "referees for document type %s category %s" %
                (doctype, categ[1])) == 0:
                return errorMsg("Cannot create referee role", req, uid)
            else:
                roleId = acc_get_role_id(role)
            # if the action does not exist, we create it
            actionId = acc_get_action_id("referee")
            if actionId == 0:
                if acc_add_action("referee", "", "no",
                                  ("doctype", "categ")) == 0:
                    return errorMsg("Cannot create action 'referee'", req, uid)
                else:
                    actionId = acc_get_action_id("referee")
            #create arguments
            arg1Id = acc_add_argument("doctype", doctype)
            arg2Id = acc_add_argument("categ", categ[1])
            # then link the role with the action
            if acc_add_role_action_arguments(roleId, actionId, -1, 0, 0,
                                             [arg1Id, arg2Id]) == 0:
                return errorMsg("Cannot link role with action", req, uid)
        roleId = acc_get_role_id(role)
        # For each id in the array
        if isinstance(addusers, types.ListType):
            for adduser in addusers:
                # First check  whether this id is not already associated with this rule
                myRoles = acc_get_user_roles(adduser)
                if not roleId in myRoles:
                    # Actually add the role to the user
                    acc_add_user_role(adduser, roleId)
                else:
                    warningText = '<span style="color:#f00">Sorry... This user is already a referee for this category.</span>'
        else:
            # First check  whether this id is not already associated with this rule
            myRoles = acc_get_user_roles(addusers)
            if not roleId in myRoles:
                # Actually add the role to the user
                acc_add_user_role(addusers, roleId)
            else:
                warningText = '<span style="color:#f00">Sorry... This user is already a referee for this category.</span>'
    return page(title="websubmit admin - referee selection",
                body=displayRefereesPage(doctype, warningText),
                description="",
                keywords="",
                uid=uid,
                language=ln,
                req=req)