Cian-H/invenio-config-iform
1
0
Fork 0
mirror of https://github.com/Cian-H/invenio-config-iform.git synced 2025-12-22 21:11:57 +00:00
Code Issues Packages Projects Releases Wiki Activity

setup: introduce ruff

Browse Source 
* remove unused .tx. the translation is done without transifex

* remove unused files

* remove unused checks because ruff took over
This commit is contained in:
Christoph Ladurner
2024-07-19 00:31:08 +02:00
parent 760363b4a5
commit 583a67d0cf
13 changed files with 108 additions and 306 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
.tx/config
View File

@@ -1,33 +0,0 @@
# -*- coding: utf-8 -*-
#
# Copyright (C) 2020 Mojib Wali.
#
# invenio-config-tugraz is free software; you can redistribute it and/or
# modify it under the terms of the MIT License; see LICENSE file for more
# details.
# TODO: Transifex integration
#
# 1) Create message catalog:
# $ python setup.py extract_messages
# $ python setup.py init_catalog -l <lang>
# $ python setup.py compile_catalog
# 2) Ensure project has been created on Transifex under the inveniosoftware
# organisation.
# 3) Install the transifex-client
# $ pip install transifex-client
# 4) Push source (.pot) and translations (.po) to Transifex
# $ tx push -s -t
# 5) Pull translations for a single language from Transifex
# $ tx pull -l <lang>
# 6) Pull translations for all languages from Transifex
# $ tx pull -a
[main]
host = https://www.transifex.com
[invenio.invenio-config-tugraz-messages]
file_filter = invenio_config_tugraz/translations/<lang>/LC_MESSAGES/messages.po
source_file = invenio_config_tugraz/translations/messages.pot
source_lang = en
type = PO

16
invenio_config_tugraz/ext.py
View File

@@ -8,43 +8,45 @@
"""invenio module that adds tugraz configs."""
from flask import Flask
from . import config
from .custom_fields import ip_network, single_ip
class InvenioConfigTugraz(object):
class InvenioConfigTugraz:
"""invenio-config-tugraz extension."""
def __init__(self, app=None):
def __init__(self, app: Flask = None) -> None:
"""Extension initialization."""
if app:
self.init_app(app)
def init_app(self, app):
def init_app(self, app: Flask) -> None:
"""Flask application initialization."""
self.init_config(app)
self.add_custom_fields(app)
app.extensions["invenio-config-tugraz"] = self
def init_config(self, app):
def init_config(self, app: Flask) -> None:
"""Initialize configuration."""
for k in dir(config):
if k.startswith("INVENIO_CONFIG_TUGRAZ_"):
app.config.setdefault(k, getattr(config, k))
def add_custom_fields(self, app):
def add_custom_fields(self, app: Flask) -> None:
"""Add custom fields."""
app.config.setdefault("RDM_CUSTOM_FIELDS", [])
app.config["RDM_CUSTOM_FIELDS"].append(ip_network)
app.config["RDM_CUSTOM_FIELDS"].append(single_ip)
def finalize_app(app):
def finalize_app(app: Flask) -> None:
"""Finalize app."""
rank_blueprint_higher(app)
def rank_blueprint_higher(app):
def rank_blueprint_higher(app: Flask) -> None:
"""Rank this module's blueprint higher than blueprint of security module.
Needed in order to overwrite email templates.

