def check_user_can_view_record(user_info, recid):
"""Check if the user is authorized to view the given recid.
The function grants access in two cases: either user has author rights on
this record, or he has view rights to the primary collection this record
belongs to.
:param user_info: the user_info dictionary that describe the user.
:type user_info: user_info dictionary
:param recid: the record identifier.
:type recid: positive integer
:return: (0, ''), when authorization is granted, (>0, 'message') when
authorization is not granted
"""
from invenio.modules.access.engine import acc_authorize_action
from invenio.modules.access.local_config import VIEWRESTRCOLL
from invenio.modules.collections.cache import is_record_in_any_collection
from invenio.legacy.search_engine import record_public_p, record_exists
policy = cfg['CFG_WEBSEARCH_VIEWRESTRCOLL_POLICY'].strip().upper()
if isinstance(recid, str):
recid = int(recid)
# At this point, either webcoll has not yet run or there are some
# restricted collections. Let's see first if the user own the record.
if is_user_owner_of_record(user_info, recid):
# Perfect! It's authorized then!
return (0, '')
if is_user_viewer_of_record(user_info, recid):
# Perfect! It's authorized then!
return (0, '')
restricted_collections = get_restricted_collections_for_recid(
recid, recreate_cache_if_needed=False)
if not restricted_collections and record_public_p(recid):
# The record is public and not part of any restricted collection
return (0, '')
if restricted_collections:
# If there are restricted collections the user must be authorized to
# all/any of them (depending on the policy)
auth_code, auth_msg = 0, ''
for collection in restricted_collections:
(auth_code, auth_msg) = acc_authorize_action(user_info,
VIEWRESTRCOLL,
collection=collection)
if auth_code and policy != 'ANY':
# Ouch! the user is not authorized to this collection
return (auth_code, auth_msg)
elif auth_code == 0 and policy == 'ANY':
# Good! At least one collection is authorized
return (0, '')
# Depending on the policy, the user will be either authorized or not
return auth_code, auth_msg
if is_record_in_any_collection(recid, recreate_cache_if_needed=False):
# the record is not in any restricted collection
return (0, '')
elif record_exists(recid) > 0:
# We are in the case where webcoll has not run.
# Let's authorize SUPERADMIN
(auth_code, auth_msg) = acc_authorize_action(user_info,
VIEWRESTRCOLL,
collection=None)
if auth_code == 0:
return (0, '')
else:
# Too bad. Let's print a nice message:
return (
1, "The record you are trying to access has just been "
"submitted to the system and needs to be assigned to the "
"proper collections. It is currently restricted for security "
"reasons until the assignment will be fully completed. Please "
"come back later to properly access this record.")
else:
# The record either does not exists or has been deleted.
# Let's handle these situations outside of this code.
return (0, '')
def check_user_can_view_record(user_info, recid):
"""Check if the user is authorized to view the given recid.
The function grants access in two cases: either user has author rights on
this record, or he has view rights to the primary collection this record
belongs to.
:param user_info: the user_info dictionary that describe the user.
:type user_info: user_info dictionary
:param recid: the record identifier.
:type recid: positive integer
:return: (0, ''), when authorization is granted, (>0, 'message') when
authorization is not granted
"""
from invenio_records.api import get_record
from invenio.modules.access.engine import acc_authorize_action
from invenio.modules.access.local_config import VIEWRESTRCOLL
from invenio.modules.collections.cache import is_record_in_any_collection
from invenio.legacy.search_engine import record_exists
policy = cfg["CFG_WEBSEARCH_VIEWRESTRCOLL_POLICY"].strip().upper()
if isinstance(recid, str):
recid = int(recid)
# At this point, either webcoll has not yet run or there are some
# restricted collections. Let's see first if the user own the record.
if is_user_owner_of_record(user_info, recid):
# Perfect! It's authorized then!
return (0, "")
if is_user_viewer_of_record(user_info, recid):
# Perfect! It's authorized then!
return (0, "")
restricted_collections = get_restricted_collections_for_recid(recid, recreate_cache_if_needed=False)
if not restricted_collections and is_record_public(get_record(recid)):
# The record is public and not part of any restricted collection
return (0, "")
if restricted_collections:
# If there are restricted collections the user must be authorized to
# all/any of them (depending on the policy)
auth_code, auth_msg = 0, ""
for collection in restricted_collections:
(auth_code, auth_msg) = acc_authorize_action(user_info, VIEWRESTRCOLL, collection=collection)
if auth_code and policy != "ANY":
# Ouch! the user is not authorized to this collection
return (auth_code, auth_msg)
elif auth_code == 0 and policy == "ANY":
# Good! At least one collection is authorized
return (0, "")
# Depending on the policy, the user will be either authorized or not
return auth_code, auth_msg
if is_record_in_any_collection(recid, recreate_cache_if_needed=False):
# the record is not in any restricted collection
return (0, "")
elif record_exists(recid) > 0:
