Cian-H/invenio-config-iform
1
0
Fork 0
mirror of https://github.com/Cian-H/invenio-config-iform.git synced 2025-12-23 05:21:57 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: Cian-H:v0.2.1
Branches Tags
Cian-H:master
Cian-H:2025.5.20.21 Cian-H:2025.5.20.20 Cian-H:2025.5.20.19 Cian-H:2025.5.20.18 Cian-H:2025.5.20.17 Cian-H:2025.5.20.16 Cian-H:2025.5.20.15 Cian-H:2025.5.20.14 Cian-H:2025.5.20.13 Cian-H:2025.5.20.12 Cian-H:2025.5.20.11 Cian-H:2025.5.20.10 Cian-H:2025.5.20.9 Cian-H:2025.5.20.8 Cian-H:2025.5.20.7 Cian-H:2025.5.20.6 Cian-H:2025.5.20.5 Cian-H:2025.5.20.4 Cian-H:2025.5.20.3 Cian-H:2025.5.20.2 Cian-H:v0.12.5 Cian-H:v0.12.3 Cian-H:v0.12.2 Cian-H:v0.12.1 Cian-H:v0.12.0 Cian-H:v0.11.0 Cian-H:v0.10.4 Cian-H:v0.10.3 Cian-H:v0.10.2 Cian-H:v0.10.1 Cian-H:v0.10.0 Cian-H:v0.9.1 Cian-H:v0.9.0 Cian-H:v0.8.4 Cian-H:v0.8.3 Cian-H:v0.8.2 Cian-H:v0.8.1 Cian-H:v0.8.0 Cian-H:v0.7.1 Cian-H:v0.7.0 Cian-H:v0.6.2 Cian-H:v0.6.1 Cian-H:v0.6.0 Cian-H:v0.5.9 Cian-H:v0.5.8 Cian-H:v0.5.7 Cian-H:v0.5.6 Cian-H:v0.5.5 Cian-H:v0.5.4 Cian-H:v0.5.3 Cian-H:v0.5.2 Cian-H:v0.5.1 Cian-H:v0.5.0 Cian-H:v0.4.2 Cian-H:v0.4.1 Cian-H:v0.4.0 Cian-H:v0.3.0 Cian-H:v0.2.2 Cian-H:v0.2.1 Cian-H:v0.2.0 Cian-H:0.1.5 Cian-H:0.1.4 Cian-H:0.1.3 Cian-H:0.1.2 Cian-H:0.1.1
...
compare: Cian-H:v0.12.3
Branches Tags
Cian-H:master
Cian-H:2025.5.20.21 Cian-H:2025.5.20.20 Cian-H:2025.5.20.19 Cian-H:2025.5.20.18 Cian-H:2025.5.20.17 Cian-H:2025.5.20.16 Cian-H:2025.5.20.15 Cian-H:2025.5.20.14 Cian-H:2025.5.20.13 Cian-H:2025.5.20.12 Cian-H:2025.5.20.11 Cian-H:2025.5.20.10 Cian-H:2025.5.20.9 Cian-H:2025.5.20.8 Cian-H:2025.5.20.7 Cian-H:2025.5.20.6 Cian-H:2025.5.20.5 Cian-H:2025.5.20.4 Cian-H:2025.5.20.3 Cian-H:2025.5.20.2 Cian-H:v0.12.5 Cian-H:v0.12.3 Cian-H:v0.12.2 Cian-H:v0.12.1 Cian-H:v0.12.0 Cian-H:v0.11.0 Cian-H:v0.10.4 Cian-H:v0.10.3 Cian-H:v0.10.2 Cian-H:v0.10.1 Cian-H:v0.10.0 Cian-H:v0.9.1 Cian-H:v0.9.0 Cian-H:v0.8.4 Cian-H:v0.8.3 Cian-H:v0.8.2 Cian-H:v0.8.1 Cian-H:v0.8.0 Cian-H:v0.7.1 Cian-H:v0.7.0 Cian-H:v0.6.2 Cian-H:v0.6.1 Cian-H:v0.6.0 Cian-H:v0.5.9 Cian-H:v0.5.8 Cian-H:v0.5.7 Cian-H:v0.5.6 Cian-H:v0.5.5 Cian-H:v0.5.4 Cian-H:v0.5.3 Cian-H:v0.5.2 Cian-H:v0.5.1 Cian-H:v0.5.0 Cian-H:v0.4.2 Cian-H:v0.4.1 Cian-H:v0.4.0 Cian-H:v0.3.0 Cian-H:v0.2.2 Cian-H:v0.2.1 Cian-H:v0.2.0 Cian-H:0.1.5 Cian-H:0.1.4 Cian-H:0.1.3 Cian-H:0.1.2 Cian-H:0.1.1

107 Commits
v0.2.1 ... v0.12.3

Author SHA1 Message Date
Christoph Ladurner
5e4fcca0ed release v0.12.3 2024-07-25 23:04:28 +02:00
Christoph Ladurner
c934a4952b fix(tugraz_authenticated): missmatch of role name 2024-07-25 23:04:01 +02:00
Christoph Ladurner
c91d056a56 release v0.12.2 2024-07-19 09:27:39 +02:00
Christoph Ladurner
583a67d0cf setup: introduce ruff 
* remove unused .tx. the translation is done without transifex

* remove unused files

* remove unused checks because ruff took over
 2024-07-19 09:25:08 +02:00
Christoph Ladurner
760363b4a5 perm: implement single-ip and ip-network 
* with that addition it is possible to restrict records to an special ip
  or an ip network
 2024-07-19 09:25:08 +02:00
Martin Obersteiner
52fb93cc43 utils: add invenio_saml-compatible account-setup 2024-07-08 10:03:01 +02:00
Martin Obersteiner
41db3186df add new permission-policy, add new role 2024-06-25 14:35:08 +02:00
Martin Obersteiner
20bdff0b79 fix deprecated before_app_first_request 2024-06-11 13:27:08 +02:00
Christoph Ladurner
99705d7a25 setup: add support for python3.11 and 3.12 
* pytest-black -> pytest-black-ng, former unsupported

* add invenio-app to test install requires
 2024-04-02 14:06:44 +02:00
Christoph Ladurner
d4df756ebf release v0.12.1 2024-03-08 12:57:11 +01:00
Christoph Ladurner
a10dccba22 setup: remove upper limit of rdm-records 2024-03-08 12:56:37 +01:00
Christoph Ladurner
8b84077e83 release v0.12.0 2023-11-10 09:01:40 +01:00
Christoph Ladurner
08d745d367 setup: remove python3.8 support 2023-11-10 09:01:16 +01:00
Christoph Ladurner
bf62abff3f global: make it compatible with v12 2023-11-10 09:01:16 +01:00
Christoph Ladurner
40a47ed36d release v0.11.0 2023-04-20 22:23:20 +02:00
mojib
129b331603 global: make package compatible with v11 2023-04-20 22:22:23 +02:00
Christoph Ladurner
328abd1306 release v0.10.4 2023-02-10 10:41:27 +01:00
Christoph Ladurner
7ce124cdb9 setup: invenio-search is not optional 2023-02-10 10:36:44 +01:00
Christoph Ladurner
75d78cf09a setup: change to reusable github workflows 
* move check_manifest configuration to setup.cfg

* remove upper constraint for pytest-black
 2023-02-10 10:36:44 +01:00
Christoph Ladurner
2e5fbcb4f9 setup: remove 3.7 and add 3.10 support 2023-02-10 10:36:44 +01:00
Christoph Ladurner
4c4279965a guide: update 2023-02-10 10:36:44 +01:00
Christoph Ladurner
0ee0df4ee1 release v0.10.2 2023-02-02 09:03:42 +01:00
mojib
8df08c09bf change version name 2023-02-01 15:36:57 +01:00
mojib
3a508ac3f0 footer: update guid 2023-02-01 15:36:57 +01:00
Christoph Ladurner
087cafa3ae release v0.10.1 2022-11-17 10:00:20 +01:00
Christoph Ladurner
14e9e0557a global: add function 
* this function was moved from invenio-alma
 2022-11-17 09:55:56 +01:00
Mojib Wali
8669f5dcda release: v0.10.0 2022-10-13 11:23:15 +02:00
Mojib Wali
62256b346f global: migrate to v10 2022-10-13 11:12:14 +02:00
Mojib Wali
4a8b02ec4a release: v0.9.1 2022-05-30 14:18:33 +02:00
Mojib Wali
8a592e3fdf ci(publish): ping babel version (#99) 2022-05-30 14:11:36 +02:00
Mojib Wali
42d5e2db05 release: v0.9.0 2022-05-30 13:38:10 +02:00
Mojib Wali
3db870784b config: adds accounts config var 2022-05-30 13:28:34 +02:00
Mojib Wali
73bc8b4575 dep: compatible to v9 rdm 
black: formated
 2022-05-25 18:49:16 +02:00
David
7fd5a7df3f config: add deposit form quota variable (#91) 2022-05-25 18:39:32 +02:00
Christoph Ladurner
79fe24511a bump invenio-rdm-records version 2022-05-25 12:46:45 +02:00
Christoph Ladurner
5b7a1718fc migrate setup py to cfg (#94) 
* global: migrate setup.py to setup.cfg

