def setUp(self):
"""Create a fake role."""
from invenio.modules.access.control import acc_add_role
from invenio.modules.access.firerole import compile_role_definition, \
serialize
self.role_name = 'test'
self.role_description = 'test role'
self.role_definition = 'allow email /.*@cern.ch/'
self.role_id, dummy, dummy, dummy = acc_add_role(self.role_name,
self.role_description,
serialize(compile_role_definition(self.role_definition)),
self.role_definition)
def setUp(self):
"""Create a fake role."""
from invenio.modules.access.control import acc_add_role
from invenio.modules.access.firerole import compile_role_definition, \
serialize
self.role_name = 'test'
self.role_description = 'test role'
self.role_definition = 'allow email /.*@cern.ch/'
self.role_id, dummy, dummy, dummy = acc_add_role(
self.role_name, self.role_description,
serialize(compile_role_definition(self.role_definition)),
self.role_definition)
def save_acl(self, c):
# Role - use Community id, because role name is limited to 32 chars.
role_name = 'project_role_%s' % self.id
role = AccROLE.query.filter_by(name=role_name).first()
if not role:
rule = 'allow group "%s"\ndeny any' % self.get_group_name()
role = AccROLE(name=role_name,
description='Owner of project %s' % self.title,
firerole_def_ser=serialize(
compile_role_definition(rule)),
firerole_def_src=rule)
db.session.add(role)
# Argument
fields = dict(keyword='collection', value=c.name)
arg = AccARGUMENT.query.filter_by(**fields).first()
if not arg:
arg = AccARGUMENT(**fields)
db.session.add(arg)
# Action
action = AccACTION.query.filter_by(name='viewrestrcoll').first()
# User role
alluserroles = UserAccROLE.query.filter_by(role=role).all()
userrole = None
if alluserroles:
# Remove any user which is not the owner
for ur in alluserroles:
if ur.id_user == self.id_user:
db.session.delete(ur)
else:
userrole = ur
if not userrole:
userrole = UserAccROLE(id_user=self.id_user, role=role)
db.session.add(userrole)
# Authorization
auth = AccAuthorization.query.filter_by(role=role,
action=action,
argument=arg).first()
if not auth:
auth = AccAuthorization(role=role,
action=action,
argument=arg,
argumentlistid=1)
def save_acl(self, c):
# Role - use Community id, because role name is limited to 32 chars.
role_name = 'instrument_role_%s' % self.id
role = AccROLE.query.filter_by(name=role_name).first()
if not role:
rule = 'allow group "%s"\ndeny any' % self.get_group_name()
role = AccROLE(
name=role_name,
description='Owner of instruments %s' % self.name,
firerole_def_ser=serialize(compile_role_definition(rule)),
firerole_def_src=rule)
db.session.add(role)
# Argument
fields = dict(keyword='collection', value=c.name)
arg = AccARGUMENT.query.filter_by(**fields).first()
if not arg:
arg = AccARGUMENT(**fields)
db.session.add(arg)
# Action
action = AccACTION.query.filter_by(name='viewrestrcoll').first()
# User role
alluserroles = UserAccROLE.query.filter_by(role=role).all()
userrole = None
if alluserroles:
# Remove any user which is not the owner
for ur in alluserroles:
if ur.id_user == self.user_id:
db.session.delete(ur)
else:
userrole = ur
if not userrole:
userrole = UserAccROLE(id_user=self.user_id, role=role)
db.session.add(userrole)
# Authorization
auth = AccAuthorization.query.filter_by(role=role, action=action,
argument=arg).first()
if not auth:
auth = AccAuthorization(role=role, action=action, argument=arg,
argumentlistid=1)
