Re: Access permissions

Mon, 27 Jan 2014 00:49:00 -0800 

Hi Hraban,


On 01/27/2014 09:26 AM, Samuele Kaplun wrote:

Dear Hraban,

In data lunedì 27 gennaio 2014 12:23:40, Henning Hraban Ramm ha scritto:

is there any documentation on access permissions? I couldn’t find anything
helpful.

The official documentation is available in every installation of Invenio:
<http://invenio-demo.cern.ch/help/admin/webaccess-admin-guide>

I’d like to know
- how to check for permissions within web templates (show some parts only to
some groups/roles)

That's often not possible. In current Invenio master, templates are typically
implemented in a way that minimize the business logic, and therefore they
always receive the minimal amount of parameters: most of the time this means
that the "req" object (containing all the information about the current HTTP
request) or the "user_info" dictionary (containing all the details of the
current user are not passed.

If you are lucky and the templates at hand actually has the req or user_info
dictionary what you can do is:

[...]
## if you want to use regular RBAC model or you can use:
from invenio.access_control_engine import acc_authorize_action
auth_code, auth_message = acc_authorize_action(req (or user_info), action,
**args)

## if you want to just check membership to a role
from invenio.webuser import collect_user_info
from invenio.access_control_admin import acc_is_user_in_role, acc_get_role_id

## the following is necessary if you had only req and not user_info
user_info = collect_user_info(req)
if acc_is_user_in_role(user_info, acc_get_role_id(role_name)):
     [...]

[...]

If the template does not receive any req or user_info object you will have to
patch the code that calls the given template (typically some method in a
_webinterface.py file) in order to pass them. Feel free to contribute such a
patch for integration.
Also, you could check the access restrictions and do the logic around it in a bibformat element, and then use this element in your template. An example can be found in bfe_edit_files.py (by using bfo.user_info as the user_info dictionary). This, of course, depends on what you are trying to achieve, but as Sam was mentioning, currently it's not possible to access the req object from inside the templates, so using a bibformat element might be the easiest way. 

Cheers,
Ludmila

Reply via email to