* global: clean up copyright notices and tests

* migrate to use black as opinionated auto formater

* add .git-blame-ignore-revs
 2022-05-12 08:58:50 +02:00
David
9192107e99 fix: update email welcome template with SITE_UI_URL (#93) 2022-04-20 08:31:42 +02:00
Mojib Wali
c43c36ece3 v0.8.4 2022-03-11 10:47:10 +01:00
Mojib Wali
3acbaf65ef revert: use gettext 2022-03-11 10:40:58 +01:00
Mojib Wali
408bdc47b1 v0.8.3 2022-03-10 10:25:35 +01:00
Mojib Wali
6c6138b682 config: fix comment & import 2022-03-10 09:31:15 +01:00
Mojib Wali
cc2c462057 README: update links 2022-03-03 10:17:52 +01:00
Mojib Wali
3f2cf9f800 v0.8.2 2022-03-03 10:12:43 +01:00
Mojib Wali
db0c7a4e21 config: introduced in v8 of invenioRDM 2022-03-03 10:03:20 +01:00
Mojib Wali
91464bbd7c v0.8.1 2022-02-28 15:05:59 +01:00
Mojib Wali
d7fe2926c7 gloabl: changes to pre-v8 
* config: set samesite cookie to strict
* dep: bump in base
 2022-02-28 14:55:20 +01:00
Mojib Wali
d5fcf60cf7 v0.8.0 2022-02-09 16:29:35 +01:00
David Eckhard
772b21c93a config: add OAISERVER_ADMIN_EMAIL 2021-12-16 11:54:46 +01:00
mb-wali
c39221378f v0.7.1 2021-12-07 09:54:26 +01:00
mb-wali
a42f86fcdf configs: adds new & changed configs for v7 2021-12-06 14:44:05 +01:00
mb-wali
0dd0db04e2 v0.7.0 2021-12-06 09:45:11 +01:00
David Eckhard
b02ce8a755 fix: update blueprint reorder 2021-11-08 10:21:28 +01:00
Mojib
41dcb8f437 docs: adjust sphinx to flask 2 
* Add werkzeug to intersphinx for additional type hints
* Describe type hints in bullet points rather than function signatures
* Remove 'warnings as errors' flag from documentation building, as some type hints aren't resolved properly and result in a warning
 2021-11-04 10:55:33 +01:00
Mojib
35854691bd config: adds oai prefix 2021-11-04 10:55:33 +01:00
Mojib
f2e18b95c3 dep: upgrade rdm-records version 
migrated allowed host to gitlab
 2021-11-04 10:55:33 +01:00
Mojib Wali
16c10593d6 v0.6.2 2021-08-05 08:22:37 +02:00
mb-wali
dbd870d106 doi: remove doi 'datacite' suffix 2021-08-04 16:21:04 +02:00
mb-wali
f02e992acd dep: global dep bump 
config: adds i18n vars & extracted from gitlab configs
config: form defaults and tighter CSP
 2021-08-04 16:21:04 +02:00
Mojib Wali
a7abb0bc5e v0.6.1 2021-06-04 11:46:57 +02:00
mb-wali
7ca398efdd global: adds routes for tug 
This: migrated from invenio-theme-tugraz
 2021-06-04 11:46:08 +02:00
Mojib Wali
b33c7e09c3 v0.6.0 2021-05-31 13:12:06 +02:00
mb-wali
0c775851d8 refactor: removes search guide 
due: added to core module. This closes #64
 2021-05-31 13:09:30 +02:00
mb-wali
89f6aee814 migrate: invenioRDM v4 
deb: bump in app-rdm
 2021-05-31 13:09:30 +02:00
Mojib Wali
44e5857143 v0.5.9 2021-05-07 12:01:04 +02:00
mb-wali
460de9fc35 feature: adds searchguide german 2021-05-07 11:02:25 +02:00
Mojib Wali
b1d7a6558e v0.5.8 2021-04-30 13:32:46 +02:00
mb-wali
890fded625 dep: installing invenio-app-rdm 2021-04-30 13:32:23 +02:00
Mojib Wali
1304563a3e v0.5.7 2021-04-28 09:01:04 +02:00
mb-wali
a08201041a bugfix: search guide url 2021-04-28 08:54:48 +02:00
Mojib Wali
548896be11 v0.5.6 2021-04-27 15:53:59 +02:00
Mojib Wali
a10433aba3 email: welcome email template 2021-04-27 15:48:05 +02:00
Mojib Wali
f0fbabbaa8 v0.5.5 2021-04-22 09:46:08 +02:00
Mojib Wali
5e2a58c764 i18n: adds translation 
* babel: adds a wildcard to extract txt files.
* refactor txt file
 2021-04-22 09:45:42 +02:00
Mojib Wali
9af1beff88 v0.5.4 2021-04-21 16:11:09 +02:00
rekt-hard
80575cbced feature: override email welcome template 
* overrides flask-security welcome template
 2021-04-21 16:10:30 +02:00
Unix
60b85e6ad5 global: repo cleanup 2021-03-31 14:22:32 +02:00
Mojib Wali
10f68379b5 v0.5.3 2021-03-29 10:06:21 +02:00
Mojib Wali
49766790d7 config: refactor email subject. 2021-03-24 09:42:41 +01:00
Mojib Wali
977d5588f4 refactor: changed the link to point correct repo. 2021-03-18 13:55:35 +01:00
Mojib Wali
ded93fabeb v0.5.2 2021-03-18 10:26:00 +01:00
Mojib Wali
c2ee5fa4b7 configs(db): adds SQLALCHEMY configs 
* configs(db): adds SQLALCHEMY configs
configs: adds fixture user
 2021-03-18 10:24:55 +01:00
Unix
cf3ffa1543 config: adds default rdm depsit fields empty 
refactor: removes saml configs
 2021-03-18 09:53:59 +01:00
Mojib Wali
927fb44f95 v0.5.1 2021-03-10 20:24:42 +01:00
Mojib Wali
d7c91765b4 config: shibboleth default not configured 2021-03-10 20:24:13 +01:00
Mojib Wali
dba1cd5d62 v0.5.0 2021-03-09 09:34:59 +01:00
rekt-hard
49b5477ebc fix: extend csp to allow datacite and zammad (#48) 2021-03-09 09:04:24 +01:00
Mojib Wali
92cfad940f v0.4.2 2021-03-02 15:25:02 +01:00
Mojib Wali
93ad527061 config: disable registration 
* vocab: remove override vocab
* global: disable user registration
 2021-03-02 15:24:18 +01:00
Mojib Wali
9d2ad34601 v0.4.1 2021-01-18 10:54:09 +01:00
Mojib Wali
1eb836aec8 permission: restriction to only open access 2021-01-18 10:28:34 +01:00
Mojib Wali
42e7a332d0 v0.4.0 2021-01-05 13:27:16 +01:00
Mojib Wali
5dd1bf0602 refactor(config): #41 
* adding domain name for the production
* disable RDM records permission override
 2021-01-05 13:24:56 +01:00
Mojib Wali
956a9eea76 feature(permission): AuthenticatedUser Generator #39 2021-01-05 13:23:11 +01:00
mb
4310ca8755 feature: adding domain to allowed host 
refactor: disabled RDM permission override

