def validate_user_can_see_bibrec(dummy_form, field): """ Check if user has rights to view bibrec """ if field.data: (auth_code, msg) = check_user_can_view_record(current_user, field.data) if auth_code > 0: raise validators.ValidationError( _('Unauthorized to view record: ') + msg)
def get_latest_linkbacks_to_accessible_records(rg, linkbacks, user_info): result = [] for linkback in linkbacks: (auth_code, auth_msg) = check_user_can_view_record(user_info, linkback[2]) # pylint: disable=W0612 if not auth_code: result.append(linkback) if len(result) == rg: break return result
def __call__(self, req, form): argd = wash_search_urlargd(form) argd['recid'] = self.recid if self.format is not None: argd['of'] = self.format req.argd = argd uid = getUid(req) if uid == -1: return page_not_authorized(req, "../", text="You are not authorized to view this record.", navmenuid='search') elif uid > 0: pref = get_user_preferences(uid) try: if not form.has_key('rg'): # fetch user rg preference only if not overridden via URL argd['rg'] = int(pref['websearch_group_records']) except (KeyError, ValueError): pass # Check if the record belongs to a restricted primary # collection. If yes, redirect to the authenticated URL. user_info = collect_user_info(req) (auth_code, auth_msg) = check_user_can_view_record(user_info, self.recid) if argd['rg'] > CFG_WEBSEARCH_MAX_RECORDS_IN_GROUPS and acc_authorize_action(req, 'runbibedit')[0] != 0: argd['rg'] = CFG_WEBSEARCH_MAX_RECORDS_IN_GROUPS #check if the user has rights to set a high wildcard limit #if not, reduce the limit set by user, with the default one if CFG_WEBSEARCH_WILDCARD_LIMIT > 0 and (argd['wl'] > CFG_WEBSEARCH_WILDCARD_LIMIT or argd['wl'] == 0): if acc_authorize_action(req, 'runbibedit')[0] != 0: argd['wl'] = CFG_WEBSEARCH_WILDCARD_LIMIT # only superadmins can use verbose parameter for obtaining debug information if not isUserSuperAdmin(user_info): argd['verbose'] = 0 if auth_code and user_info['email'] == 'guest': cookie = mail_cookie_create_authorize_action(VIEWRESTRCOLL, {'collection' : guess_primary_collection_of_a_record(self.recid)}) target = CFG_SITE_SECURE_URL + '/youraccount/login' + \ make_canonical_urlargd({'action': cookie, 'ln' : argd['ln'], 'referer' : CFG_SITE_SECURE_URL + req.unparsed_uri}, {}) return redirect_to_url(req, target, norobot=True) elif auth_code: return page_not_authorized(req, "../", \ text=auth_msg, \ navmenuid='search') # mod_python does not like to return [] in case when of=id: out = perform_request_search(req, **argd) if isinstance(out, intbitset): return out.fastdump() elif out == []: return str(out) else: return out
def getfile(req, form): args = wash_urlargd(form, websubmit_templates.files_default_urlargd) ln = args["ln"] _ = gettext_set_language(ln) uid = getUid(req) user_info = collect_user_info(req) verbose = args["verbose"] if verbose >= 1 and not isUserSuperAdmin(user_info): # Only SuperUser can see all the details! verbose = 0 if uid == -1 or CFG_ACCESS_CONTROL_LEVEL_SITE > 1: return page_not_authorized(req, "/%s/%s" % (CFG_SITE_RECORD, self.recid), navmenuid="submit") if record_exists(self.recid) < 1: msg = "<p>%s</p>" % _("Requested record does not seem to exist.") return warningMsg(msg, req, CFG_SITE_NAME, ln) if record_empty(self.recid): msg = "<p>%s</p>" % _("Requested record does not seem to have been integrated.") return warningMsg(msg, req, CFG_SITE_NAME, ln) (auth_code, auth_message) = check_user_can_view_record(user_info, self.recid) if auth_code and user_info["email"] == "guest": cookie = mail_cookie_create_authorize_action( VIEWRESTRCOLL, {"collection": guess_primary_collection_of_a_record(self.recid)} ) target = "/youraccount/login" + make_canonical_urlargd( {"action": cookie, "ln": ln, "referer": CFG_SITE_URL + user_info["uri"]}, {} ) return redirect_to_url(req, target, norobot=True) elif auth_code: return page_not_authorized(req, "../", text=auth_message) readonly = CFG_ACCESS_CONTROL_LEVEL_SITE == 1 # From now on: either the user provided a specific file # name (and a possible version), or we return a list of # all the available files. In no case are the docids # visible. try: bibarchive = BibRecDocs(self.recid) except InvenioWebSubmitFileError, e: register_exception(req=req, alert_admin=True) msg = "<p>%s</p><p>%s</p>" % ( _("The system has encountered an error in retrieving the list of files for this document."), _("The error has been logged and will be taken in consideration as soon as possible."), ) return warningMsg(msg, req, CFG_SITE_NAME, ln)
def check_user_can_view_linkbacks(user_info, recid): """ Check if the user is authorized to view linkbacks for a given recid. Returns the same type as acc_authorize_action """ # check user cannot view the record itself (auth_code, auth_msg) = check_user_can_view_record(user_info, recid) if auth_code: return (auth_code, auth_msg) # check if user can view the linkbacks record_primary_collection = guess_primary_collection_of_a_record(recid) return acc_authorize_action(user_info, 'viewlinkbacks', authorized_if_no_roles=True, collection=record_primary_collection)
def decorated(recid, *args, **kwargs): # ensure recid to be integer recid = int(recid) g.collection = collection = Collection.query.filter( Collection.name == guess_primary_collection_of_a_record(recid)).\ one() (auth_code, auth_msg) = check_user_can_view_record(current_user, recid) # only superadmins can use verbose parameter for obtaining debug information if not current_user.is_super_admin and 'verbose' in kwargs: kwargs['verbose'] = 0 if auth_code and current_user.is_guest: cookie = mail_cookie_create_authorize_action(VIEWRESTRCOLL, { 'collection': guess_primary_collection_of_a_record(recid)}) url_args = {'action': cookie, 'ln': g.ln, 'referer': request.url} flash(_("Authorization failure"), 'error') return redirect(url_for('webaccount.login', **url_args)) elif auth_code: flash(auth_msg, 'error') abort(apache.HTTP_UNAUTHORIZED) from invenio.bibfield import get_record from invenio.search_engine import record_exists, get_merged_recid # check if the current record has been deleted # and has been merged, case in which the deleted record # will be redirect to the new one record_status = record_exists(recid) merged_recid = get_merged_recid(recid) if record_status == -1 and merged_recid: return redirect(url_for('record.metadata', recid=merged_recid)) elif record_status == -1: abort(apache.HTTP_GONE) # The record is gone! g.bibrec = Bibrec.query.get(recid) record = get_record(recid) title = record.get('title.title', '') b = [(_('Home'), '')] + collection.breadcrumbs()[1:] b += [(title, 'record.metadata', dict(recid=recid))] current_app.config['breadcrumbs_map'][request.endpoint] = b g.record_tab_keys = [] tabs = [] counts = get_detailed_page_tabs_counts(recid) for k, v in get_detailed_page_tabs(collection.id, recid, g.ln).iteritems(): t = {} b = 'record' if k == '': k = 'metadata' if k == 'comments' or k == 'reviews': b = 'webcomment' if k == 'linkbacks': b = 'weblinkback' k = 'index' t['key'] = b + '.' + k t['count'] = counts.get(k.capitalize(), -1) t.update(v) tabs.append(t) if v['visible']: g.record_tab_keys.append(b + '.' + k) if CFG_WEBLINKBACK_TRACKBACK_ENABLED: @register_template_context_processor def trackback_context(): from invenio.weblinkback_templates import get_trackback_auto_discovery_tag return dict(headerLinkbackTrackbackLink=get_trackback_auto_discovery_tag(recid)) def _format_record(recid, of='hd', user_info=current_user, *args, **kwargs): return print_record(recid, format=of, user_info=user_info, *args, **kwargs) @register_template_context_processor def record_context(): files = [f for f in BibRecDocs(recid, human_readable=True).list_latest_files(list_hidden=False) \ if not f.is_icon() and f.is_restricted(current_user)[0] == 0] return dict(recid=recid, record=record, tabs=tabs, title=title, get_mini_reviews=lambda *args, **kwargs: get_mini_reviews(*args, **kwargs).decode('utf8'), collection=collection, format_record=_format_record, files=files ) return f(recid, *args, **kwargs)