32
invenio_config_tugraz/permissions/policies.py
View File

@@ -115,7 +115,7 @@ class TUGrazRDMRecordPermissionPolicy(RecordPermissionPolicy):
can_read = [IfRestricted("record", then_=can_view, else_=can_all)]
can_read_deleted = [
IfRecordDeleted(then_=[UserManager, SystemProcess()], else_=can_read)
IfRecordDeleted(then_=[UserManager, SystemProcess()], else_=can_read),
]
can_read_deleted_files = can_read_deleted
can_media_read_deleted_files = can_read_deleted_files
@@ -124,7 +124,7 @@ class TUGrazRDMRecordPermissionPolicy(RecordPermissionPolicy):
ResourceAccessToken("read"),
]
can_get_content_files = [
IfFileIsLocal(then_=can_read_files, else_=[SystemProcess()])
IfFileIsLocal(then_=can_read_files, else_=[SystemProcess()]),
]
can_create = can_tugraz_authenticated
@@ -137,10 +137,10 @@ class TUGrazRDMRecordPermissionPolicy(RecordPermissionPolicy):
can_update_draft = can_review
can_draft_create_files = can_review
can_draft_set_content_files = [
IfFileIsLocal(then_=can_review, else_=[SystemProcess()])
IfFileIsLocal(then_=can_review, else_=[SystemProcess()]),
]
can_draft_get_content_files = [
IfFileIsLocal(then_=can_draft_read_files, else_=[SystemProcess()])
IfFileIsLocal(then_=can_draft_read_files, else_=[SystemProcess()]),
]
can_draft_commit_files = [IfFileIsLocal(then_=can_review, else_=[SystemProcess()])]
can_draft_update_files = can_review
@@ -150,14 +150,14 @@ class TUGrazRDMRecordPermissionPolicy(RecordPermissionPolicy):
"RDM_ALLOW_METADATA_ONLY_RECORDS",
then_=[IfNewRecord(then_=can_tugraz_authenticated, else_=can_review)],
else_=[],
)
),
]
can_manage_record_access = [
IfConfig(
"RDM_ALLOW_RESTRICTED_RECORDS",
then_=[IfNewRecord(then_=can_tugraz_authenticated, else_=can_review)],
else_=[],
)
),
]
#
@@ -179,7 +179,7 @@ class TUGrazRDMRecordPermissionPolicy(RecordPermissionPolicy):
"RDM_ALLOW_EXTERNAL_DOI_VERSIONING",
then_=can_curate,
else_=[IfExternalDOIRecord(then_=[Disable()], else_=can_curate)],
)
),
]
can_publish = can_review
can_lift_embargo = can_manage
@@ -198,13 +198,13 @@ class TUGrazRDMRecordPermissionPolicy(RecordPermissionPolicy):
can_draft_media_create_files = can_review
can_draft_media_read_files = can_review
can_draft_media_set_content_files = [
IfFileIsLocal(then_=can_review, else_=[SystemProcess()])
IfFileIsLocal(then_=can_review, else_=[SystemProcess()]),
]
can_draft_media_get_content_files = [
IfFileIsLocal(then_=can_preview, else_=[SystemProcess()])
IfFileIsLocal(then_=can_preview, else_=[SystemProcess()]),
]
can_draft_media_commit_files = [
IfFileIsLocal(then_=can_preview, else_=[SystemProcess()])
IfFileIsLocal(then_=can_preview, else_=[SystemProcess()]),
]
can_draft_media_delete_files = can_review
can_draft_media_update_files = can_review
@@ -217,7 +217,7 @@ class TUGrazRDMRecordPermissionPolicy(RecordPermissionPolicy):
ResourceAccessToken("read"),
]
can_media_get_content_files = [
IfFileIsLocal(then_=can_read, else_=[SystemProcess()])
IfFileIsLocal(then_=can_read, else_=[SystemProcess()]),
]
can_media_create_files = [Disable()]
can_media_set_content_files = [Disable()]
@@ -251,13 +251,3 @@ class TUGrazRDMRecordPermissionPolicy(RecordPermissionPolicy):
# Used to hide at the moment the `parent.is_verified` field. It should be set to
# correct permissions based on which the field will be exposed only to moderators
can_moderate = [Disable()]
# Plans on where to use `RecordIp` generator:
# class TUGRAZPermissionPolicy(BasePermissionPolicy):
# # Read access to API given to everyone.
# can_search = [AnyUser(), RecordIp()]
# # Read access given to everyone if public record/files and owners always.
# can_read = [AnyUserIfPublic(), RecordOwners(), RecordIp()]

