Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merge US-Permissions to staging #3247

Merged
merged 26 commits into from
Feb 8, 2023
Merged

Merge US-Permissions to staging #3247

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
26 commits
Select commit Hold shift + click to select a range
8368ee0
permissions: adding new roles
zannkukai Jun 30, 2022
b562df1
permissions: patron types
jma Jul 20, 2022
fddeeb0
permissions: refactoring organisation policy
zannkukai Aug 11, 2022
b754595
permissions: refactoring vendor policy
lauren-d Aug 24, 2022
ea9f622
permissions: refactoring item type policy
lauren-d Aug 26, 2022
153cf65
permissions: refactoring library policy
zannkukai Aug 19, 2022
81915fa
permissions: refactoring contribution policy
lauren-d Aug 26, 2022
e98a5a9
permissions: refactoring ILL request policy
zannkukai Aug 23, 2022
f26455a
permissions: refactoring circulation policies
lauren-d Aug 30, 2022
1c80946
permissions: refactoring location policy
Garfield-fr Sep 7, 2022
49324d7
permissions: document/holding/item resource policies refactoring
zannkukai Aug 30, 2022
0f46fbd
permission: acquisition resources policies
zannkukai Aug 26, 2022
bf39c96
permissions: refactoring loan policies
Garfield-fr Sep 15, 2022
5d07ff4
permissions: refactoring notification permission policy
zannkukai Oct 5, 2022
94b0d0b
permission: operation logs policies
zannkukai Aug 26, 2022
7e68411
permission: Refactoring collection/template permission policies
zannkukai Aug 31, 2022
92dd8d9
permissions: refactoring LocalField permission policy
zannkukai Oct 3, 2022
d417efe
permissions: refactroring patron transaction permissions policies
zannkukai Oct 7, 2022
3a19792
permission: refactoring patron resource policies
zannkukai Sep 2, 2022
3159d74
permissions: refactoring statistics permission policy
zannkukai Oct 7, 2022
1dca167
permissions: expose permissions for logged user
zannkukai Oct 6, 2022
8c7467a
permissions: expose permission by patron
zannkukai Oct 27, 2022
7a78238
permissions: alembic script to migrate librarian roles.
zannkukai Nov 7, 2022
131086e
templates: use marshmallow for API control
zannkukai Dec 15, 2022
2880407
patrons: use marshmallow for API control
zannkukai Jan 11, 2023
6d7bdc7
patron: use of checkboxes for roles
Garfield-fr Nov 23, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
permissions: refactroring patron transaction permissions policies 
Co-Authored-by: Renaud Michotte <renaud.michotte@gmail.com>
  • Loading branch information
@zannkukai
zannkukai committed Feb 7, 2023
commit d417efe8dc540b718fc2a2033728374cee82299e
70 changes: 43 additions & 27 deletions data/role_policies.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -425,8 +425,23 @@
"pro_catalog_manager",
"pro_library_administrator"
],
"notif-search": [
"patron",
"notif-update": [
"pro_full_permissions",
"pro_library_administrator"
],
"notif-create": [
"pro_full_permissions",
"pro_library_administrator"
],
"notif-delete": [
"pro_full_permissions",
"pro_library_administrator"
],
"oplg-read": [
"pro_full_permissions",
"pro_read_only"
],
"org-search": [
"pro_full_permissions",
"pro_read_only",
"pro_catalog_manager",
Expand All @@ -435,8 +450,7 @@
"pro_acquisition_manager",
"pro_library_administrator"
],
"notif-read": [
"patron",
"org-read": [
"pro_full_permissions",
"pro_read_only",
"pro_catalog_manager",
Expand All @@ -445,17 +459,26 @@
"pro_acquisition_manager",
"pro_library_administrator"
],
"notif-update": [
"org-update": [
"pro_full_permissions"
],
"pttr-update": [
"pro_full_permissions",
"pro_library_administrator"
"pro_library_administrator",
"pro_user_manager",
"pro_circulation_manager"
],
"notif-create": [
"pttr-create": [
"pro_full_permissions",
"pro_library_administrator"
"pro_library_administrator",
"pro_user_manager",
"pro_circulation_manager"
],
"notif-delete": [
"pttr-delete": [
"pro_full_permissions",
"pro_library_administrator"
"pro_library_administrator",
"pro_user_manager",
"pro_circulation_manager"
],
"ptty-search": [
"pro_full_permissions",
Expand Down Expand Up @@ -484,30 +507,23 @@
"ptty-delete": [
"pro_full_permissions"
],
"oplg-read": [
"ptre-update": [
"pro_full_permissions",
"pro_read_only"
"pro_library_administrator",
"pro_user_manager",