This closes #40
 2021-01-05 11:03:46 +01:00
Mojib Wali
ce97c5378c feature(permissions): RecordIp generator #36 2021-01-05 09:44:27 +01:00
Mojib Wali
e2b1c59c5d feature(permission): split the base from rdm permissions 
* updated rdm permission policy
* ci: updating test commands to new 1.4.41
 2020-12-21 14:54:05 +01:00
Mojib Wali
cb7f00d76c v0.3.0 2020-12-04 10:35:38 +01:00
Mojib Wali
be22817a91 ci(repo): migrate to github actions. #34 
tests(repo): modified to github actions.
 2020-12-04 10:30:34 +01:00
Mojib Wali
1ca39d2f8d refactor(user):userprofile #31 
* disable userprofile extended form.
  User is no longer obliged to provide username and name when registering.
  This mean that the user can change/add name and username from profile section.
* disable changing email address.
  User no longer can change the email address from profile section.
 2020-11-10 12:19:55 +01:00
mb
7069bbe481 refactor(user):disable changing email address 
* disable userprofile extended form.
 2020-11-09 12:23:12 +01:00
Mojib Wali
396f44fbd8 url/badge update 
Repository transfer from 'https://github.com/mb-wali' to 'https://github.com/tu-graz-library'.
 2020-10-28 13:55:09 +01:00
Unix
8f2670235b badges/url updated 
after transfering the module the path/url was invalid.
 2020-10-28 13:46:34 +01:00
Mojib Wali
d70c690ab3 v0.2.2 2020-10-19 14:39:41 +02:00
Mojib Wali
6803ce9614 bump dependencies 
* bump dependency : invenio-rdm-records
* SQLAlchemy-Utils for SQL queries
* invenio-search with elasticsearch 7
* SQLAlchemy-Continuum for a versioning extension for SQLAlchemy
 2020-10-19 14:28:53 +02:00
Mojib Wali
4d89290b58 bump dependency : invenio-rdm-records 
This change is required for the latest invenioRDM - sep release.
 2020-10-19 14:10:07 +02:00
Christoph Ladurner
2ccd24cfca all python files are now formated with black (#23) 
* all python files are now formated with black

NOTE:
some configurations where necessary. flake8 line-length has to be set to 88
which is the default for black. but this was not enough some lines of black
where formated longer then 88 characters. found flake8-bugbear with B950.

with that and in combination with ignore=E501 it is possible to ignore long
lines, but if there are lines to long it will still point it out.

further also for isort some configuration was necessary

REFERENCES:
https://github.com/psf/black/blob/master/docs/compatible_configs.md#isort
https://github.com/psf/black/blob/master/docs/compatible_configs.md#flake8
https://github.com/PyCQA/flake8-bugbear#opinionated-warnings

* ext removed unnecessary commented import statement

* generators add pragma: no cover to increase code coverage

NOTE:
this should be corrected with a real test in one of the next commits

* fixed the syntax.

Co-authored-by: Mojib Wali <44528277+mb-wali@users.noreply.github.com>
 2020-10-15 10:36:58 +02:00
Mojib Wali
0a37a8015e global: extension class to uppercase. 
The extension class name is changed to uppercase.
 2020-10-12 10:03:55 +02:00
58 changed files with 1558 additions and 915 deletions
Expand all files Collapse all files

13
.editorconfig
View File

@@ -15,15 +15,6 @@ insert_final_newline = true
trim_trailing_whitespace = true
charset = utf-8
# Python files
[*.py]
indent_size = 4
# isort plugin configuration
known_first_party = invenio_config_tugraz
multi_line_output = 2
default_section = THIRDPARTY
skip = .eggs
# RST files (used by sphinx)
[*.rst]
indent_size = 4
@@ -32,8 +23,8 @@ indent_size = 4
[*.{css,html,js,json,yml}]
indent_size = 2
# Matches the exact files either package.json or .travis.yml
[{package.json,.travis.yml}]
# Matches the exact files either package.json or .github/workflows/*.yml
[{package.json,.github/workflows/*.yml}]
indent_size = 2
# Dockerfile

1
.git-blame-ignore-revs Normal file
View File

@@ -0,0 +1 @@
766b2cafae4dc74393b103389e6978eca5a9cfd2

21
.github/workflows/pypi-publish.yml vendored
View File

@@ -5,22 +5,5 @@ on:
jobs:
build-n-publish:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Set up Python 3.7
uses: actions/setup-python@v2
with:
python-version: 3.7
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install setuptools wheel
- name: Build package
run: |
python setup.py compile_catalog sdist bdist_wheel
- name: pypi-publish
uses: pypa/gh-action-pypi-publish@v1.3.1
with:
user: __token__
password: ${{ secrets.pypi_password }}
uses: tu-graz-library/.github/.github/workflows/pypi-publish.yml@main
secrets: inherit

20
.github/workflows/tests.yml vendored Normal file
View File

@@ -0,0 +1,20 @@
name: CI
on:
push:
branches: master
pull_request:
branches: master
schedule:
# * is a special character in YAML so you have to quote this string
- cron: '0 3 * * 6'
workflow_dispatch:
inputs:
reason:
description: 'Reason'
required: false
default: 'Manual trigger'
jobs:
tests:
uses: tu-graz-library/.github/.github/workflows/tests.yml@main

53
.travis.yml
View File

@@ -1,53 +0,0 @@
# -*- coding: utf-8 -*-
#
# Copyright (C) 2020 Mojib Wali.
#
# invenio-config-tugraz is free software; you can redistribute it and/or
# modify it under the terms of the MIT License; see LICENSE file for more
# details.
branches:
except:
- /^v\d+\.\d+(\.\d+)?(\S*)?$/
notifications:
email: false
sudo: false
language: python
matrix:
fast_finish: true
allow_failures:
# To allow failures, you need to specify the full environment
- env: REQUIREMENTS=devel
cache:
- pip
env:
- REQUIREMENTS=lowest
- REQUIREMENTS=release DEPLOY=true
- REQUIREMENTS=devel
python:
- "3.6"
- "3.7"
before_install:
- "nvm install 6; nvm use 6"
- "travis_retry pip install --upgrade pip setuptools py"
- "travis_retry pip install twine wheel coveralls requirements-builder"
- "requirements-builder -e all --level=min setup.py > .travis-lowest-requirements.txt"
- "requirements-builder -e all --level=pypi setup.py > .travis-release-requirements.txt"
- "requirements-builder -e all --level=dev --req requirements-devel.txt setup.py > .travis-devel-requirements.txt"
install:
- "travis_retry pip install -r .travis-${REQUIREMENTS}-requirements.txt"
- "travis_retry pip install -e .[all]"
script:
- "./run-tests.sh"
after_success:
- coveralls

33
.tx/config
View File

@@ -1,33 +0,0 @@
# -*- coding: utf-8 -*-
#
# Copyright (C) 2020 Mojib Wali.
#
# invenio-config-tugraz is free software; you can redistribute it and/or
# modify it under the terms of the MIT License; see LICENSE file for more
# details.
# TODO: Transifex integration
#
# 1) Create message catalog:
# $ python setup.py extract_messages
# $ python setup.py init_catalog -l <lang>
# $ python setup.py compile_catalog
# 2) Ensure project has been created on Transifex under the inveniosoftware
# organisation.
# 3) Install the transifex-client
# $ pip install transifex-client
# 4) Push source (.pot) and translations (.po) to Transifex
# $ tx push -s -t
# 5) Pull translations for a single language from Transifex
# $ tx pull -l <lang>
# 6) Pull translations for all languages from Transifex
# $ tx pull -a
[main]
host = https://www.transifex.com
[invenio.invenio-config-tugraz-messages]
file_filter = invenio_config_tugraz/translations/<lang>/LC_MESSAGES/messages.po
source_file = invenio_config_tugraz/translations/messages.pot
source_lang = en
type = PO