16
invenio_config_tugraz/utils.py
View File

@@ -1,6 +1,6 @@
# -*- coding: utf-8 -*-
#
# Copyright (C) 2022 Graz University of Technology.
# Copyright (C) 2022-2024 Graz University of Technology.
#
# invenio-config-tugraz is free software; you can redistribute it and/or
# modify it under the terms of the MIT License; see LICENSE file for more
@@ -8,21 +8,27 @@
"""Utils file."""
import warnings
from flask_principal import Identity
from invenio_access import any_user
from invenio_access.utils import get_identity
from invenio_accounts import current_accounts
def get_identity_from_user_by_email(email: str = None) -> Identity:
def get_identity_from_user_by_email(email: str | None = None) -> Identity:
"""Get the user specified via email or ID."""
warnings.warn("deprecated", DeprecationWarning, stacklevel=2)
if email is None:
raise ValueError("the email has to be set to get a identity")
msg = "the email has to be set to get a identity"
raise ValueError(msg)
user = current_accounts.datastore.get_user(email)
if user is None:
raise LookupError(f"user with {email} not found")
msg = f"user with {email} not found"
raise LookupError(msg)
identity = get_identity(user)
@@ -32,7 +38,7 @@ def get_identity_from_user_by_email(email: str = None) -> Identity:
return identity
def tugraz_account_setup_extension(user, account_info): # noqa: W0613
def tugraz_account_setup_extension(user, account_info) -> None: # noqa: ANN001, ARG001
"""Add tugraz_authenticated role to user after SAML-login was acknowledged.
To use, have `acs_handler_factory` call invenio_saml's `default_account_setup` first,

19
invenio_config_tugraz/views.py
View File

@@ -1,6 +1,6 @@
# -*- coding: utf-8 -*-
#
# Copyright (C) 2020-2022 Graz University of Technology.
# Copyright (C) 2020-2024 Graz University of Technology.
#
# invenio-config-tugraz is free software; you can redistribute it and/or
# modify it under the terms of the MIT License; see LICENSE file for more
@@ -8,11 +8,12 @@
"""invenio module for TUGRAZ config."""
from flask import Blueprint, redirect, url_for
from flask import Blueprint, Flask, redirect, url_for
from invenio_i18n import get_locale
from werkzeug.wrappers import Response as BaseResponse
def ui_blueprint(app):
def ui_blueprint(app: Flask) -> Blueprint:
"""Blueprint for the routes and resources provided by invenio-config-tugraz."""
routes = app.config.get("CONFIG_TUGRAZ_ROUTES")
@@ -30,7 +31,7 @@ def ui_blueprint(app):
return blueprint
def guide():
def guide() -> BaseResponse:
"""TUGraz_Repository_Guide."""
locale = get_locale()
return redirect(
@@ -38,11 +39,11 @@ def guide():
"static",
filename=f"documents/TUGraz_Repository_Guide_02.1_{locale}.pdf",
_external=True,
)
),
)
def terms():
def terms() -> BaseResponse:
"""Terms_And_Conditions."""
locale = get_locale()
return redirect(
@@ -50,11 +51,11 @@ def terms():
"static",
filename=f"documents/TUGraz_Repository_Terms_And_Conditions_{locale}.pdf",
_external=True,
)
),
)
def gdpr():
def gdpr() -> BaseResponse:
"""General_Data_Protection_Rights."""
locale = get_locale()
return redirect(
@@ -62,5 +63,5 @@ def gdpr():
"static",
filename=f"documents/TUGraz_Repository_General_Data_Protection_Rights_{locale}.pdf",
_external=True,
)
),
)

19
pyproject.toml
View File

@@ -1,3 +1,22 @@
[build-system]
requires = ["setuptools", "wheel", "babel>2.8"]
build-backend = "setuptools.build_meta"
[tool.ruff]
exclude = ["docs"]
[tool.ruff.lint]
select = ["ALL"]
ignore = [
"ANN101", "ANN102",
"D203", "D211", "D212", "D213",
"E501",
"ERA001",
"FA102",
"FIX002",
"INP001",
"RUF005", "RUF012",
"S101",
"TD002", "TD003",
"UP009",
]

13
requirements-devel.txt
View File

@@ -1,13 +0,0 @@
# -*- coding: utf-8 -*-
#
# Copyright (C) 2020 Mojib Wali.
#
# invenio-config-tugraz is free software; you can redistribute it and/or
# modify it under the terms of the MIT License; see LICENSE file for more
# details.
#
# TODO: Add development versions of some important dependencies here to get a
# warning when there are breaking upstream changes, e.g.:
#
# -e git+git://github.com/mitsuhiko/werkzeug.git#egg=Werkzeug
# -e git+git://github.com/mitsuhiko/jinja2.git#egg=Jinja2