"pro_circulation_manager"
],
"org-search": [
"ptre-create": [
"pro_full_permissions",
"pro_read_only",
"pro_catalog_manager",
"pro_circulation_manager",
"pro_library_administrator",
"pro_user_manager",
"pro_acquisition_manager",
"pro_library_administrator"
"pro_circulation_manager"
],
"org-read": [
"ptre-delete": [
"pro_full_permissions",
"pro_read_only",
"pro_catalog_manager",
"pro_circulation_manager",
"pro_library_administrator",
"pro_user_manager",
"pro_acquisition_manager",
"pro_library_administrator"
],
"org-update": [
"pro_full_permissions"
"pro_circulation_manager"
],
"tmpl-search": [
"pro_full_permissions",
Expand Down
18 changes: 18 additions & 0 deletions data/system_role_policies.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,25 @@
"lofi-read": [
"any_user"
],
"notif-search": [
"authenticated_user"
],
"notif-read": [
"authenticated_user"
],
"oplg-search": [
"authenticated_user"
],
"pttr-search": [
"authenticated_user"
],
"pttr-read": [
"authenticated_user"
],
"ptre-search": [
"authenticated_user"
],
"ptre-read": [
"authenticated_user"
]
}
10 changes: 10 additions & 0 deletions pyproject.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -510,11 +510,21 @@ org_read = "rero_ils.modules.organisations.permissions:read_action"
org_create = "rero_ils.modules.organisations.permissions:create_action"
org_update = "rero_ils.modules.organisations.permissions:update_action"
org_delete = "rero_ils.modules.organisations.permissions:delete_action"
pttr_search = "rero_ils.modules.patron_transactions.permissions:search_action"
pttr_read = "rero_ils.modules.patron_transactions.permissions:read_action"
pttr_create = "rero_ils.modules.patron_transactions.permissions:create_action"
pttr_update = "rero_ils.modules.patron_transactions.permissions:update_action"
pttr_delete = "rero_ils.modules.patron_transactions.permissions:delete_action"
ptty_search = "rero_ils.modules.patron_types.permissions:search_action"
ptty_read = "rero_ils.modules.patron_types.permissions:read_action"
ptty_create = "rero_ils.modules.patron_types.permissions:create_action"
ptty_update = "rero_ils.modules.patron_types.permissions:update_action"
ptty_delete = "rero_ils.modules.patron_types.permissions:delete_action"
ptre_search = "rero_ils.modules.patron_transaction_events.permissions:search_action"
ptre_read = "rero_ils.modules.patron_transaction_events.permissions:read_action"
ptre_create = "rero_ils.modules.patron_transaction_events.permissions:create_action"
ptre_update = "rero_ils.modules.patron_transaction_events.permissions:update_action"
ptre_delete = "rero_ils.modules.patron_transaction_events.permissions:delete_action"
tmpl_search = "rero_ils.modules.templates.permissions:search_action"
tmpl_read = "rero_ils.modules.templates.permissions:read_action"
tmpl_create = "rero_ils.modules.templates.permissions:create_action"
Expand Down
69 changes: 19 additions & 50 deletions rero_ils/config.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -110,11 +110,11 @@
from .modules.organisations.permissions import OrganisationPermissionPolicy
from .modules.patron_transaction_events.api import PatronTransactionEvent
from .modules.patron_transaction_events.permissions import \
PatronTransactionEventPermission
PatronTransactionEventPermissionPolicy
from .modules.patron_transaction_events.utils import total_facet_filter_builder
from .modules.patron_transactions.api import PatronTransaction
from .modules.patron_transactions.permissions import \
PatronTransactionPermission
PatronTransactionPermissionPolicy
from .modules.patron_types.api import PatronType
from .modules.patron_types.permissions import PatronTypePermissionPolicy
from .modules.patrons.api import Patron
Expand Down Expand Up @@ -953,25 +953,18 @@ def _(x):
record_loaders={
'application/json': lambda: PatronTransaction(request.get_json()),
},
record_class=('rero_ils.modules.patron_transactions.api:'
'PatronTransaction'),
record_class='rero_ils.modules.patron_transactions.api:PatronTransaction',
list_route='/patron_transactions/',
item_route=('/patron_transactions/<pid(pttr, record_class='
'"rero_ils.modules.patron_transactions.api:'
'PatronTransaction"):pid_value>'),
item_route=('/patron_transactions/<pid(pttr, record_class="'
