def can_edit_accessright(record):
"""Test if access right is valid."""
r = RecordMetadata()
setattr(r, 'id', record)
permission_edit_record = update_permission_factory(r)
if permission_edit_record.can():
return True
return False
def can_edit_accessright(record):
"""Test if access right is valid."""
r = RecordMetadata()
setattr(r, 'id', record)
permission_edit_record = update_permission_factory(r)
if permission_edit_record.can():
return True
return False
def edit_record(pid_value=None):
resolver = Resolver(pid_type='recid',
object_type='rec',
getter=Record.get_record)
try:
pid, record = resolver.resolve(pid_value)
except:
abort(404)
permission_edit_record = update_permission_factory(record)
if permission_edit_record.can():
return record_view(pid_value, resolver, 'records/edit.html', None,
default_view_method)
abort(403)
def update_record(pid_value=None):
resolver = Resolver(
pid_type='recid',
object_type='rec',
getter=Record.get_record)
try:
pid, record = resolver.resolve(pid_value)
except:
abort(404)
permission_edit_record = update_permission_factory(record)
if not permission_edit_record.can():
abort(404)
try:
_metadata_patch = request.get_data()
print(_metadata_patch)
prepare_patch = json.loads(_metadata_patch)
for m in prepare_patch:
m["path"] = JSON_METADATA_PATH + m.get("path", "")
record = record.patch(patch=prepare_patch)
except (JsonPatchException, JsonPointerException):
db.session.rollback()
abort(400)
try:
record.commit()
except ValidationError as error:
print("============================")
print(error.message)
print("============================")
db.session.rollback()
resp = jsonify(**{'message': error.message})
resp.status_code = 400
return resp
db.session.commit()
resp = jsonify()
resp.status_code = 200
return resp
def update_record(pid_value=None):
resolver = Resolver(
pid_type='recid',
object_type='rec',
getter=Record.get_record)
try:
pid, record = resolver.resolve(pid_value)
except:
abort(404)
permission_edit_record = update_permission_factory(record)
if not permission_edit_record.can():
abort(404)
try:
_metadata_patch = request.get_data()
print(_metadata_patch)
prepare_patch = json.loads(_metadata_patch)
for m in prepare_patch:
m["path"] = JSON_METADATA_PATH + m.get("path", "")
record = record.patch(patch=prepare_patch)
except (JsonPatchException, JsonPointerException):
db.session.rollback()
abort(400)
try:
record.commit()
except ValidationError as error:
print("============================")
print(error.message)
print("============================")
db.session.rollback()
resp = jsonify(**{'message': error.message})
resp.status_code = 400
return resp
db.session.commit()
resp = jsonify()
resp.status_code = 200
return resp
def edit_record(pid_value=None):
resolver = Resolver(
pid_type='recid',
object_type='rec',
getter=Record.get_record)
try:
pid, record = resolver.resolve(pid_value)
except:
abort(404)
permission_edit_record = update_permission_factory(record)
if permission_edit_record.can():
return record_view(pid_value, resolver,
'records/edit.html',
None,
default_view_method
)
abort(403)
def change_record_privacy(pid_value=None):
resolver = Resolver(
pid_type='recid',
object_type='rec',
getter=Record.get_record)
pid, record = resolver.resolve(pid_value)
permission_update_record = update_permission_factory(record)
if not permission_update_record.can():
abort(403)
index_instance = ActionUsers.query.filter(
ActionUsers.action == "records-index",
ActionUsers.argument == str(record.id),
ActionUsers.user_id.is_(None)).first()
read_instance = ActionUsers.query.filter(
ActionUsers.action == "records-read",
ActionUsers.argument == str(record.id),
ActionUsers.user_id.is_(None)).first()
with db.session.begin_nested():
if index_instance:
db.session.delete(index_instance)
db.session.delete(read_instance)
else:
action_read_record = RecordReadActionNeed(str(record.id))
action_index_record = RecordIndexActionNeed(str(record.id))
db.session.add(ActionUsers.allow(action_read_record))
db.session.add(ActionUsers.allow(action_index_record))
db.session.commit()
resp = jsonify()
resp.status_code = 200
return resp
def change_record_privacy(pid_value=None):
resolver = Resolver(
pid_type='recid',
object_type='rec',
getter=Record.get_record)
pid, record = resolver.resolve(pid_value)
permission_update_record = update_permission_factory(record)
if not permission_update_record.can():
abort(403)
index_instance = ActionUsers.query.filter(
ActionUsers.action == "records-index",
ActionUsers.argument == str(record.id),
ActionUsers.user_id.is_(None)).first()
read_instance = ActionUsers.query.filter(
ActionUsers.action == "records-read",
ActionUsers.argument == str(record.id),
ActionUsers.user_id.is_(None)).first()
with db.session.begin_nested():
if index_instance:
db.session.delete(index_instance)
db.session.delete(read_instance)
else:
action_read_record = RecordReadActionNeed(str(record.id))
action_index_record = RecordIndexActionNeed(str(record.id))
db.session.add(ActionUsers.allow(action_read_record))
db.session.add(ActionUsers.allow(action_index_record))
db.session.commit()
resp = jsonify()
resp.status_code = 200
return resp