def decorated(recid, *args, **kwargs): # ensure recid to be integer recid = int(recid) g.collection = collection = Collection.query.filter( Collection.name == guess_primary_collection_of_a_record(recid)).\ one() (auth_code, auth_msg) = check_user_can_view_record(current_user, recid) # only superadmins can use verbose parameter for obtaining debug information if not current_user.is_super_admin and 'verbose' in kwargs: kwargs['verbose'] = 0 if auth_code and current_user.is_guest: cookie = mail_cookie_create_authorize_action( VIEWRESTRCOLL, {'collection': guess_primary_collection_of_a_record(recid)}) url_args = { 'action': cookie, 'ln': g.ln, 'referer': request.referrer } flash(_("Authorization failure"), 'error') return redirect(url_for('webaccount.login', **url_args)) elif auth_code: flash(auth_msg, 'error') abort(apache.HTTP_UNAUTHORIZED) from invenio.search_engine import record_exists, get_merged_recid # check if the current record has been deleted # and has been merged, case in which the deleted record # will be redirect to the new one record_status = record_exists(recid) merged_recid = get_merged_recid(recid) if record_status == -1 and merged_recid: return redirect(url_for('record.metadata', recid=merged_recid)) elif record_status == -1: abort(apache.HTTP_GONE) # The record is gone! g.record = record = Bibrec.query.get(recid) user = None if not current_user.is_guest: user = User.query.get(current_user.get_id()) title = get_fieldvalues(recid, '245__a') title = title[0] if len(title) > 0 else '' b = [(_('Home'), '')] + collection.breadcrumbs()[1:] b += [(title, 'record.metadata', dict(recid=recid))] current_app.config['breadcrumbs_map'][request.endpoint] = b g.record_tab_keys = [] tabs = [] counts = get_detailed_page_tabs_counts(recid) for k, v in get_detailed_page_tabs(collection.id, recid, g.ln).iteritems(): t = {} b = 'record' if k == '': k = 'metadata' if k == 'comments' or k == 'reviews': b = 'webcomment' if k == 'linkbacks': b = 'weblinkback' k = 'index' t['key'] = b + '.' + k t['count'] = counts.get(k.capitalize(), -1) t.update(v) tabs.append(t) if v['visible']: g.record_tab_keys.append(b + '.' + k) if CFG_WEBLINKBACK_TRACKBACK_ENABLED: @register_template_context_processor def trackback_context(): from invenio.weblinkback_templates import get_trackback_auto_discovery_tag return dict(headerLinkbackTrackbackLink= get_trackback_auto_discovery_tag(recid)) @register_template_context_processor def record_context(): return dict(recid=recid, record=record, user=user, tabs=tabs, title=title, get_mini_reviews=lambda *args, **kwargs: get_mini_reviews(*args, **kwargs).decode('utf8'), collection=collection, format_record=lambda recID, of='hb', ln=g.ln: format_record(recID, of=of, ln=ln, verbose=0, search_pattern='', on_the_fly=False)) return f(recid, *args, **kwargs)
def add_records_to_basket(records, basket_id): """Add the given records to the given baskets""" index = 0 owner_uid = get_basket_owner_id(basket_id) # We check that the owner of the recipient basket would be allowed # to view the records. This does not apply to external records # (hosted collections). user_info = collect_user_info(owner_uid) filtered_records = ([], records[1]) filtered_out_recids = [] # only set in debug mode for recid in records[0]: (auth_code, auth_msg) = check_user_can_view_record(user_info, recid) if auth_code == 0: filtered_records[0].append(recid) elif CFG_WEBALERT_DEBUG_LEVEL > 2: # only keep track of this in DEBUG mode filtered_out_recids.append(recid) nrec = len(filtered_records[0]) index += nrec if index > CFG_WEBALERT_MAX_NUM_OF_RECORDS_IN_ALERT_EMAIL: index = CFG_WEBALERT_MAX_NUM_OF_RECORDS_IN_ALERT_EMAIL if nrec > 0: nrec_to_add = nrec < index and nrec or index if CFG_WEBALERT_DEBUG_LEVEL > 0: print "-> adding %i records into basket %s: %s" % (nrec_to_add, basket_id, filtered_records[0][:nrec_to_add]) if nrec > nrec_to_add: print "-> not added %i records into basket %s: %s due to maximum limit restrictions." % (nrec - nrec_to_add, basket_id, filtered_records[0][nrec_to_add:]) try: if CFG_WEBALERT_DEBUG_LEVEL == 0: add_to_basket(owner_uid, filtered_records[0][:nrec_to_add], 0, basket_id) else: print ' NOT ADDED, DEBUG LEVEL > 0' except Exception: register_exception() if CFG_WEBALERT_DEBUG_LEVEL > 2 and filtered_out_recids: print "-> these records have been filtered out, as user id %s did not have access:\n%s" % \ (owner_uid, repr(filtered_out_recids)) if index < CFG_WEBALERT_MAX_NUM_OF_RECORDS_IN_ALERT_EMAIL: for external_collection_results in filtered_records[1][0]: nrec = len(external_collection_results[1][0]) # index_tmp: the number of maximum allowed records to be added to # the basket for the next collection. index_tmp = CFG_WEBALERT_MAX_NUM_OF_RECORDS_IN_ALERT_EMAIL - index index += nrec if index > CFG_WEBALERT_MAX_NUM_OF_RECORDS_IN_ALERT_EMAIL: index = CFG_WEBALERT_MAX_NUM_OF_RECORDS_IN_ALERT_EMAIL if nrec > 0 and index_tmp > 0: nrec_to_add = nrec < index_tmp and nrec or index_tmp if CFG_WEBALERT_DEBUG_LEVEL > 0: print "-> adding %s external records (collection \"%s\") into basket %s: %s" % (nrec_to_add, external_collection_results[0], basket_id, external_collection_results[1][0][:nrec_to_add]) if nrec > nrec_to_add: print "-> not added %s external records (collection \"%s\") into basket %s: %s due to maximum limit restriction" % (nrec - nrec_to_add, external_collection_results[0], basket_id, external_collection_results[1][0][nrec_to_add:]) try: if CFG_WEBALERT_DEBUG_LEVEL == 0: collection_id = get_collection_id(external_collection_results[0]) added_items = add_to_basket(owner_uid, external_collection_results[1][0][:nrec_to_add], collection_id, basket_id) format_external_records(added_items, of="xm") else: print ' NOT ADDED, DEBUG LEVEL > 0' except Exception: register_exception() elif nrec > 0 and CFG_WEBALERT_DEBUG_LEVEL > 0: print "-> not added %s external records (collection \"%s\") into basket %s: %s due to maximum limit restriction" % (nrec, external_collection_results[0], basket_id, external_collection_results[1][0]) elif CFG_WEBALERT_DEBUG_LEVEL > 0: for external_collection_results in filtered_records[1][0]: nrec = len(external_collection_results[1][0]) if nrec > 0: print "-> not added %i external records (collection \"%s\") into basket %s: %s due to maximum limit restrictions" % (nrec, external_collection_results[0], basket_id, external_collection_results[1][0])