# We are in the case where webcoll has not run.
# Let's authorize SUPERADMIN
(auth_code, auth_msg) = acc_authorize_action(user_info, VIEWRESTRCOLL, collection=None)
if auth_code == 0:
return (0, "")
else:
# Too bad. Let's print a nice message:
return (
1,
"The record you are trying to access has just been "
"submitted to the system and needs to be assigned to the "
"proper collections. It is currently restricted for security "
"reasons until the assignment will be fully completed. Please "
"come back later to properly access this record.",
)
else:
# The record either does not exists or has been deleted.
# Let's handle these situations outside of this code.
return (0, "")
def is_processed(self):
"""Return True is recods is processed (not in any collection)."""
from invenio.modules.collections.cache import is_record_in_any_collection
return not is_record_in_any_collection(self.id,
recreate_cache_if_needed=False)
def detailed_record_container_top(self, recid, tabs, ln=CFG_SITE_LANG,
show_similar_rec_p=True,
creationdate=None,
modificationdate=None, show_short_rec_p=True,
citationnum=-1, referencenum=-1, discussionnum=-1,
include_jquery = False, include_mathjax = False):
"""Prints the box displayed in detailed records pages, with tabs at the top.
Returns content as it is if the number of tabs for this record
is smaller than 2
Parameters:
@param recid: int - the id of the displayed record
@param tabs: ** - the tabs displayed at the top of the box.
@param ln: *string* - the language of the page in which the box is displayed
@param show_similar_rec_p: *bool* print 'similar records' link in the box
@param creationdate: *string* - the creation date of the displayed record
@param modificationdate: *string* - the last modification date of the displayed record
@param show_short_rec_p: *boolean* - prints a very short version of the record as reminder.
@param citationnum: show (this) number of citations in the citations tab
@param referencenum: show (this) number of references in the references tab
@param discussionnum: show (this) number of comments/reviews in the discussion tab
"""
from invenio.modules.collections.cache import get_all_restricted_recids
from invenio.modules.collections.cache import is_record_in_any_collection
# load the right message language
_ = gettext_set_language(ln)
# Prepare restriction flag
restriction_flag = ''
if recid in get_all_restricted_recids():
restriction_flag = '<div class="restrictedflag"><span>%s</span></div>' % _("Restricted")
elif not is_record_in_any_collection(recid, recreate_cache_if_needed=False):
restriction_flag = '<div class="restrictedflag restrictedflag-pending"><span>%s</span></div>' % _("Restricted (Processing Record)")
# If no tabs, returns nothing (excepted if restricted)
if len(tabs) <= 1:
return restriction_flag
# Build the tabs at the top of the page
out_tabs = ''
if len(tabs) > 1:
first_tab = True
for (label, url, selected, enabled) in tabs:
addnum = ""
if (citationnum > -1) and url.count("/citation") == 1:
addnum = "(" + str(citationnum) + ")"
if (referencenum > -1) and url.count("/references") == 1:
addnum = "(" + str(referencenum) + ")"
if (discussionnum > -1) and url.count("/comments") == 1:
addnum = "(" + str(discussionnum) + ")"
css_class = []
if selected:
css_class.append('on')
if first_tab:
css_class.append('first')
first_tab = False
if not enabled:
css_class.append('disabled')
css_class = ' class="%s"' % ' '.join(css_class)
if not enabled:
out_tabs += '<li%(class)s><a>%(label)s %(addnum)s</a></li>' % \
{'class':css_class,
'label':label,
'addnum':addnum}
else:
out_tabs += '<li%(class)s><a href="%(url)s">%(label)s %(addnum)s </a></li>' % \
{'class':css_class,
'url':url,
'label':label,
'addnum':addnum}
if out_tabs != '':
out_tabs = ''' <div class="detailedrecordtabs">
<div>
<ul class="detailedrecordtabs">%s</ul>
<div id="tabsSpacer" style="clear:both;height:0px"> </div></div>
</div>''' % out_tabs
# Add the clip icon and the brief record reminder if necessary
record_brief = ''
if show_short_rec_p:
record_brief = format_record(recID=recid, of='hs', ln=ln)
record_brief = '''<div id="detailedrecordshortreminder">
<div id="clip"> </div>
<div id="HB">
%(record_brief)s
</div>
</div>
<div style="clear:both;height:1px"> </div>
''' % {'record_brief': record_brief}
additional_scripts = ""
if include_jquery:
additional_scripts += """<script type="text/javascript" src="%s/js/jquery.min.js">' \
'</script>\n""" % (CFG_BASE_URL, )
if include_mathjax:
additional_scripts += get_mathjax_header()
# Print the content
out = """
%(additional_scripts)s<div class="detailedrecordbox">
%(tabs)s
<div class="detailedrecordboxcontent">
<div class="top-left-folded"></div>
<div class="top-right-folded"></div>
<div class="inside">
<!--<div style="height:0.1em;"> </div>
<p class="notopgap"> </p>-->
%(record_brief)s
""" % {'additional_scripts': additional_scripts,
'tabs':out_tabs,
'record_brief':record_brief}
out = restriction_flag + out
return out
def detailed_record_container_top(self,
recid,
tabs,
ln=CFG_SITE_LANG,
show_similar_rec_p=True,
creationdate=None,
modificationdate=None,
show_short_rec_p=True,
citationnum=-1,
referencenum=-1,
discussionnum=-1,
include_jquery=False,
include_mathjax=False):
"""Prints the box displayed in detailed records pages, with tabs at the top.