'rero_ils.modules.patron_transactions.api:PatronTransaction"):pid_value>'),
default_media_type='application/json',
max_result_window=MAX_RESULT_WINDOW,
search_factory_imp='rero_ils.query:patron_transactions_search_factory',
list_permission_factory_imp=lambda record: record_permission_factory(
action='list', record=record, cls=PatronTransactionPermission),
read_permission_factory_imp=lambda record: record_permission_factory(
action='read', record=record, cls=PatronTransactionPermission),
create_permission_factory_imp=lambda record: record_permission_factory(
action='create', record=record, cls=PatronTransactionPermission),
update_permission_factory_imp=lambda record: record_permission_factory(
action='update', record=record, cls=PatronTransactionPermission),
delete_permission_factory_imp=lambda record: record_permission_factory(
action='delete', record=record, cls=PatronTransactionPermission)
list_permission_factory_imp=lambda record: PatronTransactionPermissionPolicy('search', record=record),
read_permission_factory_imp=lambda record: PatronTransactionPermissionPolicy('read', record=record),
create_permission_factory_imp=lambda record: PatronTransactionPermissionPolicy('create', record=record),
update_permission_factory_imp=lambda record: PatronTransactionPermissionPolicy('update', record=record),
delete_permission_factory_imp=lambda record: PatronTransactionPermissionPolicy('delete', record=record)
),
ptre=dict(
pid_type='ptre',
Expand All @@ -981,8 +974,7 @@ def _(x):
'PatronTransactionEventsSearch'),
search_index='patron_transaction_events',
search_type=None,
indexer_class=('rero_ils.modules.patron_transaction_events.api:'
'PatronTransactionEventsIndexer'),
indexer_class='rero_ils.modules.patron_transaction_events.api:PatronTransactionEventsIndexer',
record_serializers={
'application/json': 'rero_ils.modules.serializers:json_v1_response'
},
Expand All @@ -998,43 +990,20 @@ def _(x):
'rero': 'application/rero+json'
},
record_loaders={
'application/json': lambda: PatronTransactionEvent(
request.get_json()),
'application/json': lambda: PatronTransactionEvent(request.get_json()),
},
record_class=('rero_ils.modules.patron_transaction_events.api:'
'PatronTransactionEvent'),
record_class='rero_ils.modules.patron_transaction_events.api:PatronTransactionEvent',
list_route='/patron_transaction_events/',
item_route=('/patron_transaction_events/<pid(ptre, record_class='
'"rero_ils.modules.patron_transaction_events.api:'
'PatronTransactionEvent"):pid_value>'),
'"rero_ils.modules.patron_transaction_events.api:PatronTransactionEvent"):pid_value>'),
default_media_type='application/json',
max_result_window=MAX_RESULT_WINDOW,
search_factory_imp='rero_ils.query:patron_transactions_search_factory',
list_permission_factory_imp=lambda record: record_permission_factory(
action='list',
record=record,
cls=PatronTransactionEventPermission
),
read_permission_factory_imp=lambda record: record_permission_factory(
action='read',
record=record,
cls=PatronTransactionEventPermission
),
create_permission_factory_imp=lambda record: record_permission_factory(
action='create',
record=record,
cls=PatronTransactionEventPermission
),
update_permission_factory_imp=lambda record: record_permission_factory(
action='update',
record=record,
cls=PatronTransactionEventPermission
),
delete_permission_factory_imp=lambda record: record_permission_factory(
action='delete',
record=record,
cls=PatronTransactionEventPermission
)
list_permission_factory_imp=lambda record: PatronTransactionEventPermissionPolicy('search', record=record),
read_permission_factory_imp=lambda record: PatronTransactionEventPermissionPolicy('read', record=record),
create_permission_factory_imp=lambda record: PatronTransactionEventPermissionPolicy('create', record=record),
update_permission_factory_imp=lambda record: PatronTransactionEventPermissionPolicy('update', record=record),
delete_permission_factory_imp=lambda record: PatronTransactionEventPermissionPolicy('delete', record=record)
),
ptty=dict(
pid_type='ptty',
Expand Down
77 changes: 18 additions & 59 deletions rero_ils/modules/patron_transaction_events/permissions.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,67 +16,26 @@
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.

