def user_has_editor_or_manager_permissions(obj):
permission = Permission(source_full_manager_actions)
current_identity = get_identity(current_user)
if permission.allows(current_identity):
return permission
permiso = None
permiso = Permission(ObjectSourceManager(obj['uuid']))
if permiso:
return permiso
aux = obj['terms']
terms = aux.split(',')
permiso = None
for term_uuid in terms:
try:
permiso = Permission(ObjectSourceTermManager(term_uuid))
if permiso:
return permiso
except Exception as e:
raise e
aux = obj['orgs']
orgs = aux.split(',')
permiso = None
for org_uuid in orgs:
try:
permiso = Permission(ObjectSourceTermManager(org_uuid))
if permiso:
return permiso
except Exception as e:
raise e
return Permission(ObjectSourceEditor(obj['uuid']))
def user_is_term_manager(uuid, user: User):
if not user or not uuid:
raise PermissionDenied()
identity = get_identity(user)
permission = Permission(ObjectSourceTermManager(uuid))
if permission.allows(identity):
return True
raise PermissionDenied()
def wrapper(*args, **kwargs):
permission = Permission(notification_admin_actions)
current_identity = get_identity(current_user)
if not permission.allows(current_identity):
return iroko_json_response(IrokoResponseStatus.ERROR,
'Need to be source administrator.',
None, None)
else:
return fn(*args, **kwargs)
def vocabulary_editor_permission_factory(obj):
try:
permission = Permission(vocabularies_full_editor_actions)
current_identity = get_identity(current_user)
if permission.allows(current_identity):
return permission
except Exception as e:
msg = str(e)
return Permission(ObjectVocabularyEditor(obj['name']))
def source_manager_permission_factory(obj):
try:
permission = Permission(source_full_manager_actions)
current_identity = get_identity(current_user)
if permission.allows(current_identity):
return permission
except Exception as e:
pass
return Permission(ObjectSourceManager(obj['uuid']))
def notification_viewed_permission_factory(obj):
try:
permission = Permission(notification_admin_actions)
current_identity = get_identity(current_user)
if permission.allows(current_identity):
return permission
except Exception as e:
pass
return Permission(ObjectNotificationViewed(obj['id']))
def is_user_sources_admin(user: User):
its = False
permission = Permission(source_full_manager_actions)
current_identity = get_identity(user)
if permission.allows(current_identity):
its = True
# except Exception as e:
# # print(str(e))
return its
def user_has_edit_permission(source, user: User):
if not user or not source:
raise PermissionDenied()
try:
if user_has_manager_permission(source, user):
return True
except PermissionDenied as err:
pass
identity = get_identity(user)
perm = Permission(ObjectSourceEditor(source.id))
if perm.allows(identity):
return True
raise PermissionDenied()
def test_permissions(permissions, community, sample_records):
"""Test community permissions."""
perms = {a: ParameterizedActionNeed(a, community[1].id) for a in current_oarepo_communities.allowed_actions}
member = OARepoCommunity.get_role(community[1], 'member')
curator = OARepoCommunity.get_role(community[1], 'curator')
publisher = OARepoCommunity.get_role(community[1], 'publisher')
# Test author community member can only request approval only in a concrete community.
author_identity = get_identity(permissions['author'])
assert permissions['author'].roles == [member]
assert Permission(perms[COMMUNITY_REQUEST_APPROVAL]).allows(author_identity)
assert not any(
[Permission(perms[p]).allows(author_identity) for p in perms.keys() if p != COMMUNITY_REQUEST_APPROVAL])
assert not Permission(ParameterizedActionNeed(COMMUNITY_REQUEST_APPROVAL, 'B')).allows(author_identity)
assert not any(
[Permission(ParameterizedActionNeed(COMMUNITY_REQUEST_APPROVAL, 'B')).allows(author_identity) for p in
perms.keys() if
p != COMMUNITY_REQUEST_APPROVAL])
# Test community curator action permissions
curator_identity = get_identity(permissions['curator'])
assert set(permissions['curator'].roles) == {member, curator}
assert Permission(perms[COMMUNITY_APPROVE]).allows(curator_identity)
assert Permission(perms[COMMUNITY_REQUEST_CHANGES]).allows(curator_identity)
assert not Permission(ParameterizedActionNeed(COMMUNITY_APPROVE, 'B')).allows(curator_identity)
assert not any([Permission(perms[p]).allows(curator_identity) for p in perms.keys() if
p not in [COMMUNITY_APPROVE, COMMUNITY_REQUEST_CHANGES, COMMUNITY_REVERT_APPROVE]])
# Test community publisher action permissions
publisher_identity = get_identity(permissions['publisher'])
assert set(permissions['publisher'].roles) == {member, publisher}
assert Permission(perms[COMMUNITY_PUBLISH]).allows(publisher_identity)
assert Permission(perms[COMMUNITY_UNPUBLISH]).allows(publisher_identity)
assert not Permission(ParameterizedActionNeed(COMMUNITY_PUBLISH, 'B')).allows(publisher_identity)
assert not any([Permission(perms[p]).allows(publisher_identity) for p in perms.keys() if
p not in [COMMUNITY_PUBLISH, COMMUNITY_UNPUBLISH, COMMUNITY_REVERT_APPROVE]])
def check_user_vocabulary_editor_permission(
user_id, vocabulary_id) -> Dict[str, bool]:
done = False
msg = ''
try:
if is_current_user_taxonomy_admin():
done = True
else:
vocabulary = Vocabulary.query.filter_by(
identifier=vocabulary_id).first()
user = User.query.filter_by(id=user_id)
user_identity = get_identity(user)
permission = Permission(ObjectVocabularyEditor(
vocabulary.name))
done = permission.allows(user_identity)
except Exception as e:
msg = str(e)
# print(str(e))
return msg, done
def source_organization_manager_permission_factory(obj):
permission = Permission(source_full_manager_actions)
current_identity = get_identity(current_user)
if permission.allows(current_identity):
return permission
permiso = None
permiso = Permission(ObjectSourceManager(obj['uuid']))
if permiso:
return permiso
aux = obj['orgs']
orgs = aux.split(',')
permiso = None
for org_uuid in orgs:
try:
permiso = Permission(ObjectSourceOrganizationManager(org_uuid))
if permiso:
return permiso
except Exception as e:
raise e
raise PermissionDenied('No tiene permisos de gestión')
def user_has_manager_permission(source, user: User):
if not user or not source:
raise PermissionDenied()
identity = get_identity(user)
permission = Permission(source_full_manager_actions)
if permission.allows(identity):
return True
permiso = Permission(ObjectSourceManager(source.id))
if permiso.allows(identity):
return True
if 'classifications' in source.model.json:
for term in source.model.json['classifications']:
if 'id' in term:
try:
permiso = Permission(ObjectSourceTermManager(term['id']))
if permiso.allows(identity):
return True
except Exception as e:
pass
if 'organizations' in source.model.json:
for org in source.model.json['organizations']:
if 'id' in org:
try:
permiso = Permission(
ObjectSourceOrganizationManager(org['id']))
if permiso.allows(identity):
return True
except Exception as e:
pass
raise PermissionDenied()