Returns content as it is if the number of tabs for this record
is smaller than 2
Parameters:
@param recid: int - the id of the displayed record
@param tabs: ** - the tabs displayed at the top of the box.
@param ln: *string* - the language of the page in which the box is displayed
@param show_similar_rec_p: *bool* print 'similar records' link in the box
@param creationdate: *string* - the creation date of the displayed record
@param modificationdate: *string* - the last modification date of the displayed record
@param show_short_rec_p: *boolean* - prints a very short version of the record as reminder.
@param citationnum: show (this) number of citations in the citations tab
@param referencenum: show (this) number of references in the references tab
@param discussionnum: show (this) number of comments/reviews in the discussion tab
"""
from invenio.modules.collections.cache import get_all_restricted_recids
from invenio.modules.collections.cache import is_record_in_any_collection
# load the right message language
_ = gettext_set_language(ln)
# Prepare restriction flag
restriction_flag = ''
if recid in get_all_restricted_recids():
restriction_flag = '<div class="restrictedflag"><span>%s</span></div>' % _(
"Restricted")
elif not is_record_in_any_collection(recid,
recreate_cache_if_needed=False):
restriction_flag = '<div class="restrictedflag restrictedflag-pending"><span>%s</span></div>' % _(
"Restricted (Processing Record)")
# If no tabs, returns nothing (excepted if restricted)
if len(tabs) <= 1:
return restriction_flag
# Build the tabs at the top of the page
out_tabs = ''
if len(tabs) > 1:
first_tab = True
for (label, url, selected, enabled) in tabs:
addnum = ""
if (citationnum > -1) and url.count("/citation") == 1:
addnum = "(" + str(citationnum) + ")"
if (referencenum > -1) and url.count("/references") == 1:
addnum = "(" + str(referencenum) + ")"
if (discussionnum > -1) and url.count("/comments") == 1:
addnum = "(" + str(discussionnum) + ")"
css_class = []
if selected:
css_class.append('on')
if first_tab:
css_class.append('first')
first_tab = False
if not enabled:
css_class.append('disabled')
css_class = ' class="%s"' % ' '.join(css_class)
if not enabled:
out_tabs += '<li%(class)s><a>%(label)s %(addnum)s</a></li>' % \
{'class':css_class,
'label':label,
'addnum':addnum}
else:
out_tabs += '<li%(class)s><a href="%(url)s">%(label)s %(addnum)s </a></li>' % \
{'class':css_class,
'url':url,
'label':label,
'addnum':addnum}
if out_tabs != '':
out_tabs = ''' <div class="detailedrecordtabs">
<div>
<ul class="detailedrecordtabs">%s</ul>
<div id="tabsSpacer" style="clear:both;height:0px"> </div></div>
</div>''' % out_tabs
# Add the clip icon and the brief record reminder if necessary
record_brief = ''
if show_short_rec_p:
record_brief = format_record(recID=recid, of='hs', ln=ln)
record_brief = '''<div id="detailedrecordshortreminder">
<div id="clip"> </div>
<div id="HB">
%(record_brief)s
</div>
</div>
<div style="clear:both;height:1px"> </div>
''' % {
'record_brief': record_brief
}
additional_scripts = ""
if include_jquery:
additional_scripts += """<script type="text/javascript" src="%s/js/jquery.min.js">' \
'</script>\n""" % (CFG_BASE_URL, )
if include_mathjax:
additional_scripts += get_mathjax_header()
# Print the content
out = """
%(additional_scripts)s<div class="detailedrecordbox">
%(tabs)s
<div class="detailedrecordboxcontent">
<div class="top-left-folded"></div>
<div class="top-right-folded"></div>
<div class="inside">
<!--<div style="height:0.1em;"> </div>
<p class="notopgap"> </p>-->
%(record_brief)s
""" % {
'additional_scripts': additional_scripts,
'tabs': out_tabs,
'record_brief': record_brief
}
out = restriction_flag + out
return out