def email_notify(alert, records, argstr): """Send the notification e-mail for a specific alert.""" if CFG_WEBALERT_DEBUG_LEVEL > 2: print "+" * 80 + '\n' uid = alert[0] user_info = collect_user_info(uid) frequency = alert[3] alert_name = alert[5] alert_description = alert[7] alert_recipient_email = alert[8] # set only by admin. Bypasses access-right checks. filtered_out_recids = [] # only set in debug mode if not alert_recipient_email: # Filter out records that user (who setup the alert) should # not see. This does not apply to external records (hosted # collections). filtered_records = ([], records[1]) for recid in records[0]: (auth_code, auth_msg) = check_user_can_view_record(user_info, recid) if auth_code == 0: filtered_records[0].append(recid) elif CFG_WEBALERT_DEBUG_LEVEL > 2: # only keep track of this in DEBUG mode filtered_out_recids.append(recid) else: # If admin has decided to send to some mailing-list, we cannot # verify that recipients have access to the records. So keep # all of them. filtered_records = records if len(filtered_records[0]) == 0: total_n_external_records = 0 for external_collection_results in filtered_records[1][0]: total_n_external_records += len(external_collection_results[1][0]) if total_n_external_records == 0: return msg = "" if CFG_WEBALERT_DEBUG_LEVEL > 2 and filtered_out_recids: print "-> these records have been filtered out, as user id %s did not have access:\n%s" % \ (uid, repr(filtered_out_recids)) if CFG_WEBALERT_DEBUG_LEVEL > 0: msg = "*** THIS MESSAGE WAS SENT IN DEBUG MODE ***\n\n" url = CFG_SITE_URL + "/search?" + argstr # Extract the pattern, the collection list, the current collection # and the sc (split collection) from the formatted query query = parse_qs(argstr) pattern = query.get('p', [''])[0] collection_list = query.get('c', []) current_collection = query.get('cc', ['']) sc = query.get('sc', ['1']) collections = calculate_desired_collection_list(collection_list, current_collection, int(sc[0])) msg += webalert_templates.tmpl_alert_email_body(alert_name, alert_description, url, filtered_records, pattern, collections, frequency, alert_use_basket_p(alert)) email = alert_recipient_email or get_email(uid) if email == 'guest': print "********************************************************************************" print "The following alert was not send, because cannot detect user email address:" print " " + repr(argstr) print "********************************************************************************" return if CFG_WEBALERT_DEBUG_LEVEL > 0: print "********************************************************************************" print msg print "********************************************************************************" if CFG_WEBALERT_DEBUG_LEVEL < 2: send_email(fromaddr=webalert_templates.tmpl_alert_email_from(), toaddr=email, subject=webalert_templates.tmpl_alert_email_title(alert_name), content=msg, header='', footer='', attempt_times=CFG_WEBALERT_SEND_EMAIL_NUMBER_OF_TRIES, attempt_sleeptime=CFG_WEBALERT_SEND_EMAIL_SLEEPTIME_BETWEEN_TRIES) if CFG_WEBALERT_DEBUG_LEVEL == 4: send_email(fromaddr=webalert_templates.tmpl_alert_email_from(), toaddr=CFG_SITE_ADMIN_EMAIL, subject=webalert_templates.tmpl_alert_email_title(alert_name), content=msg, header='', footer='', attempt_times=CFG_WEBALERT_SEND_EMAIL_NUMBER_OF_TRIES, attempt_sleeptime=CFG_WEBALERT_SEND_EMAIL_SLEEPTIME_BETWEEN_TRIES)
def add_records_to_basket(records, basket_id): """Add the given records to the given baskets""" index = 0 owner_uid = get_basket_owner_id(basket_id) # We check that the owner of the recipient basket would be allowed # to view the records. This does not apply to external records # (hosted collections). user_info = collect_user_info(owner_uid) filtered_records = ([], records[1]) filtered_out_recids = [] # only set in debug mode for recid in records[0]: (auth_code, auth_msg) = check_user_can_view_record(user_info, recid) if auth_code == 0: filtered_records[0].append(recid) elif CFG_WEBALERT_DEBUG_LEVEL > 2: # only keep track of this in DEBUG mode filtered_out_recids.append(recid) nrec = len(filtered_records[0]) index += nrec if index > CFG_WEBALERT_MAX_NUM_OF_RECORDS_IN_ALERT_EMAIL: index = CFG_WEBALERT_MAX_NUM_OF_RECORDS_IN_ALERT_EMAIL if nrec > 0: nrec_to_add = nrec < index and nrec or index if CFG_WEBALERT_DEBUG_LEVEL > 0: print "-> adding %i records into basket %s: %s" % ( nrec_to_add, basket_id, filtered_records[0][:nrec_to_add]) if nrec > nrec_to_add: print "-> not added %i records into basket %s: %s due to maximum limit restrictions." % ( nrec - nrec_to_add, basket_id, filtered_records[0][nrec_to_add:]) try: if CFG_WEBALERT_DEBUG_LEVEL == 0: add_to_basket(owner_uid, filtered_records[0][:nrec_to_add], 0, basket_id) else: print ' NOT ADDED, DEBUG LEVEL > 0' except Exception: register_exception() if CFG_WEBALERT_DEBUG_LEVEL > 2 and filtered_out_recids: print "-> these records have been filtered out, as user id %s did not have access:\n%s" % \ (owner_uid, repr(filtered_out_recids)) if index < CFG_WEBALERT_MAX_NUM_OF_RECORDS_IN_ALERT_EMAIL: for external_collection_results in filtered_records[1][0]: nrec = len(external_collection_results[1][0]) # index_tmp: the number of maximum allowed records to be added to # the basket for the next collection. index_tmp = CFG_WEBALERT_MAX_NUM_OF_RECORDS_IN_ALERT_EMAIL - index index += nrec if index > CFG_WEBALERT_MAX_NUM_OF_RECORDS_IN_ALERT_EMAIL: index = CFG_WEBALERT_MAX_NUM_OF_RECORDS_IN_ALERT_EMAIL if nrec > 0 and index_tmp > 0: nrec_to_add = nrec < index_tmp and nrec or index_tmp if CFG_WEBALERT_DEBUG_LEVEL > 0: print "-> adding %s external records (collection \"%s\") into basket %s: %s" % ( nrec_to_add, external_collection_results[0], basket_id, external_collection_results[1][0][:nrec_to_add]) if nrec > nrec_to_add: print "-> not added %s external records (collection \"%s\") into basket %s: %s due to maximum limit restriction" % ( nrec - nrec_to_add, external_collection_results[0], basket_id, external_collection_results[1][0][nrec_to_add:]) try: if CFG_WEBALERT_DEBUG_LEVEL == 0: collection_id = get_collection_id( external_collection_results[0]) added_items = add_to_basket( owner_uid, external_collection_results[1][0][:nrec_to_add], collection_id, basket_id) format_external_records(added_items, of="xm") else: print ' NOT ADDED, DEBUG LEVEL > 0' except Exception: register_exception() elif nrec > 0 and CFG_WEBALERT_DEBUG_LEVEL > 0: print "-> not added %s external records (collection \"%s\") into basket %s: %s due to maximum limit restriction" % ( nrec, external_collection_results[0], basket_id, external_collection_results[1][0]) elif CFG_WEBALERT_DEBUG_LEVEL > 0: for external_collection_results in filtered_records[1][0]: nrec = len(external_collection_results[1][0]) if nrec > 0: print "-> not added %i external records (collection \"%s\") into basket %s: %s due to maximum limit restrictions" % ( nrec, external_collection_results[0], basket_id, external_collection_results[1][0])
def ill_register_request_with_recid(self, req, form): """ Register ILL request. """ argd = wash_urlargd( form, { 'ln': (str, ""), 'period_of_interest_from': (str, ""), 'period_of_interest_to': (str, ""), 'additional_comments': (str, ""), 'conditions': (str, ""), 'only_edition': (str, ""), }) _ = gettext_set_language(argd['ln']) uid = getUid(req) body = ill_register_request_with_recid( recid=self.recid, uid=uid, period_of_interest_from=argd['period_of_interest_from'], period_of_interest_to=argd['period_of_interest_to'], additional_comments=argd['additional_comments'], conditions=argd['conditions'], only_edition=argd['only_edition'], ln=argd['ln']) uid = getUid(req) if uid == -1 or CFG_ACCESS_CONTROL_LEVEL_SITE >= 1: return page_not_authorized(req, "../holdings/ill_request_with_recid", navmenuid='yourbaskets') if isGuestUser(uid): if not CFG_WEBSESSION_DIFFERENTIATE_BETWEEN_GUESTS: return redirect_to_url( req, "%s/youraccount/login%s" % (CFG_SITE_SECURE_URL, make_canonical_urlargd( { 'referer': "%s/record/%s/holdings/ill_request_with_recid%s" % (CFG_SITE_URL, self.recid, make_canonical_urlargd(argd, {})), "ln": argd['ln'] }, {}))) user_info = collect_user_info(req) (auth_code, auth_msg) = check_user_can_view_record(user_info, self.recid) if auth_code and user_info['email'] == 'guest': cookie = mail_cookie_create_authorize_action( VIEWRESTRCOLL, { 'collection': guess_primary_collection_of_a_record( self.recid) }) target = '/youraccount/login' + \ make_canonical_urlargd({'action': cookie, 'ln' : argd['ln'], 'referer' : \ CFG_SITE_URL + user_info['uri']}, {}) return redirect_to_url(req, target) elif auth_code: return page_not_authorized(req, "../", \ text = auth_msg) unordered_tabs = get_detailed_page_tabs(get_colID( guess_primary_collection_of_a_record(self.recid)), self.recid, ln=argd['ln']) ordered_tabs_id = [(tab_id, values['order']) for (tab_id, values) in unordered_tabs.iteritems()] ordered_tabs_id.sort(lambda x, y: cmp(x[1], y[1])) link_ln = '' if argd['ln'] != CFG_SITE_LANG: link_ln = '?ln=%s' % argd['ln'] tabs = [(unordered_tabs[tab_id]['label'], \ '%s/record/%s/%s%s' % (CFG_SITE_URL, self.recid, tab_id, link_ln), \ tab_id in ['holdings'], unordered_tabs[tab_id]['enabled']) \ for (tab_id, _order) in ordered_tabs_id if unordered_tabs[tab_id]['visible'] == True] top = webstyle_templates.detailed_record_container_top( self.recid, tabs, argd['ln']) bottom = webstyle_templates.detailed_record_container_bottom( self.recid, tabs, argd['ln']) title = websearch_templates.tmpl_record_page_header_content( req, self.recid, argd['ln'])[0] navtrail = create_navtrail_links( cc=guess_primary_collection_of_a_record(self.recid), ln=argd['ln']) navtrail += ' > <a class="navtrail" href="%s/record/%s?ln=%s">' % ( CFG_SITE_URL, self.recid, argd['ln']) navtrail += title navtrail += '</a>' return pageheaderonly(title=title, navtrail=navtrail, uid=uid, verbose=1, req=req, language=argd['ln'], navmenuid='search', navtrail_append_title_p=0) + \ websearch_templates.tmpl_search_pagestart(argd['ln']) + \ top + body + bottom + \ websearch_templates.tmpl_search_pageend(argd['ln']) + \ pagefooteronly(lastupdated=__lastupdated__, language=argd['ln'], req=req)
def getfile(req, form): args = wash_urlargd(form, bibdocfile_templates.files_default_urlargd) ln = args['ln'] _ = gettext_set_language(ln) uid = getUid(req) user_info = collect_user_info(req) verbose = args['verbose'] if verbose >= 1 and not isUserSuperAdmin(user_info): # Only SuperUser can see all the details! verbose = 0 if uid == -1 or CFG_ACCESS_CONTROL_LEVEL_SITE > 1: return page_not_authorized(req, "/%s/%s" % (CFG_SITE_RECORD, self.recid), navmenuid='submit') if record_exists(self.recid) < 1: msg = "<p>%s</p>" % _( "Requested record does not seem to exist.") return warning_page(msg, req, ln) if record_empty(self.recid): msg = "<p>%s</p>" % _( "Requested record does not seem to have been integrated.") return warning_page(msg, req, ln) (auth_code, auth_message) = check_user_can_view_record(user_info, self.recid) if auth_code and user_info['email'] == 'guest': if webjournal_utils.is_recid_in_released_issue(self.recid): # We can serve the file pass else: cookie = mail_cookie_create_authorize_action( VIEWRESTRCOLL, { 'collection': guess_primary_collection_of_a_record(self.recid) }) target = CFG_SITE_SECURE_URL + '/youraccount/login' + \ make_canonical_urlargd({'action': cookie, 'ln' : ln, 'referer' : \ CFG_SITE_SECURE_URL + user_info['uri']}, {}) return redirect_to_url(req, target, norobot=True) elif auth_code: if webjournal_utils.is_recid_in_released_issue(self.recid): # We can serve the file pass else: return page_not_authorized(req, "../", \ text = auth_message) readonly = CFG_ACCESS_CONTROL_LEVEL_SITE == 1 # From now on: either the user provided a specific file # name (and a possible version), or we return a list of # all the available files. In no case are the docids # visible. try: bibarchive = BibRecDocs(self.recid) except InvenioBibDocFileError: register_exception(req=req, alert_admin=True) msg = "<p>%s</p><p>%s</p>" % ( _("The system has encountered an error in retrieving the list of files for this document." ), _("The error has been logged and will be taken in consideration as soon as possible." )) return warning_page(msg, req, ln) if bibarchive.deleted_p(): req.status = apache.HTTP_GONE return warning_page( _("Requested record does not seem to exist."), req, ln) docname = '' docformat = '' version = '' warn = '' if filename: # We know the complete file name, guess which docid it # refers to ## TODO: Change the extension system according to ext.py from setlink ## and have a uniform extension mechanism... docname = file_strip_ext(filename) docformat = filename[len(docname):] if docformat and docformat[0] != '.': docformat = '.' + docformat if args['subformat']: docformat += ';%s' % args['subformat'] else: docname = args['docname'] if not docformat: docformat = args['format'] if args['subformat']: docformat += ';%s' % args['subformat'] if not version: version = args['version'] ## Download as attachment is_download = False if args['download']: is_download = True # version could be either empty, or all or an integer try: int(version) except ValueError: if version != 'all': version = '' display_hidden = isUserSuperAdmin(user_info) if version != 'all': # search this filename in the complete list of files for doc in bibarchive.list_bibdocs(): if docname == bibarchive.get_docname(doc.id): try: try: docfile = doc.get_file(docformat, version) except InvenioBibDocFileError, msg: req.status = apache.HTTP_NOT_FOUND if not CFG_INSPIRE_SITE and req.headers_in.get( 'referer'): ## There must be a broken link somewhere. ## Maybe it's good to alert the admin register_exception(req=req, alert_admin=True) warn += write_warning( _("The format %s does not exist for the given version: %s" ) % (cgi.escape(docformat), cgi.escape(str(msg)))) break (auth_code, auth_message) = docfile.is_restricted(user_info) if auth_code != 0 and not is_user_owner_of_record( user_info, self.recid): if CFG_BIBDOCFILE_ICON_SUBFORMAT_RE.match( get_subformat_from_format(docformat)): return stream_restricted_icon(req) if user_info['email'] == 'guest': cookie = mail_cookie_create_authorize_action( 'viewrestrdoc', {'status': docfile.get_status()}) target = CFG_SITE_SECURE_URL + '/youraccount/login' + \ make_canonical_urlargd({'action': cookie, 'ln' : ln, 'referer' : \ CFG_SITE_SECURE_URL + user_info['uri']}, {}) redirect_to_url(req, target) else: req.status = apache.HTTP_UNAUTHORIZED warn += write_warning( _("This file is restricted: ") + str(auth_message)) break if not docfile.hidden_p(): if not readonly: ip = str(req.remote_ip) doc.register_download( ip, docfile.get_version(), docformat, uid, self.recid) try: return docfile.stream(req, download=is_download) except InvenioBibDocFileError, msg: register_exception(req=req, alert_admin=True) req.status = apache.HTTP_INTERNAL_SERVER_ERROR warn += write_warning( _("An error has happened in trying to stream the request file." )) else: req.status = apache.HTTP_UNAUTHORIZED warn += write_warning( _("The requested file is hidden and can not be accessed." )) except InvenioBibDocFileError, msg: register_exception(req=req, alert_admin=True)