94
CHANGES.rst
View File

@@ -1,5 +1,5 @@
..
Copyright (C) 2020 Mojib Wali.
Copyright (C) 2020 - 2022 Graz University of Technology.
invenio-config-tugraz is free software; you can redistribute it and/or
modify it under the terms of the MIT License; see LICENSE file for more
@@ -8,6 +8,98 @@
Changes
=======
Version v0.12.3 (release 2024-07-25)
- fix(tugraz_authenticated): missmatch of role name
Version v0.12.2 (release 2024-07-19)
- setup: introduce ruff
- perm: implement single-ip and ip-network
- utils: add invenio_saml-compatible account-setup
- add new permission-policy, add new role
- fix deprecated `before_app_first_request`
- setup: add support for python3.11 and 3.12
Version v0.12.1 (release 2024-03-08)
- setup: remove upper limit of rdm-records
Version v0.12.0 (release 2023-11-10)
- setup: remove python3.8 support
- global: make it compatible with v12
Version v0.11.0 (release 2023-04-20)
- global: make package compatible with v11
Version v0.10.4 (release 2023-02-10)
Version v0.10.2 (release 2023-02-02)
- change version name
- footer: update guid
Version v0.10.1 (release 2022-11-17)
- global: add function
Version 0.10.0 (released 2022-10-13)
- global: migrate to v10 (#101)
Version 0.9.1 (released 2022-05-30)
- ci(publish): ping babel version (#99)
Version 0.9.0 (released 2022-05-30)
- config: adds new introduced configs v9
- dep: compatible to v9 rdm
- config: add deposit form quota variable (#91)
- migrate setup py to cfg (#94)
- fix: update email welcome template with SITE_UI_URL (#93)
Version 0.8.4 (released 2022-03-11)
- config: use gettext
Version 0.8.3 (released 2022-03-10)
- config: fix comment & import
Version 0.8.2 (released 2022-03-03)
- config: new introduced to v8 of invenioRDM
Version 0.8.1 (released 2022-02-28)
- config: set samesite cookie to strict
- dep: bump in base dependencies
Version 0.8.0 (released 2022-02-09)
- dep: bump rdm-records version
Version 0.7.1 (released 2021-12-07)
- configs: adds new & changed configs for v7 #76
Version 0.7.0 (released 2021-12-06)
- fix: update blueprint reorder #74
- dep: upgrade rdm-records version & OAI #72
Version 0.1.0 (released TBD)
- Initial public release.

8
CONTRIBUTING.rst
View File

@@ -10,7 +10,7 @@ Types of Contributions
Report Bugs
~~~~~~~~~~~
Report bugs at https://github.com/mb-wali/invenio-config-tugraz/issues.
Report bugs at https://github.com/tu-graz-library/invenio-config-tugraz/issues.
If you are reporting a bug, please include:
@@ -41,7 +41,7 @@ Submit Feedback
~~~~~~~~~~~~~~~
The best way to send feedback is to file an issue at
https://github.com/mb-wali/invenio-config-tugraz/issues.
https://github.com/tu-graz-library/invenio-config-tugraz/issues.
If you are proposing a feature:
@@ -113,6 +113,6 @@ Before you submit a pull request, check that it meets these guidelines:
1. The pull request should include tests and must not decrease test coverage.
2. If the pull request adds functionality, the docs should be updated. Put
your new functionality into a function with a docstring.
3. The pull request should work for Python 2.7, 3.5 and 3.6. Check
https://travis-ci.org/https://github.com/https://github.com/mb-/pull_requests
3. The pull request should work for Python 3.6 and 3.7. Check
https://github.com/github/tu-graz-library/invenio-config-tugraz//actions?query=event%3Apull_request
and make sure that the tests pass for all supported Python versions.

13
MANIFEST.in
View File

@@ -34,11 +34,22 @@ recursive-include docs *.py
recursive-include docs *.rst
recursive-include docs *.txt
recursive-include docs Makefile
recursive-include invenio_config_tugraz *.html
recursive-include tests *.py
# added by check_manifest.py
recursive-include invenio_config_tugraz *.crt
recursive-include invenio_config_tugraz *.json
recursive-include invenio_config_tugraz *.key
recursive-include invenio_config_tugraz *.xml
recursive-include invenio_config_tugraz *.gitkeep
recursive-include invenio_config_tugraz *.txt
recursive-include invenio_config_tugraz *.html
# added by check-manifest
recursive-include invenio_config_tugraz *.csv
# added by check-manifest
recursive-include invenio_config_tugraz *.pdf
include .git-blame-ignore-revs

19
README.rst
View File

@@ -1,5 +1,5 @@
..
Copyright (C) 2020 Mojib Wali.
Copyright (C) 2020-2021 Graz University of Technology.
invenio-config-tugraz is free software; you can redistribute it and/or
modify it under the terms of the MIT License; see LICENSE file for more
@@ -9,17 +9,17 @@
invenio-config-tugraz
=======================
.. image:: https://travis-ci.com/mb-wali/invenio-config-tugraz.svg
:target: https://travis-ci.com/github/mb-wali/invenio-config-tugraz
.. image:: https://github.com/tu-graz-library/invenio-config-tugraz/workflows/CI/badge.svg
:target: https://github.com/tu-graz-library/invenio-config-tugraz/actions
.. image:: https://img.shields.io/pypi/dm/invenio-config-tugraz.svg
:target: https://pypi.python.org/pypi/invenio-config-tugraz
.. image:: https://img.shields.io/github/tag/mb-wali/invenio-config-tugraz.svg
:target: https://github.com/mb-wali/invenio-config-tugraz/releases
.. image:: https://img.shields.io/github/tag/tu-graz-library/invenio-config-tugraz.svg
:target: https://github.com/tu-graz-library/invenio-config-tugraz/releases
.. image:: https://img.shields.io/github/license/mb-wali/invenio-config-tugraz.svg
:target: https://github.com/mb-wali/invenio-config-tugraz/blob/master/LICENSE
.. image:: https://img.shields.io/github/license/tu-graz-library/invenio-config-tugraz.svg
:target: https://github.com/tu-graz-library/invenio-config-tugraz/blob/master/LICENSE
.. image:: https://readthedocs.org/projects/invenio-config-tugraz/badge/?version=latest
:target: https://invenio-config-tugraz.readthedocs.io/en/latest/?badge=latest
@@ -27,6 +27,9 @@
.. image:: https://img.shields.io/coveralls/mb-wali/invenio-config-tugraz.svg
:target: https://coveralls.io/r/mb-wali/invenio-config-tugraz
.. image:: https://img.shields.io/badge/code%20style-black-000000.svg
:target: https://github.com/psf/black
invenio module that adds tugraz configs.
Override configs from diffrent invenio modules to meet TU Graz requirement:
@@ -35,6 +38,8 @@ Override configs from diffrent invenio modules to meet TU Graz requirement:
* Invenio-Mail
* Invenio-shibboleth
* Invenio-accounts
* Flask-security
* Defined routes for TUG
Further documentation is available on
https://invenio-config-tugraz.readthedocs.io/

3
babel.ini
View File

@@ -13,9 +13,8 @@ encoding = utf-8
# Extraction from Jinja2 templates
[jinja2: **/templates/**.html]
[jinja2: **/templates/**.*]
encoding = utf-8
extensions = jinja2.ext.autoescape, jinja2.ext.with_
# Extraction from JavaScript files

