-
Notifications
You must be signed in to change notification settings - Fork 87
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
grant access: implement groups grant record access
* add new endpoint for groups grant record access * rename "role" to "group" to be consistent with groups in community memberships * manage groups enabled feature flag by the permission * closes #1672
- Loading branch information
1 parent
df7fe6b
commit 8513b7b
Showing
12 changed files
with
164 additions
and
102 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,33 @@ | ||
# -*- coding: utf-8 -*- | ||
# | ||
# Copyright (C) 2024 CERN. | ||
# | ||
# Invenio-RDM-Records is free software; you can redistribute it and/or modify | ||
# it under the terms of the MIT License; see LICENSE file for more details. | ||
|
||
"""RDM services decorators.""" | ||
|
||
from functools import wraps | ||
|
||
from flask import current_app | ||
from invenio_records_resources.services.errors import PermissionDeniedError | ||
|
||
|
||
def groups_enabled(group_subject_type, **kwargs): | ||
"""Decorator to check if users are trying to access disabled feature.""" | ||
|
||
def decorator(f): | ||
@wraps(f) | ||
def inner(self, *args, **kwargs): | ||
subject_type = kwargs["subject_type"] | ||
if ( | ||
not current_app.config.get("USERS_RESOURCES_GROUPS_ENABLED", False) | ||
and subject_type == group_subject_type | ||
): | ||
raise PermissionDeniedError() | ||
|
||
return f(self, *args, **kwargs) | ||
|
||
return inner | ||
|
||
return decorator |
Oops, something went wrong.