def display(self, req, form): """ Show the tab 'holdings'. """ argd = wash_urlargd( form, { 'do': (str, "od"), 'ds': (str, "all"), 'nb': (int, 100), 'p': (int, 1), 'voted': (int, -1), 'reported': (int, -1), }) _ = gettext_set_language(argd['ln']) record_exists_p = record_exists(self.recid) if record_exists_p != 1: if record_exists_p == -1: msg = _("The record has been deleted.") else: msg = _("Requested record does not seem to exist.") msg = '<span class="quicknote">' + msg + '</span>' title, description, keywords = \ websearch_templates.tmpl_record_page_header_content(req, self.recid, argd['ln']) return page(title=title, show_title_p=False, body=msg, description=description, keywords=keywords, uid=getUid(req), language=argd['ln'], req=req, navmenuid='search') body = perform_get_holdings_information(self.recid, req, argd['ln']) uid = getUid(req) user_info = collect_user_info(req) (auth_code, auth_msg) = check_user_can_view_record(user_info, self.recid) if auth_code and user_info['email'] == 'guest': cookie = mail_cookie_create_authorize_action( VIEWRESTRCOLL, { 'collection': guess_primary_collection_of_a_record( self.recid) }) target = '/youraccount/login' + \ make_canonical_urlargd({'action': cookie, 'ln' : argd['ln'], 'referer' : \ CFG_SITE_URL + user_info['uri']}, {}) return redirect_to_url(req, target, norobot=True) elif auth_code: return page_not_authorized(req, "../", \ text = auth_msg) unordered_tabs = get_detailed_page_tabs(get_colID( guess_primary_collection_of_a_record(self.recid)), self.recid, ln=argd['ln']) ordered_tabs_id = [(tab_id, values['order']) for (tab_id, values) in unordered_tabs.iteritems()] ordered_tabs_id.sort(lambda x, y: cmp(x[1], y[1])) link_ln = '' if argd['ln'] != CFG_SITE_LANG: link_ln = '?ln=%s' % argd['ln'] tabs = [(unordered_tabs[tab_id]['label'], \ '%s/record/%s/%s%s' % (CFG_SITE_URL, self.recid, tab_id, link_ln), \ tab_id in ['holdings'], unordered_tabs[tab_id]['enabled']) \ for (tab_id, _order) in ordered_tabs_id if unordered_tabs[tab_id]['visible'] == True] top = webstyle_templates.detailed_record_container_top( self.recid, tabs, argd['ln']) bottom = webstyle_templates.detailed_record_container_bottom( self.recid, tabs, argd['ln']) title = websearch_templates.tmpl_record_page_header_content( req, self.recid, argd['ln'])[0] navtrail = create_navtrail_links( cc=guess_primary_collection_of_a_record(self.recid), ln=argd['ln']) navtrail += ' > <a class="navtrail" href="%s/record/%s?ln=%s">' % ( CFG_SITE_URL, self.recid, argd['ln']) navtrail += title navtrail += '</a>' return pageheaderonly(title=title, navtrail=navtrail, uid=uid, verbose=1, req=req, metaheaderadd = "<link rel=\"stylesheet\" href=\"%s/img/jquery-ui.css\" type=\"text/css\" />" % CFG_SITE_URL, language=argd['ln'], navmenuid='search', navtrail_append_title_p=0) + \ websearch_templates.tmpl_search_pagestart(argd['ln']) + \ top + body + bottom + \ websearch_templates.tmpl_search_pageend(argd['ln']) + \ pagefooteronly(lastupdated=__lastupdated__, language=argd['ln'], req=req)
def send(self, req, form): """ Create a new hold request. """ argd = wash_urlargd(form, {'period_from': (str, ""), 'period_to': (str, ""), 'barcode': (str, "") }) uid = getUid(req) body = perform_new_request_send(recid=self.recid, uid=uid, period_from=argd['period_from'], period_to=argd['period_to'], barcode=argd['barcode']) ln = CFG_SITE_LANG _ = gettext_set_language(ln) user_info = collect_user_info(req) (auth_code, auth_msg) = check_user_can_view_record(user_info, self.recid) if auth_code and user_info['email'] == 'guest' and not user_info['apache_user']: cookie = mail_cookie_create_authorize_action(VIEWRESTRCOLL, {'collection' : guess_primary_collection_of_a_record(self.recid)}) target = '/youraccount/login' + \ make_canonical_urlargd({'action': cookie, 'ln' : argd['ln'], 'referer' : \ CFG_SITE_URL + user_info['uri']}, {}) return redirect_to_url(req, target) elif auth_code: return page_not_authorized(req, "../", \ text = auth_msg) unordered_tabs = get_detailed_page_tabs(get_colID(guess_primary_collection_of_a_record(self.recid)), self.recid, ln=ln) ordered_tabs_id = [(tab_id, values['order']) for (tab_id, values) in unordered_tabs.iteritems()] ordered_tabs_id.sort(lambda x, y: cmp(x[1], y[1])) link_ln = '' if argd['ln'] != CFG_SITE_LANG: link_ln = '?ln=%s' % ln tabs = [(unordered_tabs[tab_id]['label'], \ '%s/record/%s/%s%s' % (CFG_SITE_URL, self.recid, tab_id, link_ln), \ tab_id in ['holdings'], unordered_tabs[tab_id]['enabled']) \ for (tab_id, _order) in ordered_tabs_id if unordered_tabs[tab_id]['visible'] == True] top = webstyle_templates.detailed_record_container_top(self.recid, tabs, argd['ln']) bottom = webstyle_templates.detailed_record_container_bottom(self.recid, tabs, argd['ln']) title = websearch_templates.tmpl_record_page_header_content(req, self.recid, argd['ln'])[0] navtrail = create_navtrail_links(cc=guess_primary_collection_of_a_record(self.recid), ln=argd['ln']) navtrail += ' > <a class="navtrail" href="%s/record/%s?ln=%s">'% (CFG_SITE_URL, self.recid, argd['ln']) navtrail += title navtrail += '</a>' return pageheaderonly(title=title, navtrail=navtrail, uid=uid, verbose=1, req=req, language=argd['ln'], navmenuid='search', navtrail_append_title_p=0) + \ websearch_templates.tmpl_search_pagestart(argd['ln']) + \ top + body + bottom + \ websearch_templates.tmpl_search_pageend(argd['ln']) + \ pagefooteronly(lastupdated=__lastupdated__, language=argd['ln'], req=req)
def request(self, req, form): """ Show new hold request form. """ argd = wash_urlargd(form, {'ln': (str, ""), 'barcode': (str, "")}) _ = gettext_set_language(argd['ln']) uid = getUid(req) body = perform_new_request(recid=self.recid, barcode=argd['barcode'], ln=argd['ln']) uid = getUid(req) if uid == -1 or CFG_ACCESS_CONTROL_LEVEL_SITE >= 1: return page_not_authorized(req, "../holdings/request", navmenuid = 'yourbaskets') if isGuestUser(uid): if not CFG_WEBSESSION_DIFFERENTIATE_BETWEEN_GUESTS: return redirect_to_url(req, "%s/youraccount/login%s" % ( CFG_SITE_SECURE_URL, make_canonical_urlargd({ 'referer' : "%s/%s/%s/holdings/request%s" % ( CFG_SITE_SECURE_URL, CFG_SITE_RECORD, self.recid, make_canonical_urlargd(argd, {})), "ln" : argd['ln']}, {})), norobot=True) user_info = collect_user_info(req) (auth_code, auth_msg) = check_user_can_view_record(user_info, self.recid) if auth_code and user_info['email'] == 'guest': cookie = mail_cookie_create_authorize_action(VIEWRESTRCOLL, {'collection' : guess_primary_collection_of_a_record(self.recid)}) target = '/youraccount/login' + \ make_canonical_urlargd({'action': cookie, 'ln' : argd['ln'], 'referer' : \ CFG_SITE_SECURE_URL + user_info['uri']}, {}) return redirect_to_url(req, target, norobot=True) elif auth_code: return page_not_authorized(req, "../", \ text = auth_msg) unordered_tabs = get_detailed_page_tabs(get_colID(guess_primary_collection_of_a_record(self.recid)), self.recid, ln=argd['ln']) ordered_tabs_id = [(tab_id, values['order']) for (tab_id, values) in unordered_tabs.iteritems()] ordered_tabs_id.sort(lambda x, y: cmp(x[1], y[1])) link_ln = '' if argd['ln'] != CFG_SITE_LANG: link_ln = '?ln=%s' % argd['ln'] tabs = [(unordered_tabs[tab_id]['label'], \ '%s/%s/%s/%s%s' % (CFG_SITE_SECURE_URL, CFG_SITE_RECORD, self.recid, tab_id, link_ln), \ tab_id in ['holdings'], unordered_tabs[tab_id]['enabled']) \ for (tab_id, _order) in ordered_tabs_id if unordered_tabs[tab_id]['visible'] == True] top = webstyle_templates.detailed_record_container_top(self.recid, tabs, argd['ln']) bottom = webstyle_templates.detailed_record_container_bottom(self.recid, tabs, argd['ln']) title = websearch_templates.tmpl_record_page_header_content(req, self.recid, argd['ln'])[0] navtrail = create_navtrail_links(cc=guess_primary_collection_of_a_record(self.recid), ln=argd['ln']) navtrail += ' > <a class="navtrail" href="%s/%s/%s?ln=%s">'% (CFG_SITE_SECURE_URL, CFG_SITE_RECORD, self.recid, argd['ln']) navtrail += cgi.escape(title) navtrail += '</a>' return pageheaderonly(title=title, navtrail=navtrail, uid=uid, verbose=1, req=req, metaheaderadd = "<link rel=\"stylesheet\" href=\"%s/img/jquery-ui.css\" type=\"text/css\" />" % CFG_SITE_SECURE_URL, language=argd['ln'], navmenuid='search', navtrail_append_title_p=0) + \ websearch_templates.tmpl_search_pagestart(argd['ln']) + \ top + body + bottom + \ websearch_templates.tmpl_search_pageend(argd['ln']) + \ pagefooteronly(lastupdated=__lastupdated__, language=argd['ln'], req=req)