219
docs/conf.py
View File

@@ -8,47 +8,47 @@
"""Sphinx configuration."""
import os
from invenio_config_tugraz import __version__
import sphinx.environment
# import sphinx.environment
# -- General configuration ------------------------------------------------
# If your documentation needs a minimal Sphinx version, state it here.
#needs_sphinx = '1.0'
# needs_sphinx = '1.0'
# Do not warn on external images.
suppress_warnings = ['image.nonlocal_uri']
suppress_warnings = ["image.nonlocal_uri"]
# Add any Sphinx extension module names here, as strings. They can be
# extensions coming with Sphinx (named 'sphinx.ext.*') or your custom
# ones.
extensions = [
'sphinx.ext.autodoc',
'sphinx.ext.coverage',
'sphinx.ext.doctest',
'sphinx.ext.intersphinx',
'sphinx.ext.viewcode',
"sphinx.ext.autodoc",
"sphinx.ext.coverage",
"sphinx.ext.doctest",
"sphinx.ext.intersphinx",
"sphinx.ext.viewcode",
]
# Add any paths that contain templates here, relative to this directory.
templates_path = ['_templates']
templates_path = ["_templates"]
# The suffix(es) of source filenames.
# You can specify multiple suffix as a list of string:
# source_suffix = ['.rst', '.md']
source_suffix = '.rst'
source_suffix = ".rst"
# The encoding of source files.
#source_encoding = 'utf-8-sig'
# source_encoding = 'utf-8-sig'
# The master toctree document.
master_doc = 'index'
master_doc = "index"
# General information about the project.
project = u'invenio-config-tugraz'
copyright = u'2020, Mojib Wali'
author = u'Mojib Wali'
project = "invenio-config-tugraz"
copyright = "2022, TU Graz"
author = "TU Graz"
# The version info for the project you're documenting, acts as replacement for
# |version| and |release|, also used in various other places throughout the
@@ -56,29 +56,21 @@ author = u'Mojib Wali'
#
# The short X.Y version.
# Get the version string. Cannot be done with import!
g = {}
with open(os.path.join(os.path.dirname(__file__), '..',
'invenio_config_tugraz', 'version.py'),
'rt') as fp:
exec(fp.read(), g)
version = g['__version__']
# The full version, including alpha/beta/rc tags.
release = version
release = __version__
# The language for content autogenerated by Sphinx. Refer to documentation
# for a list of supported languages.
#
# This is also used if you do content translation via gettext catalogs.
# Usually you set "language" from the command line for these cases.
language = None
language = "en"
# There are two options for replacing |today|: either, you set today to some
# non-false value, then it is used:
#today = ''
# today = ''
# Else, today_fmt is used as the format for a strftime call.
#today_fmt = '%B %d, %Y'
# today_fmt = '%B %d, %Y'
# List of patterns, relative to source directory, that match files and
# directories to ignore when looking for source files.
@@ -86,46 +78,46 @@ exclude_patterns = []
# The reST default role (used for this markup: `text`) to use for all
# documents.
#default_role = None
# default_role = None
# If true, '()' will be appended to :func: etc. cross-reference text.
#add_function_parentheses = True
# add_function_parentheses = True
# If true, the current module name will be prepended to all description
# unit titles (such as .. function::).
#add_module_names = True
# add_module_names = True
# If true, sectionauthor and moduleauthor directives will be shown in the
# output. They are ignored by default.
#show_authors = False
# show_authors = False
# The name of the Pygments (syntax highlighting) style to use.
pygments_style = 'sphinx'
pygments_style = "sphinx"
# A list of ignored prefixes for module index sorting.
#modindex_common_prefix = []
# modindex_common_prefix = []
# If true, keep warnings as "system message" paragraphs in the built documents.
#keep_warnings = False
# keep_warnings = False
# If true, `todo` and `todoList` produce output, else they produce nothing.
todo_include_todos = False
# -- Options for HTML output ----------------------------------------------
html_theme = 'alabaster'
html_theme = "alabaster"
html_theme_options = {
'description': 'invenio module that adds tugraz configs.',
'github_user': 'inveniosoftware',
'github_repo': 'invenio-config-tugraz',
'github_button': False,
'github_banner': True,
'show_powered_by': False,
'extra_nav_links': {
'invenio-config-tugraz@GitHub': 'https://github.com/mb-wali/invenio-config-tugraz',
'invenio-config-tugraz@PyPI': 'https://pypi.python.org/pypi/invenio-config-tugraz/',
}
"description": "invenio module that adds tugraz configs.",
"github_user": "TU Graz",
"github_repo": "invenio-config-tugraz",
"github_button": False,
"github_banner": True,
"show_powered_by": False,
"extra_nav_links": {
"invenio-config-tugraz@GitHub": "https://github.com/tu-graz-library/invenio-config-tugraz",
"invenio-config-tugraz@PyPI": "https://pypi.python.org/pypi/invenio-config-tugraz/",
},
}
# The theme to use for HTML and HTML Help pages. See the documentation for
@@ -134,146 +126,148 @@ html_theme_options = {
# Theme options are theme-specific and customize the look and feel of a theme
# further. For a list of options available for each theme, see the
# documentation.
#html_theme_options = {}
# html_theme_options = {}
# Add any paths that contain custom themes here, relative to this directory.
#html_theme_path = []
# html_theme_path = []
# The name for this set of Sphinx documents. If None, it defaults to
# "<project> v<release> documentation".
#html_title = None
# html_title = None
# A shorter title for the navigation bar. Default is the same as html_title.
#html_short_title = None
# html_short_title = None
# The name of an image file (relative to this directory) to place at the top
# of the sidebar.
#html_logo = None
# html_logo = None
# The name of an image file (within the static path) to use as favicon of the
# docs. This file should be a Windows icon file (.ico) being 16x16 or 32x32
# pixels large.
#html_favicon = None
# html_favicon = None
# Add any paths that contain custom static files (such as style sheets) here,
# relative to this directory. They are copied after the builtin static files,
# so a file named "default.css" will overwrite the builtin "default.css".
#html_static_path = ['_static']
# html_static_path = ['_static']
# Add any extra paths that contain custom files (such as robots.txt or
# .htaccess) here, relative to this directory. These files are copied
# directly to the root of the documentation.
#html_extra_path = []
# html_extra_path = []
# If not '', a 'Last updated on:' timestamp is inserted at every page bottom,
# using the given strftime format.
#html_last_updated_fmt = '%b %d, %Y'
# html_last_updated_fmt = '%b %d, %Y'
# If true, SmartyPants will be used to convert quotes and dashes to
# typographically correct entities.
#html_use_smartypants = True
# html_use_smartypants = True
# Custom sidebar templates, maps document names to template names.
html_sidebars = {
'**': [
'about.html',
'navigation.html',
'relations.html',
'searchbox.html',
'donate.html',
"**": [
"about.html",
"navigation.html",
"relations.html",
"searchbox.html",
"donate.html",
]
}
# Additional templates that should be rendered to pages, maps page names to
# template names.
#html_additional_pages = {}
# html_additional_pages = {}
# If false, no module index is generated.
#html_domain_indices = True
# html_domain_indices = True
# If false, no index is generated.
#html_use_index = True
# html_use_index = True
# If true, the index is split into individual pages for each letter.
#html_split_index = False
# html_split_index = False
# If true, links to the reST sources are added to the pages.
#html_show_sourcelink = True
# html_show_sourcelink = True
# If true, "Created using Sphinx" is shown in the HTML footer. Default is True.
#html_show_sphinx = True
# html_show_sphinx = True
# If true, "(C) Copyright ..." is shown in the HTML footer. Default is True.
#html_show_copyright = True
# html_show_copyright = True
# If true, an OpenSearch description file will be output, and all pages will
# contain a <link> tag referring to it. The value of this option must be the
# base URL from which the finished HTML is served.
#html_use_opensearch = ''
# html_use_opensearch = ''
# This is the file name suffix for HTML files (e.g. ".xhtml").
#html_file_suffix = None
# html_file_suffix = None
# Language to be used for generating the HTML full-text search index.
# Sphinx supports the following languages:
# 'da', 'de', 'en', 'es', 'fi', 'fr', 'hu', 'it', 'ja'
# 'nl', 'no', 'pt', 'ro', 'ru', 'sv', 'tr'
#html_search_language = 'en'
# html_search_language = 'en'
# A dictionary with options for the search language support, empty by default.
# Now only 'ja' uses this config value
#html_search_options = {'type': 'default'}
# html_search_options = {'type': 'default'}
# The name of a javascript file (relative to the configuration directory) that
# implements a search results scorer. If empty, the default will be used.
#html_search_scorer = 'scorer.js'
# html_search_scorer = 'scorer.js'
# Output file base name for HTML help builder.
htmlhelp_basename = 'invenio-config-tugraz_namedoc'
htmlhelp_basename = "invenio-config-tugraz_namedoc"
# -- Options for LaTeX output ---------------------------------------------
latex_elements = {
# The paper size ('letterpaper' or 'a4paper').
#'papersize': 'letterpaper',
# The font size ('10pt', '11pt' or '12pt').
#'pointsize': '10pt',
# Additional stuff for the LaTeX preamble.
#'preamble': '',
# Latex figure (float) alignment
#'figure_align': 'htbp',
# The paper size ('letterpaper' or 'a4paper').
# 'papersize': 'letterpaper',
# The font size ('10pt', '11pt' or '12pt').
# 'pointsize': '10pt',
# Additional stuff for the LaTeX preamble.
# 'preamble': '',
# Latex figure (float) alignment
# 'figure_align': 'htbp',
}
# Grouping the document tree into LaTeX files. List of tuples
# (source start file, target name, title,
# author, documentclass [howto, manual, or own class]).
latex_documents = [
(master_doc, 'invenio-config-tugraz.tex', u'invenio-config-tugraz Documentation',
u'Mojib Wali', 'manual'),
(
master_doc,
"invenio-config-tugraz.tex",
"invenio-config-tugraz Documentation",
"Mojib Wali",
"manual",
),
]
# The name of an image file (relative to this directory) to place at the top of
# the title page.
#latex_logo = None
# latex_logo = None
# For "manual" documents, if this is true, then toplevel headings are parts,
# not chapters.
#latex_use_parts = False
# latex_use_parts = False
# If true, show page references after internal links.
#latex_show_pagerefs = False
# latex_show_pagerefs = False
# If true, show URL addresses after external links.
#latex_show_urls = False
# latex_show_urls = False
# Documents to append as an appendix to all manuals.
#latex_appendices = []
# latex_appendices = []
# If false, no module index is generated.
#latex_domain_indices = True
# latex_domain_indices = True
# -- Options for manual page output ---------------------------------------
@@ -281,12 +275,17 @@ latex_documents = [
# One entry per manual page. List of tuples
# (source start file, name, description, authors, manual section).
man_pages = [
(master_doc, 'invenio-config-tugraz', u'invenio-config-tugraz Documentation',
[author], 1)
(
master_doc,
"invenio-config-tugraz",
"invenio-config-tugraz Documentation",
[author],
1,
)
]
# If true, show URL addresses after external links.
#man_show_urls = False
# man_show_urls = False
# -- Options for Texinfo output -------------------------------------------
@@ -295,30 +294,38 @@ man_pages = [
# (source start file, target name, title, author,
# dir menu entry, description, category)
texinfo_documents = [
(master_doc, 'invenio-config-tugraz', u'invenio-config-tugraz Documentation',
author, 'invenio-config-tugraz', 'invenio module that adds tugraz configs.',
'Miscellaneous'),
(
master_doc,
"invenio-config-tugraz",
"invenio-config-tugraz Documentation",
author,
"invenio-config-tugraz",
"invenio module that adds tugraz configs.",
"Miscellaneous",
),
]
# Documents to append as an appendix to all manuals.
#texinfo_appendices = []
# texinfo_appendices = []
# If false, no module index is generated.
#texinfo_domain_indices = True
# texinfo_domain_indices = True
# How to display URL addresses: 'footnote', 'no', or 'inline'.
#texinfo_show_urls = 'footnote'
# texinfo_show_urls = 'footnote'
# If true, do not generate a @detailmenu in the "Top" node's menu.
#texinfo_no_detailmenu = False
# texinfo_no_detailmenu = False
# Example configuration for intersphinx: refer to the Python standard library.
intersphinx_mapping = {
'python': ('https://docs.python.org/', None),
"python": ("https://docs.python.org/", None),
"flask": ("https://flask.palletsprojects.com/", None),
"werkzeug": ("https://werkzeug.palletsprojects.com/", None),
# TODO: Configure external documentation references, eg:
# 'Flask-Admin': ('https://flask-admin.readthedocs.io/en/latest/', None),
}
# Autodoc configuraton.
autoclass_content = 'both'
autoclass_content = "both"

