def is_no_quota_user(uid): """Return True if the user belongs to any of the no_quota roles.""" no_quota_role_ids = [acc_get_role_id(role) for role in cfg["CFG_WEBMESSAGE_ROLES_WITHOUT_QUOTA"]] user_info = UserInfo(uid) for role_id in no_quota_role_ids: if acc_is_user_in_role(user_info, role_id): return True return False
def check_quota(nb_messages): """ @param nb_messages: max number of messages a user can have @return: a dictionary of users over-quota """ from invenio_access.control import acc_is_user_in_role, acc_get_role_id no_quota_role_ids = [acc_get_role_id( role) for role in CFG_WEBMESSAGE_ROLES_WITHOUT_QUOTA] res = {} for uid, n in run_sql( "SELECT id_user_to, COUNT(id_user_to) FROM user_msgMESSAGE GROUP BY id_user_to HAVING COUNT(id_user_to) > %s", (nb_messages, )): user_info = UserInfo(uid) for role_id in no_quota_role_ids: if acc_is_user_in_role(user_info, role_id): break else: res[uid] = n return res
def _precache(self, info, force=False): """Calculate permissions for user actions. FIXME: compatibility layer only !!! """ try: from invenio_accounts.models import User except ImportError: return {} CFG_BIBAUTHORID_ENABLED = current_app.config.get( 'CFG_BIBAUTHORID_ENABLED', False) # get authorization key acc_key = self.get_acc_key() acc = cache.get(acc_key) if not force and acc_key is not None and acc is not None: return acc # FIXME: acc_authorize_action should use flask request directly user_info = info user_info.update(self.req) user = User.query.get(user_info['uid']) from invenio_access.engine import acc_authorize_action from invenio_access.control import acc_get_role_id, \ acc_is_user_in_role from invenio_search.utils import \ get_permitted_restricted_collections from invenio_deposit.cache import \ get_authorized_deposition_types data = {} data['precached_permitted_restricted_collections'] = \ get_permitted_restricted_collections(user_info) data['precached_allowed_deposition_types'] = \ get_authorized_deposition_types(user_info) data['precached_useloans'] = acc_authorize_action( user_info, 'useloans')[0] == 0 data['precached_usegroups'] = acc_authorize_action( user_info, 'usegroups')[0] == 0 data['precached_usemessages'] = acc_authorize_action( user_info, 'usemessages')[0] == 0 data['precached_useadmin'] = user.has_admin_role data['precached_usesuperadmin'] = user.has_super_admin_role data['precached_canseehiddenmarctags'] = acc_authorize_action( user_info, 'runbibedit')[0] == 0 usepaperclaim = False usepaperattribution = False viewclaimlink = False if (CFG_BIBAUTHORID_ENABLED and acc_is_user_in_role( user_info, acc_get_role_id("paperclaimviewers"))): usepaperclaim = True if (CFG_BIBAUTHORID_ENABLED and acc_is_user_in_role( user_info, acc_get_role_id("paperattributionviewers"))): usepaperattribution = True viewlink = False try: viewlink = session['personinfo']['claim_in_process'] except (KeyError, TypeError): pass if (current_app.config.get('CFG_BIBAUTHORID_ENABLED') and usepaperattribution and viewlink): viewclaimlink = True # if (CFG_BIBAUTHORID_ENABLED # and ((usepaperclaim or usepaperattribution) # and acc_is_user_in_role( # data, acc_get_role_id("paperattributionlinkviewers")))): # viewclaimlink = True data['precached_viewclaimlink'] = viewclaimlink data['precached_usepaperclaim'] = usepaperclaim data['precached_usepaperattribution'] = usepaperattribution timeout = current_app.config.get( 'CFG_WEBSESSION_EXPIRY_LIMIT_DEFAULT', 0) * 3600 cache.set(acc_key, data, timeout=timeout) return data
def _precache(self, info, force=False): """Calculate permissions for user actions. FIXME: compatibility layer only !!! """ CFG_BIBAUTHORID_ENABLED = current_app.config.get("CFG_BIBAUTHORID_ENABLED", False) # get authorization key acc_key = self.get_acc_key() acc = cache.get(acc_key) if not force and acc_key is not None and acc is not None: return acc # FIXME: acc_authorize_action should use flask request directly user_info = info user_info.update(self.req) from invenio.legacy.webuser import isUserSubmitter, isUserReferee, isUserAdmin, isUserSuperAdmin from invenio_access.engine import acc_authorize_action from invenio_access.control import acc_get_role_id, acc_is_user_in_role from invenio_search.utils import get_permitted_restricted_collections from invenio_deposit.cache import get_authorized_deposition_types data = {} data["precached_permitted_restricted_collections"] = get_permitted_restricted_collections(user_info) data["precached_allowed_deposition_types"] = get_authorized_deposition_types(user_info) data["precached_useloans"] = acc_authorize_action(user_info, "useloans")[0] == 