def display(self, req, form): """ Show the tab 'holdings'. """ argd = wash_urlargd(form, {'do': (str, "od"), 'ds': (str, "all"), 'nb': (int, 100), 'p': (int, 1), 'voted': (int, -1), 'reported': (int, -1), }) _ = gettext_set_language(argd['ln']) record_exists_p = record_exists(self.recid) if record_exists_p != 1: if record_exists_p == -1: msg = _("The record has been deleted.") else: msg = _("Requested record does not seem to exist.") msg = '<span class="quicknote">' + msg + '</span>' title, description, keywords = \ websearch_templates.tmpl_record_page_header_content(req, self.recid, argd['ln']) return page(title = title, show_title_p = False, body = msg, description = description, keywords = keywords, uid = getUid(req), language = argd['ln'], req = req, navmenuid='search') body = perform_get_holdings_information(self.recid, req, argd['ln']) uid = getUid(req) user_info = collect_user_info(req) (auth_code, auth_msg) = check_user_can_view_record(user_info, self.recid) if auth_code and user_info['email'] == 'guest' and not user_info['apache_user']: cookie = mail_cookie_create_authorize_action(VIEWRESTRCOLL, {'collection' : guess_primary_collection_of_a_record(self.recid)}) target = '/youraccount/login' + \ make_canonical_urlargd({'action': cookie, 'ln' : argd['ln'], 'referer' : \ CFG_SITE_URL + user_info['uri']}, {}) return redirect_to_url(req, target, norobot=True) elif auth_code: return page_not_authorized(req, "../", \ text = auth_msg) unordered_tabs = get_detailed_page_tabs(get_colID(guess_primary_collection_of_a_record(self.recid)), self.recid, ln=argd['ln']) ordered_tabs_id = [(tab_id, values['order']) for (tab_id, values) in unordered_tabs.iteritems()] ordered_tabs_id.sort(lambda x, y: cmp(x[1], y[1])) link_ln = '' if argd['ln'] != CFG_SITE_LANG: link_ln = '?ln=%s' % argd['ln'] tabs = [(unordered_tabs[tab_id]['label'], \ '%s/record/%s/%s%s' % (CFG_SITE_URL, self.recid, tab_id, link_ln), \ tab_id in ['holdings'], unordered_tabs[tab_id]['enabled']) \ for (tab_id, _order) in ordered_tabs_id if unordered_tabs[tab_id]['visible'] == True] top = webstyle_templates.detailed_record_container_top(self.recid, tabs, argd['ln']) bottom = webstyle_templates.detailed_record_container_bottom(self.recid, tabs, argd['ln']) title = websearch_templates.tmpl_record_page_header_content(req, self.recid, argd['ln'])[0] navtrail = create_navtrail_links(cc=guess_primary_collection_of_a_record(self.recid), ln=argd['ln']) navtrail += ' > <a class="navtrail" href="%s/record/%s?ln=%s">'% (CFG_SITE_URL, self.recid, argd['ln']) navtrail += title navtrail += '</a>' return pageheaderonly(title=title, navtrail=navtrail, uid=uid, verbose=1, req=req, metaheaderadd = "<link rel=\"stylesheet\" href=\"%s/img/jquery-ui.css\" type=\"text/css\" />" % CFG_SITE_URL, language=argd['ln'], navmenuid='search', navtrail_append_title_p=0) + \ websearch_templates.tmpl_search_pagestart(argd['ln']) + \ top + body + bottom + \ websearch_templates.tmpl_search_pageend(argd['ln']) + \ pagefooteronly(lastupdated=__lastupdated__, language=argd['ln'], req=req)
def getfile(req, form): args = wash_urlargd(form, bibdocfile_templates.files_default_urlargd) ln = args['ln'] _ = gettext_set_language(ln) uid = getUid(req) user_info = collect_user_info(req) verbose = args['verbose'] if verbose >= 1 and not isUserSuperAdmin(user_info): # Only SuperUser can see all the details! verbose = 0 if uid == -1 or CFG_ACCESS_CONTROL_LEVEL_SITE > 1: return page_not_authorized(req, "/%s/%s" % (CFG_SITE_RECORD, self.recid), navmenuid='submit') if record_exists(self.recid) < 1: msg = "<p>%s</p>" % _("Requested record does not seem to exist.") return warning_page(msg, req, ln) if record_empty(self.recid): msg = "<p>%s</p>" % _("Requested record does not seem to have been integrated.") return warning_page(msg, req, ln) (auth_code, auth_message) = check_user_can_view_record(user_info, self.recid) if auth_code and user_info['email'] == 'guest': if webjournal_utils.is_recid_in_released_issue(self.recid): # We can serve the file pass else: cookie = mail_cookie_create_authorize_action(VIEWRESTRCOLL, {'collection' : guess_primary_collection_of_a_record(self.recid)}) target = CFG_SITE_SECURE_URL + '/youraccount/login' + \ make_canonical_urlargd({'action': cookie, 'ln' : ln, 'referer' : \ CFG_SITE_SECURE_URL + user_info['uri']}, {}) return redirect_to_url(req, target, norobot=True) elif auth_code: if webjournal_utils.is_recid_in_released_issue(self.recid): # We can serve the file pass else: return page_not_authorized(req, "../", \ text = auth_message) readonly = CFG_ACCESS_CONTROL_LEVEL_SITE == 1 # From now on: either the user provided a specific file # name (and a possible version), or we return a list of # all the available files. In no case are the docids # visible. try: bibarchive = BibRecDocs(self.recid) except InvenioBibDocFileError: register_exception(req=req, alert_admin=True) msg = "<p>%s</p><p>%s</p>" % ( _("The system has encountered an error in retrieving the list of files for this document."), _("The error has been logged and will be taken in consideration as soon as possible.")) return warning_page(msg, req, ln) if bibarchive.deleted_p(): req.status = apache.HTTP_GONE return warning_page(_("Requested record does not seem to exist."), req, ln) docname = '' docformat = '' version = '' warn = '' if filename: # We know the complete file name, guess which docid it # refers to ## TODO: Change the extension system according to ext.py from setlink ## and have a uniform extension mechanism... docname = file_strip_ext(filename) docformat = filename[len(docname):] if docformat and docformat[0] != '.': docformat = '.' + docformat if args['subformat']: docformat += ';%s' % args['subformat'] else: docname = args['docname'] if not docformat: docformat = args['format'] if args['subformat']: docformat += ';%s' % args['subformat'] if not version: version = args['version'] ## Download as attachment is_download = False if args['download']: is_download = True # version could be either empty, or all or an integer try: int(version) except ValueError: if version != 'all': version = '' display_hidden = isUserSuperAdmin(user_info) if version != 'all': # search this filename in the complete list of files for doc in bibarchive.list_bibdocs(): if docname == bibarchive.get_docname(doc.id): try: try: docfile = doc.get_file(docformat, version) except InvenioBibDocFileError, msg: req.status = apache.HTTP_NOT_FOUND if req.headers_in.get('referer'): ## There must be a broken link somewhere. ## Maybe it's good to alert the admin register_exception(req=req, alert_admin=True) warn += write_warning(_("The format %s does not exist for the given version: %s") % (cgi.escape(docformat), cgi.escape(str(msg)))) break (auth_code, auth_message) = docfile.is_restricted(user_info) if auth_code != 0 and not is_user_owner_of_record(user_info, self.recid): if CFG_BIBDOCFILE_ICON_SUBFORMAT_RE.match(get_subformat_from_format(docformat)): return stream_restricted_icon(req) if user_info['email'] == 'guest': cookie = mail_cookie_create_authorize_action('viewrestrdoc', {'status' : docfile.get_status()}) target = CFG_SITE_SECURE_URL + '/youraccount/login' + \ make_canonical_urlargd({'action': cookie, 'ln' : ln, 'referer' : \ CFG_SITE_SECURE_URL + user_info['uri']}, {}) redirect_to_url(req, target) else: req.status = apache.HTTP_UNAUTHORIZED warn += write_warning(_("This file is restricted: ") + str(auth_message)) break if not docfile.hidden_p(): if not readonly: ip = str(req.remote_ip) doc.register_download(ip, version, docformat, uid) try: return docfile.stream(req, download=is_download) except InvenioBibDocFileError, msg: register_exception(req=req, alert_admin=True) req.status = apache.HTTP_INTERNAL_SERVER_ERROR warn += write_warning(_("An error has happened in trying to stream the request file.")) else: req.status = apache.HTTP_UNAUTHORIZED warn += write_warning(_("The requested file is hidden and can not be accessed.")) except InvenioBibDocFileError, msg: register_exception(req=req, alert_admin=True)
