def can_anonymous_read(siloname, id=None): # if silo/id object is not under embargo, return true if granary.issilo(siloname): silo = granary.get_rdf_silo(siloname) if not is_embargoed(silo, id): # Not embargoed, so files+md readable return True else: return False
def is_creator(username, siloname, id): if granary.issilo(siloname): silo = granary.get_rdf_silo(siloname) if silo.exists(id): item = silo.get_item(id) if item.manifest and item.manifest.state and 'metadata' in item.manifest.state and item.manifest.state['metadata'] and \ 'createdby' in item.manifest.state['metadata'] and item.manifest.state['metadata']['createdby']: return (username == item.manifest.state['metadata']['createdby']) return False
def can_list_silo(user, siloname): # if user is admin/manager/submitter or creator of id then okay if granary.issilo(siloname): if can_anonymous_read(siloname, id): return ALLDATA else: if user.is_authenticated(): if user.is_administrator(siloname) or user.is_manager(siloname) or is_creator(user.username, siloname, id): return ALLDATA return MDONLY else: raise NotASilo()
def is_creator(username, siloname, id): if granary.issilo(siloname): silo = granary.get_rdf_silo(siloname) if silo.exists(id): item = silo.get_item(id) if ( item.manifest and item.manifest.state and "metadata" in item.manifest.state and item.manifest.state["metadata"] and "createdby" in item.manifest.state["metadata"] and item.manifest.state["metadata"]["createdby"] ): return username == item.manifest.state["metadata"]["createdby"] return False
def can_list_silo(user, siloname): # if user is admin/manager/submitter or creator of id then okay if granary.issilo(siloname): if can_anonymous_read(siloname, id): return ALLDATA else: if user.is_authenticated(): if ( user.is_administrator(siloname) or user.is_manager(siloname) or is_creator(user.username, siloname, id) ): return ALLDATA return MDONLY else: raise NotASilo()
def can_read(user, siloname, id=None): # if silo/id object is not under embargo, return true # else if user is admin/manager or creator of id then all is visible # otherwise, just show MD (or nothing if repository set to block MD) if granary.issilo(siloname): if can_anonymous_read(siloname, id): return ALLDATA else: if user.is_authenticated(): if user.is_administrator(siloname) or user.is_manager(siloname): return ALLDATA elif user.is_submitter(siloname): if id == None or is_creator(user.username, siloname, id): # submitter to repository - allow read to silo contents return ALLDATA return MDONLY else: raise NotASilo()
def can_write(user, siloname, id=None): # False if not authenticated # True if admin/manager # or True if submitter AND creator of id # or True if submitter and no id is given (ie silo rights) # else False if not user.is_authenticated(): return False if granary.issilo(siloname): if user.is_administrator(siloname) or user.is_manager(siloname): return True elif user.is_submitter(siloname): if id == None: return True elif is_creator(user.username, siloname, id): return True return False else: raise NotASilo()