0 data["precached_usegroups"] = acc_authorize_action(user_info, "usegroups")[0] == 0 data["precached_usemessages"] = acc_authorize_action(user_info, "usemessages")[0] == 0 try: data["precached_viewsubmissions"] = isUserSubmitter(user_info) except Exception: data["precached_viewsubmissions"] = None data["precached_useapprove"] = isUserReferee(user_info) data["precached_useadmin"] = isUserAdmin(user_info) data["precached_usesuperadmin"] = isUserSuperAdmin(user_info) data["precached_canseehiddenmarctags"] = acc_authorize_action(user_info, "runbibedit")[0] == 0 usepaperclaim = False usepaperattribution = False viewclaimlink = False if CFG_BIBAUTHORID_ENABLED and acc_is_user_in_role(user_info, acc_get_role_id("paperclaimviewers")): usepaperclaim = True if CFG_BIBAUTHORID_ENABLED and acc_is_user_in_role(user_info, acc_get_role_id("paperattributionviewers")): usepaperattribution = True viewlink = False try: viewlink = session["personinfo"]["claim_in_process"] except (KeyError, TypeError): pass if current_app.config.get("CFG_BIBAUTHORID_ENABLED") and usepaperattribution and viewlink: viewclaimlink = True # if (CFG_BIBAUTHORID_ENABLED # and ((usepaperclaim or usepaperattribution) # and acc_is_user_in_role( # data, acc_get_role_id("paperattributionlinkviewers")))): # viewclaimlink = True data["precached_viewclaimlink"] = viewclaimlink data["precached_usepaperclaim"] = usepaperclaim data["precached_usepaperattribution"] = usepaperattribution timeout = current_app.config.get("CFG_WEBSESSION_EXPIRY_LIMIT_DEFAULT", 0) * 3600 cache.set(acc_key, data, timeout=timeout) return data
def _precache(self, info, force=False): """Calculate permissions for user actions. FIXME: compatibility layer only !!! """ try: from invenio_accounts.models import User except ImportError: return {} CFG_BIBAUTHORID_ENABLED = current_app.config.get( 'CFG_BIBAUTHORID_ENABLED', False) # get authorization key acc_key = self.get_acc_key() acc = cache.get(acc_key) if not force and acc_key is not None and acc is not None: return acc # FIXME: acc_authorize_action should use flask request directly user_info = info user_info.update(self.req) user = User.query.get(user_info['uid']) data = {} data['precached_useadmin'] = getattr(user, 'has_admin_role', False) data['precached_usesuperadmin'] = getattr(user, 'has_super_admin_role', False) try: from invenio_search.utils import \ get_permitted_restricted_collections data['precached_permitted_restricted_collections'] = \ get_permitted_restricted_collections(user_info) except Exception: current_app.logger.exception( 'Permitted restricted collections were not loaded.') try: from invenio_deposit.cache import \ get_authorized_deposition_types data['precached_allowed_deposition_types'] = \ get_authorized_deposition_types(user_info) except Exception: current_app.logger.exception( 'Allowed deposition types were not loaded.') usepaperclaim = False usepaperattribution = False viewclaimlink = False try: from invenio_access.engine import acc_authorize_action from invenio_access.control import acc_get_role_id, \ acc_is_user_in_role data['precached_useloans'] = acc_authorize_action( user_info, 'useloans')[0] == 0 data['precached_usegroups'] = acc_authorize_action( user_info, 'usegroups')[0] == 0 data['precached_usemessages'] = acc_authorize_action( user_info, 'usemessages')[0] == 0 data['precached_canseehiddenmarctags'] = acc_authorize_action( user_info, 'runbibedit')[0] == 0 if (CFG_BIBAUTHORID_ENABLED and acc_is_user_in_role( user_info, acc_get_role_id("paperclaimviewers"))): usepaperclaim = True if (CFG_BIBAUTHORID_ENABLED and acc_is_user_in_role( user_info, acc_get_role_id("paperattributionviewers"))): usepaperattribution = True except Exception: current_app.logger.exception("Access control module is broken.") viewlink = False try: viewlink = session['personinfo']['claim_in_process'] except (KeyError, TypeError): pass if (current_app.config.get('CFG_BIBAUTHORID_ENABLED') and usepaperattribution and viewlink): viewclaimlink = True # if (CFG_BIBAUTHORID_ENABLED # and ((usepaperclaim or usepaperattribution) # and acc_is_user_in_role( # data, acc_get_role_id("paperattributionlinkviewers")))): # viewclaimlink = True data['precached_viewclaimlink'] = viewclaimlink data['precached_usepaperclaim'] = usepaperclaim data['precached_usepaperattribution'] = usepaperattribution timeout = current_app.config.get('CFG_WEBSESSION_EXPIRY_LIMIT_DEFAULT', 0) * 3600 cache.set(acc_key, data, timeout=timeout) return data