def __call__(self, req, form): argd = wash_search_urlargd(form) argd['recid'] = self.recid argd['tab'] = self.tab if self.format is not None: argd['of'] = self.format req.argd = argd uid = getUid(req) if uid == -1: return page_not_authorized( req, "../", text="You are not authorized to view this record.", navmenuid='search') elif uid > 0: pref = get_user_preferences(uid) try: if not form.has_key('rg'): # fetch user rg preference only if not overridden via URL argd['rg'] = int(pref['websearch_group_records']) except (KeyError, ValueError): pass user_info = collect_user_info(req) (auth_code, auth_msg) = check_user_can_view_record(user_info, self.recid) if argd['rg'] > CFG_WEBSEARCH_MAX_RECORDS_IN_GROUPS and acc_authorize_action( req, 'runbibedit')[0] != 0: argd['rg'] = CFG_WEBSEARCH_MAX_RECORDS_IN_GROUPS #check if the user has rights to set a high wildcard limit #if not, reduce the limit set by user, with the default one if CFG_WEBSEARCH_WILDCARD_LIMIT > 0 and ( argd['wl'] > CFG_WEBSEARCH_WILDCARD_LIMIT or argd['wl'] == 0): if acc_authorize_action(req, 'runbibedit')[0] != 0: argd['wl'] = CFG_WEBSEARCH_WILDCARD_LIMIT # only superadmins can use verbose parameter for obtaining debug information if not isUserSuperAdmin(user_info): argd['verbose'] = 0 if auth_code and user_info['email'] == 'guest': cookie = mail_cookie_create_authorize_action( VIEWRESTRCOLL, { 'collection': guess_primary_collection_of_a_record( self.recid) }) target = CFG_SITE_SECURE_URL + '/youraccount/login' + \ make_canonical_urlargd({'action': cookie, 'ln' : argd['ln'], 'referer' : CFG_SITE_SECURE_URL + req.unparsed_uri}, {}) return redirect_to_url(req, target, norobot=True) elif auth_code: return page_not_authorized(req, "../", \ text=auth_msg, \ navmenuid='search') from invenio.search_engine import record_exists, get_merged_recid # check if the current record has been deleted # and has been merged, case in which the deleted record # will be redirect to the new one record_status = record_exists(argd['recid']) merged_recid = get_merged_recid(argd['recid']) if record_status == -1 and merged_recid: url = CFG_SITE_URL + '/' + CFG_SITE_RECORD + '/%s?ln=%s' url %= (str(merged_recid), argd['ln']) redirect_to_url(req, url) elif record_status == -1: req.status = apache.HTTP_GONE ## The record is gone! # mod_python does not like to return [] in case when of=id: out = perform_request_search(req, **argd) if out == []: return str(out) else: return out
def __call__(self, req, form): argd = wash_search_urlargd(form) argd['recid'] = self.recid argd['tab'] = self.tab # do we really enter here ? if self.format is not None: argd['of'] = self.format req.argd = argd uid = getUid(req) if uid == -1: return page_not_authorized(req, "../", text="You are not authorized to view this record.", navmenuid='search') elif uid > 0: pref = get_user_preferences(uid) try: if not form.has_key('rg'): # fetch user rg preference only if not overridden via URL argd['rg'] = int(pref['websearch_group_records']) except (KeyError, ValueError): pass user_info = collect_user_info(req) (auth_code, auth_msg) = check_user_can_view_record(user_info, self.recid) if argd['rg'] > CFG_WEBSEARCH_MAX_RECORDS_IN_GROUPS and acc_authorize_action(req, 'runbibedit')[0] != 0: argd['rg'] = CFG_WEBSEARCH_MAX_RECORDS_IN_GROUPS #check if the user has rights to set a high wildcard limit #if not, reduce the limit set by user, with the default one if CFG_WEBSEARCH_WILDCARD_LIMIT > 0 and (argd['wl'] > CFG_WEBSEARCH_WILDCARD_LIMIT or argd['wl'] == 0): if acc_authorize_action(req, 'runbibedit')[0] != 0: argd['wl'] = CFG_WEBSEARCH_WILDCARD_LIMIT # only superadmins can use verbose parameter for obtaining debug information if not isUserSuperAdmin(user_info): argd['verbose'] = 0 if auth_code and user_info['email'] == 'guest': cookie = mail_cookie_create_authorize_action(VIEWRESTRCOLL, {'collection' : guess_primary_collection_of_a_record(self.recid)}) target = CFG_SITE_SECURE_URL + '/youraccount/login' + \ make_canonical_urlargd({'action': cookie, 'ln' : argd['ln'], 'referer' : CFG_SITE_SECURE_URL + req.unparsed_uri}, {}) return redirect_to_url(req, target, norobot=True) elif auth_code: return page_not_authorized(req, "../", \ text=auth_msg, \ navmenuid='search') from invenio.search_engine import record_exists, get_merged_recid # check if the current record has been deleted # and has been merged, case in which the deleted record # will be redirect to the new one record_status = record_exists(argd['recid']) merged_recid = get_merged_recid(argd['recid']) if record_status == -1 and merged_recid: url = CFG_SITE_URL + '/' + CFG_SITE_RECORD + '/%s?ln=%s' url %= (str(merged_recid), argd['ln']) redirect_to_url(req, url) elif record_status == -1: req.status = apache.HTTP_GONE ## The record is gone! # mod_python does not like to return [] in case when of=id: out = perform_request_search(req, **argd) if isinstance(out, intbitset): return out.fastdump() elif out == []: return str(out) else: return out
def send(self, req, form): """ Create a new hold request. """ argd = wash_urlargd(form, { 'period_from': (str, ""), 'period_to': (str, ""), 'barcode': (str, "") }) uid = getUid(req) body = perform_new_request_send(recid=self.recid, uid=uid, period_from=argd['period_from'], period_to=argd['period_to'], barcode=argd['barcode']) ln = CFG_SITE_LANG _ = gettext_set_language(ln) user_info = collect_user_info(req) (auth_code, auth_msg) = check_user_can_view_record(user_info, self.recid) if auth_code and user_info['email'] == 'guest': cookie = mail_cookie_create_authorize_action( VIEWRESTRCOLL, { 'collection': guess_primary_collection_of_a_record( self.recid) }) target = '/youraccount/login' + \ make_canonical_urlargd({'action': cookie, 'ln' : argd['ln'], 'referer' : \ CFG_SITE_URL + user_info['uri']}, {}) return redirect_to_url(req, target) elif auth_code: return page_not_authorized(req, "../", \ text = auth_msg) unordered_tabs = get_detailed_page_tabs(get_colID( guess_primary_collection_of_a_record(self.recid)), self.recid, ln=ln) ordered_tabs_id = [(tab_id, values['order']) for (tab_id, values) in unordered_tabs.iteritems()] ordered_tabs_id.sort(lambda x, y: cmp(x[1], y[1])) link_ln = '' if argd['ln'] != CFG_SITE_LANG: link_ln = '?ln=%s' % ln tabs = [(unordered_tabs[tab_id]['label'], \ '%s/record/%s/%s%s' % (CFG_SITE_URL, self.recid, tab_id, link_ln), \ tab_id in ['holdings'], unordered_tabs[tab_id]['enabled']) \ for (tab_id, _order) in ordered_tabs_id if unordered_tabs[tab_id]['visible'] == True] top = webstyle_templates.detailed_record_container_top( self.recid, tabs, argd['ln']) bottom = webstyle_templates.detailed_record_container_bottom( self.recid, tabs, argd['ln']) title = websearch_templates.tmpl_record_page_header_content( req, self.recid, argd['ln'])[0] navtrail = create_navtrail_links( cc=guess_primary_collection_of_a_record(self.recid), ln=argd['ln']) navtrail += ' > <a class="navtrail" href="%s/record/%s?ln=%s">' % ( CFG_SITE_URL, self.recid, argd['ln']) navtrail += title navtrail += '</a>' return pageheaderonly(title=title, navtrail=navtrail, uid=uid, verbose=1, req=req, language=argd['ln'], navmenuid='search', navtrail_append_title_p=0) + \ websearch_templates.tmpl_search_pagestart(argd['ln']) + \ top + body + bottom + \ websearch_templates.tmpl_search_pageend(argd['ln']) + \ pagefooteronly(lastupdated=__lastupdated__, language=argd['ln'], req=req)