13
run-tests.sh
View File

@@ -3,7 +3,7 @@
#
# Copyright (C) 2019-2020 CERN.
# Copyright (C) 2019-2020 Northwestern University.
# Copyright (C) 2020 Graz University of Technology.
# Copyright (C) 2020-2024 Graz University of Technology.
#
# invenio-config-tugraz is free software; you can redistribute it and/or
# modify it under the terms of the MIT License; see LICENSE file for more
@@ -16,17 +16,8 @@ set -o errexit
# Quit on unbound symbols
set -o nounset
# Always bring down docker services
function cleanup() {
eval "$(docker-services-cli down --env)"
}
trap cleanup EXIT
ruff check .
python -m check_manifest
python -m sphinx.cmd.build -qnN docs docs/_build/html
eval "$(docker-services-cli up --search ${SEARCH:-elasticsearch} --env)"
python -m pytest
tests_exit_code=$?
python -m sphinx.cmd.build -qnN -b doctest docs docs/_build/doctest
exit "$tests_exit_code"

19
setup.cfg
View File

@@ -25,21 +25,17 @@ classifiers =
Programming Language :: Python
Topic :: Internet :: WWW/HTTP :: Dynamic Content
Topic :: Software Development :: Libraries :: Python Modules
Programming Language :: Python :: 3.9
Programming Language :: Python :: 3.10
Programming Language :: Python :: 3.11
Programming Language :: Python :: 3.12
Development Status :: 3 - Alpha
[options]
include_package_data = True
packages = find:
python_requires = >=3.9
python_requires = >=3.12
zip_safe = False
install_requires =
# keep this dependencies identical to invenio-app-rdm
invenio-cache>=1.1.1,<2.0.0
invenio-i18n>=2.0.0,<3.0.0
invenio-cache>=1.1.1
invenio-i18n>=2.0.0
invenio-rdm-records>=4.0.0
[options.extras_require]
@@ -48,6 +44,7 @@ tests =
invenio-search[opensearch2]>=2.1.0,<3.0.0
pytest-black-ng>=0.4.0
pytest-invenio>=2.1.0,<3.0.0
ruff>=0.5.3
Sphinx>=4.5.0
[options.entry_points]
@@ -73,9 +70,6 @@ all_files = 1
[bdist_wheel]
universal = 1
[pydocstyle]
add_ignore = D401
[compile_catalog]
directory = invenio_config_tugraz/translations/
@@ -98,10 +92,9 @@ output-dir = invenio_config_tugraz/translations/
profile=black
[check-manifest]
ignore =
*-requirements.txt
ignore = *-requirements.txt
[tool:pytest]
addopts = --black --isort --pydocstyle --doctest-glob="*.rst" --doctest-modules --cov=invenio_config_tugraz --cov-report=term-missing tests invenio_config_tugraz
addopts = --black --cov=invenio_config_tugraz --cov-report=term-missing
testpaths = tests invenio_config_tugraz
live_server_scope = module

