def user_has_editor_or_manager_permissions(obj): permission = Permission(source_full_manager_actions) current_identity = get_identity(current_user) if permission.allows(current_identity): return permission permiso = None permiso = Permission(ObjectSourceManager(obj['uuid'])) if permiso: return permiso aux = obj['terms'] terms = aux.split(',') permiso = None for term_uuid in terms: try: permiso = Permission(ObjectSourceTermManager(term_uuid)) if permiso: return permiso except Exception as e: raise e aux = obj['orgs'] orgs = aux.split(',') permiso = None for org_uuid in orgs: try: permiso = Permission(ObjectSourceTermManager(org_uuid)) if permiso: return permiso except Exception as e: raise e return Permission(ObjectSourceEditor(obj['uuid']))
def user_is_term_manager(uuid, user: User): if not user or not uuid: raise PermissionDenied() identity = get_identity(user) permission = Permission(ObjectSourceTermManager(uuid)) if permission.allows(identity): return True raise PermissionDenied()
def wrapper(*args, **kwargs): permission = Permission(notification_admin_actions) current_identity = get_identity(current_user) if not permission.allows(current_identity): return iroko_json_response(IrokoResponseStatus.ERROR, 'Need to be source administrator.', None, None) else: return fn(*args, **kwargs)
def vocabulary_editor_permission_factory(obj): try: permission = Permission(vocabularies_full_editor_actions) current_identity = get_identity(current_user) if permission.allows(current_identity): return permission except Exception as e: msg = str(e) return Permission(ObjectVocabularyEditor(obj['name']))
def source_manager_permission_factory(obj): try: permission = Permission(source_full_manager_actions) current_identity = get_identity(current_user) if permission.allows(current_identity): return permission except Exception as e: pass return Permission(ObjectSourceManager(obj['uuid']))
def notification_viewed_permission_factory(obj): try: permission = Permission(notification_admin_actions) current_identity = get_identity(current_user) if permission.allows(current_identity): return permission except Exception as e: pass return Permission(ObjectNotificationViewed(obj['id']))
def is_user_sources_admin(user: User): its = False permission = Permission(source_full_manager_actions) current_identity = get_identity(user) if permission.allows(current_identity): its = True # except Exception as e: # # print(str(e)) return its
def user_has_edit_permission(source, user: User): if not user or not source: raise PermissionDenied() try: if user_has_manager_permission(source, user): return True except PermissionDenied as err: pass identity = get_identity(user) perm = Permission(ObjectSourceEditor(source.id)) if perm.allows(identity): return True raise PermissionDenied()
def test_permissions(permissions, community, sample_records): """Test community permissions.""" perms = {a: ParameterizedActionNeed(a, community[1].id) for a in current_oarepo_communities.allowed_actions} member = OARepoCommunity.get_role(community[1], 'member') curator = OARepoCommunity.get_role(community[1], 'curator') publisher = OARepoCommunity.get_role(community[1], 'publisher') # Test author community member can only request approval only in a concrete community. author_identity = get_identity(permissions['author']) assert permissions['author'].roles == [member] assert Permission(perms[COMMUNITY_REQUEST_APPROVAL]).allows(author_identity) assert not any( [Permission(perms[p]).allows(author_identity) for p in perms.keys() if p != COMMUNITY_REQUEST_APPROVAL]) assert not Permission(ParameterizedActionNeed(COMMUNITY_REQUEST_APPROVAL, 'B')).allows(author_identity) assert not any( [Permission(ParameterizedActionNeed(COMMUNITY_REQUEST_APPROVAL, 'B')).allows(author_identity) for p in perms.keys() if p != COMMUNITY_REQUEST_APPROVAL]) # Test community curator action permissions curator_identity = get_identity(permissions['curator']) assert set(permissions['curator'].roles) == {member, curator} assert Permission(perms[COMMUNITY_APPROVE]).allows(curator_identity) assert Permission(perms[COMMUNITY_REQUEST_CHANGES]).allows(curator_identity) assert not Permission(ParameterizedActionNeed(COMMUNITY_APPROVE, 'B')).allows(curator_identity) assert not any([Permission(perms[p]).allows(curator_identity) for p in perms.keys() if p not in [COMMUNITY_APPROVE, COMMUNITY_REQUEST_CHANGES, COMMUNITY_REVERT_APPROVE]]) # Test community publisher action permissions publisher_identity = get_identity(permissions['publisher']) assert set(permissions['publisher'].roles) == {member, publisher} assert Permission(perms[COMMUNITY_PUBLISH]).allows(publisher_identity) assert Permission(perms[COMMUNITY_UNPUBLISH]).allows(publisher_identity) assert not Permission(ParameterizedActionNeed(COMMUNITY_PUBLISH, 'B')).allows(publisher_identity) assert not any([Permission(perms[p]).allows(publisher_identity) for p in perms.keys() if p not in [COMMUNITY_PUBLISH, COMMUNITY_UNPUBLISH, COMMUNITY_REVERT_APPROVE]])
def check_user_vocabulary_editor_permission( user_id, vocabulary_id) -> Dict[str, bool]: done = False msg = '' try: if is_current_user_taxonomy_admin(): done = True else: vocabulary = Vocabulary.query.filter_by( identifier=vocabulary_id).first() user = User.query.filter_by(id=user_id) user_identity = get_identity(user) permission = Permission(ObjectVocabularyEditor( vocabulary.name)) done = permission.allows(user_identity) except Exception as e: msg = str(e) # print(str(e)) return msg, done
def source_organization_manager_permission_factory(obj): permission = Permission(source_full_manager_actions) current_identity = get_identity(current_user) if permission.allows(current_identity): return permission permiso = None permiso = Permission(ObjectSourceManager(obj['uuid'])) if permiso: return permiso aux = obj['orgs'] orgs = aux.split(',') permiso = None for org_uuid in orgs: try: permiso = Permission(ObjectSourceOrganizationManager(org_uuid)) if permiso: return permiso except Exception as e: raise e raise PermissionDenied('No tiene permisos de gestión')
def user_has_manager_permission(source, user: User): if not user or not source: raise PermissionDenied() identity = get_identity(user) permission = Permission(source_full_manager_actions) if permission.allows(identity): return True permiso = Permission(ObjectSourceManager(source.id)) if permiso.allows(identity): return True if 'classifications' in source.model.json: for term in source.model.json['classifications']: if 'id' in term: try: permiso = Permission(ObjectSourceTermManager(term['id'])) if permiso.allows(identity): return True except Exception as e: pass if 'organizations' in source.model.json: for org in source.model.json['organizations']: if 'id' in org: try: permiso = Permission( ObjectSourceOrganizationManager(org['id'])) if permiso.allows(identity): return True except Exception as e: pass raise PermissionDenied()