# -*- coding: utf-8 -*-
#
# This file is part of INSPIRE.
# Copyright (C) 2014-2017 CERN.
#
# INSPIRE is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# INSPIRE is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with INSPIRE. If not, see <http://www.gnu.org/licenses/>.
#
# In applying this license, CERN does not waive the privileges and immunities
# granted to it by virtue of its status as an Intergovernmental Organization
# or submit itself to any jurisdiction.
"""Fixtures for users, roles and actions."""
from __future__ import absolute_import, division, print_function
from flask import current_app
from flask_security.utils import hash_password
from invenio_access.models import ActionRoles
from invenio_accounts.models import Role
from invenio_db import db
[docs]def init_roles():
ds = current_app.extensions['invenio-accounts'].datastore
with db.session.begin_nested():
ds.create_role(
name='superuser',
description='admin with no restrictions'
)
ds.create_role(
name='cataloger',
description='users with editing capabilities'
)
ds.create_role(
name='hermescurator',
description='curator for HERMES Internal Notes'
)
ds.create_role(
name='hermescoll',
description='HERMES Collaboration access to Internal Notes'
)
ds.create_role(
name='jlabcurator',
description='curator for JLAB related articles'
)
db.session.commit()
[docs]def init_users():
"""Sample users, not to be used in production."""
ds = current_app.extensions['invenio-accounts'].datastore
superuser = Role.query.filter_by(name='superuser').one()
cataloger = Role.query.filter_by(name='cataloger').one()
hermes_curator = Role.query.filter_by(name='hermescurator').one()
hermes_collections = Role.query.filter_by(name='hermescoll').one()
jlab_curator = Role.query.filter_by(name='jlabcurator').one()
with db.session.begin_nested():
ds.create_user(
email='admin@inspirehep.net',
password=hash_password("123456"),
active=True,
roles=[superuser],
)
ds.create_user(
email='cataloger@inspirehep.net',
password=hash_password("123456"),
active=True,
roles=[cataloger],
)
ds.create_user(
email='hermescataloger@inspirehep.net',
password=hash_password("123456"),
active=True,
roles=[hermes_curator, hermes_collections],
)
ds.create_user(
email='jlabcurator@inspirehep.net',
password=hash_password("123456"),
active=True,
roles=[jlab_curator],
)
ds.create_user(
email='johndoe@inspirehep.net',
password=hash_password("123456"),
active=True,
)
db.session.commit()
[docs]def init_superuser_permissions():
superuser = Role.query.filter_by(name='superuser').one()
db.session.add(ActionRoles(
action='superuser-access',
role=superuser,
))
db.session.add(ActionRoles(
action='admin-access',
role=superuser,
))
[docs]def init_cataloger_permissions():
cataloger = Role.query.filter_by(name='cataloger').one()
db.session.add(ActionRoles(
action='workflows-ui-admin-access',
role=cataloger,
))
db.session.add(ActionRoles(
action='admin-holdingpen-authors',
role=cataloger,
))
db.session.add(ActionRoles(
action='update-collection',
role=cataloger,
))
db.session.add(ActionRoles(
action='editor-use-api',
role=cataloger,
))
db.session.add(ActionRoles(
action='migrator-use-api',
role=cataloger,
))
[docs]def init_hermes_permissions():
hermes_collections = Role.query.filter_by(name='hermescoll').one()
db.session.add(ActionRoles(
action='view-restricted-collection',
argument='HERMES Internal Notes',
role=hermes_collections,
))
hermes_curator = Role.query.filter_by(name='hermescurator').one()
db.session.add(ActionRoles(
action='update-collection',
argument='HERMES Internal Notes',
role=hermes_curator,
))
[docs]def init_jlab_permissions():
jlab_curator = Role.query.filter_by(name='jlabcurator').one()
db.session.add(ActionRoles(
action='workflows-ui-read-access',
role=jlab_curator,
))
db.session.add(ActionRoles(
action='update-collection',
role=jlab_curator,
))
[docs]def init_permissions():
init_superuser_permissions()
init_cataloger_permissions()
init_hermes_permissions()
init_jlab_permissions()
db.session.commit()
[docs]def init_users_and_permissions():
init_roles()
init_users()
init_permissions()