144
tests/conftest.py
View File

@@ -1,6 +1,7 @@
# -*- coding: utf-8 -*-
#
# Copyright (C) 2020 Mojib Wali.
# Copyright (C) 2020-2024 Graz University of Technology.
#
# invenio-config-tugraz is free software; you can redistribute it and/or
# modify it under the terms of the MIT License; see LICENSE file for more
@@ -12,152 +13,21 @@ See https://pytest-invenio.readthedocs.io/ for documentation on which test
fixtures are available.
"""
import os
import shutil
import tempfile
import pytest
from flask import Flask
from invenio_db import InvenioDB, db
from invenio_i18n import InvenioI18N
from sqlalchemy_utils.functions import create_database, database_exists, drop_database
from invenio_config_tugraz import InvenioConfigTugraz
@pytest.fixture(scope="module")
def celery_config():
"""Override pytest-invenio fixture.
def create_app(instance_path: str) -> Flask:
"""Application factory fixture."""
TODO: Remove this fixture if you add Celery support.
"""
return {}
@pytest.fixture()
def create_app(request):
"""Basic Flask application."""
instance_path = tempfile.mkdtemp()
app = Flask("testapp")
DB = os.getenv("SQLALCHEMY_DATABASE_URI", "sqlite://")
app.config.update(
INVENIO_CONFIG_TUGRAZ_SINGLE_IP=["127.0.0.1", "127.0.0.2"],
INVENIO_CONFIG_TUGRAZ_IP_RANGES=[
["127.0.0.2", "127.0.0.99"],
["127.0.1.3", "127.0.1.5"],
],
SQLALCHEMY_DATABASE_URI=DB,
SQLALCHEMY_TRACK_MODIFICATIONS=False,
)
InvenioI18N(app)
def factory(**config: str) -> Flask:
app = Flask("testapp", instance_path=instance_path)
app.config.update(**config)
InvenioConfigTugraz(app)
InvenioDB(app)
with app.app_context():
db_url = str(db.engine.url)
if db_url != "sqlite://" and not database_exists(db_url):
create_database(db_url)
db.create_all()
def teardown():
with app.app_context():
db_url = str(db.engine.url)
db.session.close()
if db_url != "sqlite://":
drop_database(db_url)
shutil.rmtree(instance_path)
request.addfinalizer(teardown)
app.test_request_context().push()
return app
@pytest.fixture(scope="function")
def open_record():
"""Open record data as dict coming from the external world."""
return {
"access": {
"metadata": False,
"files": False,
"owned_by": [1],
"access_right": "open",
},
"metadata": {
"publication_date": "2020-06-01",
"resource_type": {"type": "image", "subtype": "image-photo"},
# Technically not required
"creators": [
{"name": "Troy Brown", "type": "personal"},
{
"name": "Phillip Lester",
"type": "personal",
"identifiers": {"orcid": "0000-0002-1825-0097"},
"affiliations": [
{"name": "Carter-Morris", "identifiers": {"ror": "03yrm5c26"}}
],
},
{
"name": "Steven Williamson",
"type": "personal",
"identifiers": {"orcid": "0000-0002-1825-0097"},
"affiliations": [
{
"name": "Ritter and Sons",
"identifiers": {"ror": "03yrm5c26"},
},
{
"name": "Montgomery, Bush and Madden",
"identifiers": {"ror": "03yrm5c26"},
},
],
},
],
"title": "A Romans story",
},
}
@pytest.fixture(scope="function")
def singleip_record():
"""Single Ip record data as dict coming from the external world."""
return {
"access": {
"metadata": False,
"files": False,
"owned_by": [1],
"access_right": "singleip",
},
"metadata": {
"publication_date": "2020-06-01",
"resource_type": {"type": "image", "subtype": "image-photo"},
# Technically not required
"creators": [
{"name": "Troy Brown", "type": "personal"},
{
"name": "Phillip Lester",
"type": "personal",
"identifiers": {"orcid": "0000-0002-1825-0097"},
"affiliations": [
{"name": "Carter-Morris", "identifiers": {"ror": "03yrm5c26"}}
],
},
{
"name": "Steven Williamson",
"type": "personal",
"identifiers": {"orcid": "0000-0002-1825-0097"},
"affiliations": [
{
"name": "Ritter and Sons",
"identifiers": {"ror": "03yrm5c26"},
},
{
"name": "Montgomery, Bush and Madden",
"identifiers": {"ror": "03yrm5c26"},
},
],
},
],
"title": "A Romans story",
},
}
return factory

31
tests/test_generators.py
View File

@@ -1,31 +0,0 @@
# -*- coding: utf-8 -*-
#
# Copyright (C) 2020-2022 Graz University of Technology.
#
# invenio-config-tugraz is free software; you can redistribute it and/or
# modify it under the terms of the MIT License; see LICENSE file for more
# details.
"""Test Generators."""
from invenio_access.permissions import any_user
from invenio_config_tugraz.permissions.generators import RecordIp
def test_recordip(create_app, open_record, singleip_record):
"""Test Generator RecordIp."""
generator = RecordIp()
open_record = open_record
singleiprec = singleip_record
assert generator.needs(record=None) == []
assert generator.needs(record=open_record) == [any_user]
assert generator.needs(record=singleiprec) == []
assert generator.excludes(record=open_record) == []
assert generator.excludes(record=open_record) == []
assert generator.query_filter().to_dict() == {
"bool": {"must_not": [{"match": {"access.access_right": "singleip"}}]}
}