def ill_register_request_with_recid(self, req, form): """ Register ILL request. """ argd = wash_urlargd(form, {'ln': (str, ""), 'period_of_interest_from': (str, ""), 'period_of_interest_to': (str, ""), 'additional_comments': (str, ""), 'conditions': (str, ""), 'only_edition': (str, ""), }) _ = gettext_set_language(argd['ln']) uid = getUid(req) body = ill_register_request_with_recid(recid=self.recid, uid=uid, period_of_interest_from = argd['period_of_interest_from'], period_of_interest_to = argd['period_of_interest_to'], additional_comments = argd['additional_comments'], conditions = argd['conditions'], only_edition = argd['only_edition'], ln=argd['ln']) uid = getUid(req) if uid == -1 or CFG_ACCESS_CONTROL_LEVEL_SITE >= 1: return page_not_authorized(req, "../holdings/ill_request_with_recid", navmenuid = 'yourbaskets') if isGuestUser(uid): if not CFG_WEBSESSION_DIFFERENTIATE_BETWEEN_GUESTS: return redirect_to_url(req, "%s/youraccount/login%s" % ( CFG_SITE_SECURE_URL, make_canonical_urlargd({ 'referer' : "%s/record/%s/holdings/ill_request_with_recid%s" % ( CFG_SITE_URL, self.recid, make_canonical_urlargd(argd, {})), "ln" : argd['ln']}, {}))) user_info = collect_user_info(req) (auth_code, auth_msg) = check_user_can_view_record(user_info, self.recid) if auth_code and user_info['email'] == 'guest' and not user_info['apache_user']: cookie = mail_cookie_create_authorize_action(VIEWRESTRCOLL, {'collection' : guess_primary_collection_of_a_record(self.recid)}) target = '/youraccount/login' + \ make_canonical_urlargd({'action': cookie, 'ln' : argd['ln'], 'referer' : \ CFG_SITE_URL + user_info['uri']}, {}) return redirect_to_url(req, target) elif auth_code: return page_not_authorized(req, "../", \ text = auth_msg) unordered_tabs = get_detailed_page_tabs(get_colID(guess_primary_collection_of_a_record(self.recid)), self.recid, ln=argd['ln']) ordered_tabs_id = [(tab_id, values['order']) for (tab_id, values) in unordered_tabs.iteritems()] ordered_tabs_id.sort(lambda x, y: cmp(x[1], y[1])) link_ln = '' if argd['ln'] != CFG_SITE_LANG: link_ln = '?ln=%s' % argd['ln'] tabs = [(unordered_tabs[tab_id]['label'], \ '%s/record/%s/%s%s' % (CFG_SITE_URL, self.recid, tab_id, link_ln), \ tab_id in ['holdings'], unordered_tabs[tab_id]['enabled']) \ for (tab_id, _order) in ordered_tabs_id if unordered_tabs[tab_id]['visible'] == True] top = webstyle_templates.detailed_record_container_top(self.recid, tabs, argd['ln']) bottom = webstyle_templates.detailed_record_container_bottom(self.recid, tabs, argd['ln']) title = websearch_templates.tmpl_record_page_header_content(req, self.recid, argd['ln'])[0] navtrail = create_navtrail_links(cc=guess_primary_collection_of_a_record(self.recid), ln=argd['ln']) navtrail += ' > <a class="navtrail" href="%s/record/%s?ln=%s">'% (CFG_SITE_URL, self.recid, argd['ln']) navtrail += title navtrail += '</a>' return pageheaderonly(title=title, navtrail=navtrail, uid=uid, verbose=1, req=req, language=argd['ln'], navmenuid='search', navtrail_append_title_p=0) + \ websearch_templates.tmpl_search_pagestart(argd['ln']) + \ top + body + bottom + \ websearch_templates.tmpl_search_pageend(argd['ln']) + \ pagefooteronly(lastupdated=__lastupdated__, language=argd['ln'], req=req)
def email_notify(alert, records, argstr): """Send the notification e-mail for a specific alert.""" if CFG_WEBALERT_DEBUG_LEVEL > 2: print "+" * 80 + '\n' uid = alert[0] user_info = collect_user_info(uid) frequency = alert[3] alert_name = alert[5] alert_description = alert[7] alert_recipient_email = alert[ 8] # set only by admin. Bypasses access-right checks. filtered_out_recids = [] # only set in debug mode if not alert_recipient_email: # Filter out records that user (who setup the alert) should # not see. This does not apply to external records (hosted # collections). filtered_records = ([], records[1]) for recid in records[0]: (auth_code, auth_msg) = check_user_can_view_record(user_info, recid) if auth_code == 0: filtered_records[0].append(recid) elif CFG_WEBALERT_DEBUG_LEVEL > 2: # only keep track of this in DEBUG mode filtered_out_recids.append(recid) else: # If admin has decided to send to some mailing-list, we cannot # verify that recipients have access to the records. So keep # all of them. filtered_records = records if len(filtered_records[0]) == 0: total_n_external_records = 0 for external_collection_results in filtered_records[1][0]: total_n_external_records += len(external_collection_results[1][0]) if total_n_external_records == 0: return msg = "" if CFG_WEBALERT_DEBUG_LEVEL > 2 and filtered_out_recids: print "-> these records have been filtered out, as user id %s did not have access:\n%s" % \ (uid, repr(filtered_out_recids)) if CFG_WEBALERT_DEBUG_LEVEL > 0: msg = "*** THIS MESSAGE WAS SENT IN DEBUG MODE ***\n\n" url = CFG_SITE_URL + "/search?" + argstr # Extract the pattern, the collection list, the current collection # and the sc (split collection) from the formatted query query = parse_qs(argstr) pattern = query.get('p', [''])[0] collection_list = query.get('c', []) current_collection = query.get('cc', ['']) sc = query.get('sc', ['1']) collections = calculate_desired_collection_list(collection_list, current_collection, int(sc[0])) msg += webalert_templates.tmpl_alert_email_body(alert_name, alert_description, url, filtered_records, pattern, collections, frequency, alert_use_basket_p(alert)) email = alert_recipient_email or get_email(uid) if email == 'guest': print "********************************************************************************" print "The following alert was not send, because cannot detect user email address:" print " " + repr(argstr) print "********************************************************************************" return if CFG_WEBALERT_DEBUG_LEVEL > 0: print "********************************************************************************" print msg print "********************************************************************************" if CFG_WEBALERT_DEBUG_LEVEL < 2: send_email( fromaddr=webalert_templates.tmpl_alert_email_from(), toaddr=email, subject=webalert_templates.tmpl_alert_email_title(alert_name), content=msg, header='', footer='', attempt_times=CFG_WEBALERT_SEND_EMAIL_NUMBER_OF_TRIES, attempt_sleeptime=CFG_WEBALERT_SEND_EMAIL_SLEEPTIME_BETWEEN_TRIES) if CFG_WEBALERT_DEBUG_LEVEL == 4: send_email( fromaddr=webalert_templates.tmpl_alert_email_from(), toaddr=CFG_SITE_ADMIN_EMAIL, subject=webalert_templates.tmpl_alert_email_title(alert_name), content=msg, header='', footer='', attempt_times=CFG_WEBALERT_SEND_EMAIL_NUMBER_OF_TRIES, attempt_sleeptime=CFG_WEBALERT_SEND_EMAIL_SLEEPTIME_BETWEEN_TRIES)