def can_edit_accessright(record): """Test if access right is valid.""" r = RecordMetadata() setattr(r, 'id', record) permission_edit_record = update_permission_factory(r) if permission_edit_record.can(): return True return False
def edit_record(pid_value=None): resolver = Resolver(pid_type='recid', object_type='rec', getter=Record.get_record) try: pid, record = resolver.resolve(pid_value) except: abort(404) permission_edit_record = update_permission_factory(record) if permission_edit_record.can(): return record_view(pid_value, resolver, 'records/edit.html', None, default_view_method) abort(403)
def update_record(pid_value=None): resolver = Resolver( pid_type='recid', object_type='rec', getter=Record.get_record) try: pid, record = resolver.resolve(pid_value) except: abort(404) permission_edit_record = update_permission_factory(record) if not permission_edit_record.can(): abort(404) try: _metadata_patch = request.get_data() print(_metadata_patch) prepare_patch = json.loads(_metadata_patch) for m in prepare_patch: m["path"] = JSON_METADATA_PATH + m.get("path", "") record = record.patch(patch=prepare_patch) except (JsonPatchException, JsonPointerException): db.session.rollback() abort(400) try: record.commit() except ValidationError as error: print("============================") print(error.message) print("============================") db.session.rollback() resp = jsonify(**{'message': error.message}) resp.status_code = 400 return resp db.session.commit() resp = jsonify() resp.status_code = 200 return resp
def edit_record(pid_value=None): resolver = Resolver( pid_type='recid', object_type='rec', getter=Record.get_record) try: pid, record = resolver.resolve(pid_value) except: abort(404) permission_edit_record = update_permission_factory(record) if permission_edit_record.can(): return record_view(pid_value, resolver, 'records/edit.html', None, default_view_method ) abort(403)
def change_record_privacy(pid_value=None): resolver = Resolver( pid_type='recid', object_type='rec', getter=Record.get_record) pid, record = resolver.resolve(pid_value) permission_update_record = update_permission_factory(record) if not permission_update_record.can(): abort(403) index_instance = ActionUsers.query.filter( ActionUsers.action == "records-index", ActionUsers.argument == str(record.id), ActionUsers.user_id.is_(None)).first() read_instance = ActionUsers.query.filter( ActionUsers.action == "records-read", ActionUsers.argument == str(record.id), ActionUsers.user_id.is_(None)).first() with db.session.begin_nested(): if index_instance: db.session.delete(index_instance) db.session.delete(read_instance) else: action_read_record = RecordReadActionNeed(str(record.id)) action_index_record = RecordIndexActionNeed(str(record.id)) db.session.add(ActionUsers.allow(action_read_record)) db.session.add(ActionUsers.allow(action_index_record)) db.session.commit() resp = jsonify() resp.status_code = 200 return resp