15
invenio_config_tugraz/__init__.py
View File

@@ -1,6 +1,6 @@
# -*- coding: utf-8 -*-
#
# Copyright (C) 2020 Mojib Wali.
# Copyright (C) 2020-2024 Graz University of Technology.
#
# invenio-config-tugraz is free software; you can redistribute it and/or
# modify it under the terms of the MIT License; see LICENSE file for more
@@ -8,8 +8,13 @@
"""invenio module that adds tugraz configs."""
from .ext import invenioconfigtugraz
from .generators import RecordIp
from .version import __version__
from .ext import InvenioConfigTugraz
from .utils import get_identity_from_user_by_email
__all__ = ('__version__', 'invenioconfigtugraz', 'RecordIp')
__version__ = "0.12.3"
__all__ = (
"__version__",
"InvenioConfigTugraz",
"get_identity_from_user_by_email",
)

282
invenio_config_tugraz/config.py
View File

@@ -1,6 +1,6 @@
# -*- coding: utf-8 -*-
#
# Copyright (C) 2020 Mojib Wali.
# Copyright (C) 2020-2024 Graz University of Technology.
#
# invenio-config-tugraz is free software; you can redistribute it and/or
# modify it under the terms of the MIT License; see LICENSE file for more
@@ -8,76 +8,86 @@
"""invenio module that adds tugraz configs."""
from flask_babelex import gettext as _
from invenio_i18n import gettext as _
INVENIO_CONFIG_TUGRAZ_SHIBBOLETH = True
CONFIG_TUGRAZ_SHIBBOLETH = False
"""Set True if SAML is configured"""
INVENIO_CONFIG_TUGRAZ_SINGLE_IP = []
CONFIG_TUGRAZ_SINGLE_IPS = []
"""Allows access to users whose IP address is listed.
INVENIO_CONFIG_TUGRAZ_SINGLE_IP =
INVENIO_CONFIG_TUGRAZ_SINGLE_IPS =
["127.0.0.1", "127.0.0.2"]
"""
INVENIO_CONFIG_TUGRAZ_IP_RANGES = []
CONFIG_TUGRAZ_IP_RANGES = []
"""Allows access to users whose range of IP address is listed.
INVENIO_CONFIG_TUGRAZ_IP_RANGES =
[["127.0.0.2", "127.0.0.99"], ["127.0.1.3", "127.0.1.5"]]
"""
CONFIG_TUGRAZ_IP_NETWORK = ""
"""Allows access to users who are in the IP network."""
CONFIG_TUGRAZ_ROUTES = {
"guide": "/guide",
"terms": "/terms",
"gdpr": "/gdpr",
}
"""Defined routes for TUG."""
# Invenio-App
# ===========
# See https://invenio-app.readthedocs.io/en/latest/configuration.html
APP_ALLOWED_HOSTS = ['0.0.0.0',
'localhost',
'127.0.0.1',
'invenio-dev01.tugraz.at',
'invenio-test.tugraz.at'
]
"""Allowed Hosts"""
APP_DEFAULT_SECURE_HEADERS = {
'content_security_policy': {
'default-src': [
"content_security_policy": {
"default-src": [
"'self'",
'fonts.googleapis.com',
'*.gstatic.com',
'data:',
"data:",
"'unsafe-inline'",
"'unsafe-eval'",
"blob:",
"ub-support.tugraz.at", # zammad contact form
],
},
'content_security_policy_report_only': False,
'content_security_policy_report_uri': None,
'force_file_save': False,
'force_https': True,
'force_https_permanent': False,
'frame_options': 'sameorigin',
'frame_options_allow_from': None,
'session_cookie_http_only': True,
'session_cookie_secure': True,
'strict_transport_security': True,
'strict_transport_security_include_subdomains': True,
'strict_transport_security_max_age': 31556926, # One year in seconds
'strict_transport_security_preload': False,
"content_security_policy_report_only": False,
"content_security_policy_report_uri": None,
"force_file_save": False,
"force_https": True,
"force_https_permanent": False,
"frame_options": "sameorigin",
"frame_options_allow_from": None,
"session_cookie_http_only": True,
"session_cookie_secure": True,
"strict_transport_security": True,
"strict_transport_security_include_subdomains": True,
"strict_transport_security_max_age": 31556926, # One year in seconds
"strict_transport_security_preload": False,
}
# Invenio-I18N
# ============
# See https://invenio-i18n.readthedocs.io/en/latest/configuration.html
BABEL_DEFAULT_LOCALE = "en"
# Default time zone
BABEL_DEFAULT_TIMEZONE = "Europe/Vienna"
# Other supported languages (do not include BABEL_DEFAULT_LOCALE in list).
I18N_LANGUAGES = [("de", _("German"))]
# Invenio-Mail
# ===========
# See https://invenio-mail.readthedocs.io/en/latest/configuration.html
MAIL_SERVER = 'localhost'
MAIL_SERVER = "localhost"
"""Domain ip where mail server is running."""
SECURITY_EMAIL_SENDER = "info@invenio-test.tugraz.at"
"""Email address used as sender of account registration emails."""
"""Domain name should match the domain used in web server."""
SECURITY_EMAIL_SUBJECT_REGISTER = _("Welcome to RDM!")
SECURITY_EMAIL_SUBJECT_REGISTER = _("Welcome to TU Graz Repository!")
"""Email subject for account registration emails."""
MAIL_SUPPRESS_SEND = True
@@ -102,10 +112,9 @@ Set this to False when sending actual emails.
# ]
# REST_ENABLE_CORS = True
# Invenio-shibboleth
# Invenio-userprofiles
# ===========
# See https://invenio-shibboleth.readthedocs.io/en/latest/configuration.html
# See https://invenio-userprofiles.readthedocs.io/en/latest/configuration.html
USERPROFILES_EXTEND_SECURITY_FORMS = True
"""Set True in order to register user_profile.
@@ -114,32 +123,45 @@ This also forces user to add username and fullname
when register.
"""
USERPROFILES_EMAIL_ENABLED = True
"""Exclude the user email in the profile form."""
USERPROFILES_READ_ONLY = True
"""Allow users to change profile info (name, email, etc...)."""
# Invenio-saml
# ===========
# See https://invenio-saml.readthedocs.io/en/latest/configuration.html
SSO_SAML_IDPS = {}
"""Configuration of IDPS. Actual values can be find in to invenio.cfg file"""
SSO_SAML_DEFAULT_BLUEPRINT_PREFIX = '/shibboleth'
SSO_SAML_DEFAULT_BLUEPRINT_PREFIX = "/shibboleth"
"""Base URL for the extensions endpoint."""
SSO_SAML_DEFAULT_METADATA_ROUTE = '/metadata/<idp>'
SSO_SAML_DEFAULT_METADATA_ROUTE = "/metadata/<idp>"
"""URL route for the metadata request."""
"""This is also SP entityID https://domain/shibboleth/metadata/<idp>"""
SSO_SAML_DEFAULT_SSO_ROUTE = '/login/<idp>'
SSO_SAML_DEFAULT_SSO_ROUTE = "/login/<idp>"
"""URL route for the SP login."""
SSO_SAML_DEFAULT_ACS_ROUTE = '/authorized/<idp>'
SSO_SAML_DEFAULT_ACS_ROUTE = "/authorized/<idp>"
"""URL route to handle the IdP login request."""
SSO_SAML_DEFAULT_SLO_ROUTE = '/slo/<idp>'
SSO_SAML_DEFAULT_SLO_ROUTE = "/slo/<idp>"
"""URL route for the SP logout."""
SSO_SAML_DEFAULT_SLS_ROUTE = '/sls/<idp>'
SSO_SAML_DEFAULT_SLS_ROUTE = "/sls/<idp>"
"""URL route to handle the IdP logout request."""
# Invenio-accounts
# ===========
# See https://invenio-accounts.readthedocs.io/en/latest/configuration.html
ACCOUNTS_LOCAL_LOGIN_ENABLED = True