6
tests/test_invenio_config_tugraz.py
View File

@@ -1,6 +1,6 @@
# -*- coding: utf-8 -*-
#
# Copyright (C) 2020-2022 Graz University of Technology.
# Copyright (C) 2020-2024 Graz University of Technology.
#
# invenio-config-tugraz is free software; you can redistribute it and/or
# modify it under the terms of the MIT License; see LICENSE file for more
@@ -13,14 +13,14 @@ from flask import Flask
from invenio_config_tugraz import InvenioConfigTugraz
def test_version():
def test_version() -> None:
"""Test version import."""
from invenio_config_tugraz import __version__
assert __version__
def test_init():
def test_init() -> None:
"""Test extension initialization."""
app = Flask("testapp")
ext = InvenioConfigTugraz(app)

49
tests/test_policies.py
View File

@@ -23,7 +23,7 @@ ALLOWED_DIFFERENCES = {
}
def test_policies_synced():
def test_policies_synced() -> None:
"""Make sure our permission-policy stays synced with invenio's."""
tugraz_cans = {
name: getattr(TUGrazRDMRecordPermissionPolicy, name)
@@ -38,17 +38,20 @@ def test_policies_synced():
# check whether same set of `can_<action>`s`
if extras := set(tugraz_cans) - set(rdm_cans) - ALLOWED_DIFFERENCES:
raise KeyError(
f"TU Graz's permission-policy has additional fields over invenio-rdm's:{extras}\n"
"if this is intentional, add to ALLOWED_DIFFERENCES in test-file\n"
"otherwise remove extraneous fields from TUGrazRDMRecordPermissionPolicy"
)
msg = f"""
TU Graz's permission-policy has additional fields over invenio-rdm's:{extras}
if this is intentional, add to ALLOWED_DIFFERENCES in test-file
otherwise remove extraneous fields from TUGrazRDMRecordPermissionPolicy
"""
raise KeyError(msg)
if missing := set(rdm_cans) - set(tugraz_cans):
raise KeyError(
f"invenio-rdm's permission-policy has fields unhandled by TU Graz's: {missing}\n"
"if this is intentional, add to ALLOWED_DIFFERENCES\n"
"otherwise set the corresponding fields in TUGrazRDMRecordPermissionPolicy"
)
msg = f"""
invenio-rdm's permission-policy has fields unhandled by TU Graz's: {missing}
if this is intentional, add to ALLOWED_DIFFERENCES
otherwise set the corresponding fields in TUGrazRDMRecordPermissionPolicy
"""
raise KeyError(msg)
# check whether same permission-generators used for same `can_<action>`
for can_name in rdm_cans.keys() & tugraz_cans.keys():
@@ -61,21 +64,25 @@ def test_policies_synced():
# permission-Generators don't implement equality checks for their instances
# we can however compare which types (classes) of Generators are used...
if {type(gen) for gen in tugraz_can} != {type(gen) for gen in rdm_can}:
raise ValueError(
f"permission-policy for `{can_name}` differs between TU-Graz and invenio-rdm\n"
"if this is intentional, add to ALLOWED_DIFFERENCES in test-file\n"
"otherwise fix TUGrazRDMRecordPermissionPolicy"
)
msg = f"""
permission-policy for `{can_name}` differs between TU-Graz and invenio-rdm
if this is intentional, add to ALLOWED_DIFFERENCES in test-file
otherwise fix TUGrazRDMRecordPermissionPolicy
"""
raise ValueError(msg)
# check whether same `NEED_LABEL_TO_ACTION`
tugraz_label_to_action = TUGrazRDMRecordPermissionPolicy.NEED_LABEL_TO_ACTION
rdm_label_to_action = RDMRecordPermissionPolicy.NEED_LABEL_TO_ACTION
for label in tugraz_label_to_action.keys() & rdm_label_to_action.keys():
if label in ALLOWED_DIFFERENCES:
continue
if tugraz_label_to_action.get(label) != rdm_label_to_action.get(label):
raise ValueError(
f"invenio-rdm's NEED_LABEL_TO_ACTION differs from TU Graz's in {label}\n"
"if this is intentional, add to ALLOWED_DIFFERENCES in test-file\n"
"otherwise fix TUGrazRDMRecordPermissionPolicy.NEED_LABEL_TO_ACTION"
)
msg = f"""
invenio-rdm's NEED_LABEL_TO_ACTION differs from TU Graz's in {label}
if this is intentional, add to ALLOWED_DIFFERENCES in test-file
otherwise fix TUGrazRDMRecordPermissionPolicy.NEED_LABEL_TO_ACTION
"""
raise ValueError(msg)