"""Permissions for Patron event transaction."""
"""Permissions for Patron transaction event."""
from invenio_access import action_factory

from rero_ils.modules.patron_transactions.permissions import \
PatronTransactionPermission
from rero_ils.modules.permissions import RecordPermission
from rero_ils.modules.permissions import AllowedByAction, \
AllowedByActionRestrictByOrganisation, \
AllowedByActionRestrictByOwnerOrOrganisation, RecordPermissionPolicy

# Actions to control patron transaction event policies for CRUD operations
search_action = action_factory('ptre-search')
read_action = action_factory('ptre-read')
create_action = action_factory('ptre-create')
update_action = action_factory('ptre-update')
delete_action = action_factory('ptre-delete')

class PatronTransactionEventPermission(RecordPermission):
"""Patron transaction event permissions."""

@classmethod
def list(cls, user, record=None):
"""List permission check.
class PatronTransactionEventPermissionPolicy(RecordPermissionPolicy):
"""PatronTransactionEvent permission policy used by the CRUD operations."""

:param user: Logged user.
:param record: Record to check
:return: True is action can be done.
"""
# same as PatronTransaction
return PatronTransactionPermission.list(user, record)

@classmethod
def read(cls, user, record):
"""Read permission check.

:param user: Logged user.
:param record: Record to check.
:return: True is action can be done.
"""
# same as PatronTransaction
return PatronTransactionPermission.read(user, record)

@classmethod
def create(cls, user, record=None):
"""Create permission check.

:param user: Logged user.
:param record: Record to check.
:return: True is action can be done.
"""
# same as PatronTransaction
return PatronTransactionPermission.create(user, record)

@classmethod
def update(cls, user, record):
"""Update permission check.

:param user: Logged user.
:param record: Record to check.
:return: True is action can be done.
"""
# same as PatronTransaction
return PatronTransactionPermission.update(user, record)

@classmethod
def delete(cls, user, record):
"""Delete permission check.

:param user: Logged user.
:param record: Record to check.
:return: True if action can be done.
"""
# same as PatronTransaction
return PatronTransactionPermission.delete(user, record)
can_search = [AllowedByAction(search_action)]
can_read = [AllowedByActionRestrictByOwnerOrOrganisation(read_action)]
can_create = [AllowedByActionRestrictByOrganisation(create_action)]
can_update = [AllowedByActionRestrictByOrganisation(update_action)]
can_delete = [AllowedByActionRestrictByOrganisation(delete_action)]
Loading