"""Allow local login."""
SECURITY_CHANGEABLE = False
"""Allow password change by users."""
@@ -159,6 +181,18 @@ SECURITY_CONFIRMABLE = False
Instead user will get a welcome email.
"""
SECURITY_LOGIN_WITHOUT_CONFIRMATION = False
"""Require users to confirm email before being able to login."""
# Flask-Security
# =============
# See https://pythonhosted.org/Flask-Security/configuration.html
SECURITY_EMAIL_PLAINTEXT = True
"""Render email content as plaintext."""
SECURITY_EMAIL_HTML = False
"""Render email content as HTML."""
ACCOUNTS = True
"""Tells if the templates should use the accounts module.
@@ -185,9 +219,159 @@ RECAPTCHA_PRIVATE_KEY = None
# =======
# See:
# https://invenio-records-permissions.readthedocs.io/en/latest/configuration.html
#
# Uncomment these to enable overriden
# RECORDS_PERMISSIONS_RECORD_POLICY = (
# 'invenio_config_tugraz.permissions.TUGRAZPermissionPolicy'
# )
# Uncomment these to enable overriding RDM permissions
# from .rdm_permissions import TUGRAZRDMRecordServiceConfig
# RDM_RECORDS_BIBLIOGRAPHIC_SERVICE_CONFIG = TUGRAZRDMRecordServiceConfig
"""Access control configuration for records."""
# invenio-rdm-records
# =======
# See:
# https://invenio-rdm-records.readthedocs.io/en/latest/configuration.html
#
RDM_RECORDS_USER_FIXTURE_PASSWORDS = {"info@tugraz.at": None}
"""Overrides for the user fixtures' passwords.
The password set for a user fixture in this dictionary overrides the
password set in the ``users.yaml`` file. This can be used to set custom
passwords for the fixture users (of course, this has to be configured
before the fixtures are installed, e.g. by setting up the services).
If ``None`` or an empty string is configured in this dictionary, then the
password from ``users.yaml`` will be used. If that is also absent, a password
will be generated randomly.
"""
DATACITE_FORMAT = "{prefix}/{id}"
"""Customize the generated DOI string."""
DATACITE_DATACENTER_SYMBOL = ""
""""The OAI-PMH server's metadata format oai_datacite
that allows you to harvest record from InvenioRDM in DataCite XML needs
to be configured with your DataCite data center symbol.
This is only required if you want your records to be harvestable in DataCite XML format.
"""
# Invenio-app-rdm
# =========================
# See https://github.com/inveniosoftware/invenio-app-rdm/blob/master/invenio_app_rdm/config.py
APP_RDM_DEPOSIT_FORM_DEFAULTS = {
"publisher": "Graz University of Technology",
}
"""Default values for new records in the deposit UI.
The keys denote the dot-separated path, where in the record's metadata
the values should be set (see invenio-records.dictutils).
If the value is callable, its return value will be used for the field
(e.g. lambda/function for dynamic calculation of values).
"""
APP_RDM_DEPOSIT_FORM_AUTOCOMPLETE_NAMES = "off"
"""Behavior for autocomplete names search field for creators/contributors.
Available options:
- ``search`` (default): Show search field and form always.
- ``search_only``: Only show search field. Form displayed after selection or
explicit "manual" entry.
- ``off``: Only show person form (no search field).
"""
APP_RDM_DEPOSIT_FORM_QUOTA = {
"maxFiles": 100,
# Easiest way to set this to a certain amount is to start from 1 Gb
# and go from there:
# 1 Gb: 10 ** 9
# 50 Gb: 10 ** 9 * 50
# 100 Mb: 10 ** 9 * 0.1
"maxStorage": 10**9 * 10,
}
"""Deposit file upload quota """
SQLALCHEMY_ECHO = False
"""Enable to see all SQL queries."""
SQLALCHEMY_ENGINE_OPTIONS = {
"pool_pre_ping": False,
"pool_recycle": 3600,
# set a more agressive timeout to ensure http requests don't wait for long
"pool_timeout": 10,
}
"""SQLAlchemy engine options.
This is used to configure for instance the database connection pool.
Specifically for connection pooling the following options below are relevant.
Note, that the connection pool settings have to be aligned with:
1. your database server's max allowed connections settings, and
2. your application deployment (number of processes/threads)
**Disconnect handling**
Note, it's possible that a connection you get from the connection pool is no
longer open. This happens if e.g. the database server was restarted or the
server has a timeout that closes the connection. In these case you'll see an
error similar to::
psycopg2.OperationalError: server closed the connection unexpectedly
This probably means the server terminated abnormally
before or while processing the request.
The errors can be avoided by using the ``pool_pre_ping`` option, which will
ensure the connection is open first by issuing a ``SELECT 1``. The pre-ping
feature however, comes with a performance penalty, and thus it may be better
to first try adjusting the ``pool_recyle`` to ensure connections are closed and
reopened regularly.
... code-block:: python
SQLALCHEMY_ENGINE_OPTIONS = dict(
# enable the connection pool “pre-ping” feature that tests connections
# for liveness upon each checkout.
pool_pre_ping=True,
# the number of connections to allow in connection pool “overflow”,
# that is connections that can be opened above and beyond the
# pool_size setting
max_overflow=10,
# the number of connections to keep open inside the connection
pool_size=5,
# recycle connections after the given number of seconds has passed.
pool_recycle=3600,
# number of seconds to wait before giving up on getting a connection
# from the pool
pool_timeout=30,
)
See https://docs.sqlalchemy.org/en/latest/core/engines.html.
"""
# Redis (cache)
# ========
# Cache or Redis configurations
RATELIMIT_AUTHENTICATED_USER = "25000 per hour;1000 per minute"
"""Increase defaults for authenticated users."""
RATELIMIT_GUEST_USER = "5000 per hour;500 per minute"
"""Increase defaults for guest users."""
SESSION_COOKIE_SAMESITE = "Strict"
"""Sets cookie with the samesite flag to 'Strict' by default."""
# OAI-PMH
# =======
# See https://github.com/inveniosoftware/invenio-oaiserver/blob/master/invenio_oaiserver/config.py
OAISERVER_ID_PREFIX = "repository.tugraz.at"
"""The prefix that will be applied to the generated OAI-PMH ids."""
OAISERVER_ADMIN_EMAILS = [
"oai@repository.tugraz.at",
]
"""The e-mail addresses of administrators of the repository.
It **must** include one or more instances.
"""

15
invenio_config_tugraz/custom_fields/__init__.py Normal file
View File

@@ -0,0 +1,15 @@
# -*- coding: utf-8 -*-
#
# Copyright (C) 2024 Graz University of Technology.
#
# invenio-config-tugraz is free software; you can redistribute it and/or
# modify it under the terms of the MIT License; see LICENSE file for more
# details.
"""Custom fields."""
from invenio_records_resources.services.custom_fields import BooleanCF
ip_network = BooleanCF(name="ip_network")
single_ip = BooleanCF(name="single_ip")

44
invenio_config_tugraz/ext.py
View File

@@ -1,6 +1,6 @@
# -*- coding: utf-8 -*-
#
# Copyright (C) 2020 Mojib Wali.
# Copyright (C) 2020-2024 Graz University of Technology.
#
# invenio-config-tugraz is free software; you can redistribute it and/or
# modify it under the terms of the MIT License; see LICENSE file for more
@@ -8,26 +8,54 @@
"""invenio module that adds tugraz configs."""
from flask_babelex import gettext as _
from flask import Flask
from . import config
from .custom_fields import ip_network, single_ip
class invenioconfigtugraz(object):
class InvenioConfigTugraz:
"""invenio-config-tugraz extension."""
def __init__(self, app=None):
def __init__(self, app: Flask = None) -> None:
"""Extension initialization."""
if app:
self.init_app(app)
def init_app(self, app):
def init_app(self, app: Flask) -> None:
"""Flask application initialization."""
self.init_config(app)
app.extensions['invenio-config-tugraz'] = self
self.add_custom_fields(app)
app.extensions["invenio-config-tugraz"] = self
def init_config(self, app):
def init_config(self, app: Flask) -> None:
"""Initialize configuration."""
for k in dir(config):
if k.startswith('INVENIO_CONFIG_TUGRAZ_'):
if k.startswith("INVENIO_CONFIG_TUGRAZ_"):
app.config.setdefault(k, getattr(config, k))
def add_custom_fields(self, app: Flask) -> None:
"""Add custom fields."""
app.config.setdefault("RDM_CUSTOM_FIELDS", [])
app.config["RDM_CUSTOM_FIELDS"].append(ip_network)
app.config["RDM_CUSTOM_FIELDS"].append(single_ip)
def finalize_app(app: Flask) -> None:
"""Finalize app."""
rank_blueprint_higher(app)
def rank_blueprint_higher(app: Flask) -> None:
"""Rank this module's blueprint higher than blueprint of security module.
Needed in order to overwrite email templates.
Since the blueprints are in a dict and the order of insertion is
retained, popping and reinserting all items (except ours), ensures
our blueprint will be in front.
"""
bps = app.blueprints
for blueprint_name in list(bps.keys()):
if blueprint_name != "invenio_config_tugraz":
bps.update({blueprint_name: bps.pop(blueprint_name)})

214
invenio_config_tugraz/generators.py
View File

@@ -1,214 +0,0 @@
# -*- coding: utf-8 -*-
#
# Copyright (C) 2020 Mojib Wali.
#
# invenio-config-tugraz is free software; you can redistribute it and/or
# modify it under the terms of the MIT License; see LICENSE file for more
# details.
r"""Permission generators and policies for Invenio records.
Invenio-records-permissions provides a means to fully customize access control
for Invenio records. It does so by defining and providing three layers of
permission constructs that build on each other:
Generators and Policies. You can extend or override them for maximum
control. Thankfully we provide default ones that cover most cases.
Invenio-records-permissions conveniently structures (and relies on)
functionalities from
`invenio-access <https://invenio-access.readthedocs.io>`_ and
`flask-principal <https://pythonhosted.org/Flask-Principal>`_ .
Generators
----------
Generators are the lowest level of abstraction provided by
invenio-records-permissions. A
:py:class:`~invenio_records_permissions.generators.Generator` represents
identities via
`Needs <https://invenio-access.readthedocs.io/en/latest/api.html#needs>`_ that
are allowed or disallowed to act on a kind of object. A Generator does not
specify the action, but it does specify who is allowed and the kind of object
of concern (typically records). Generators *generate* required and forbidden
Needs at the object-of-concern level and *generate* query filters
at the search-for-objects-of-concern level.
A Generator object defines 3 methods in addition to its constructor:
- ``needs(self, **kwargs)``: returns Needs, one of which a provider is
required to have to be allowed
- ``excludes(self, **kwargs)``: returns a list of Needs disallowing any
provider of a single one
- ``query_filter(self, **kwargs)``: returns a query filter to enable retrieval
of records
The ``needs`` and ``excludes`` methods specify access conditions from
the point-of-view of the object-of-concern; whereas, the ``query_filter``
method specifies those from the actor's point-of-view in search scenarios.
A simple example of a Generator is the provided
:py:class:`~invenio_records_permissions.generators.RecordOwners` Generator:
.. code-block:: python
from flask_principal import UserNeed
class RecordOwners(Generator):
'''Allows record owners.'''
def needs(self, record=None, **kwargs):
'''Enabling Needs.'''
return [UserNeed(owner) for owner in record.get('owners', [])]
def query_filter(self, record=None, **kwargs):
'''Filters for current identity as owner.'''
# NOTE: implementation subject to change until permissions metadata
# settled
provides = g.identity.provides
for need in provides:
if need.method == 'id':
return Q('term', owners=need.value)
return []
``RecordOwners`` allows any identity providing a `UserNeed
<https://pythonhosted.org/Flask-Principal/#flask_principal.UserNeed>`_
of value found in the ``owners`` metadata of a record. The
``query_filter(self, **kwargs)``
method outputs a query that returns all owned records of the current user.
Not included in the above, because it doesn't apply to ``RecordOwners``, is
the ``excludes(self, **kwargs)`` method.
.. Note::
Exclusion has priority over inclusion. If a Need is returned by both
``needs`` and ``excludes``, providers of that Need will be **excluded**.
If implementation of Generators seems daunting, fear not! A collection of
them has already been implemented in
:py:mod:`~invenio_records_permissions.generators`
and they cover most cases you may have.
To fully understand how they work, we have to show where Generators are used.
That is in the Policies.
Policies
--------
Classes inheriting from
:py:class:`~invenio_records_permissions.policies.base.BasePermissionPolicy` are
referred to as Policies. They list **what actions** can be done **by whom**
over an implied category of objects (typically records). A Policy is
instantiated on a per action basis and is a descendant of `Permission
<https://invenio-access.readthedocs.io/en/latest/api.html
#invenio_access.permissions.Permission>`_ in
`invenio-access <https://invenio-access.readthedocs.io>`_ .
Generators are used to provide the "by whom" part and the implied category of
object.
Here is an example of a custom record Policy:
.. code-block:: python
from invenio_records_permissions.generators import AnyUser, RecordOwners, \
SuperUser
from invenio_records_permissions.policies.base import BasePermissionPolicy
class ExampleRecordPermissionPolicy(BasePermissionPolicy):
can_create = [AnyUser()]
can_search = [AnyUser()]
can_read = [AnyUser()]
can_update = [RecordOwners()]
can_foo_bar = [SuperUser()]
The actions are class variables of the form: ``can_<action>`` and the
corresponding (dis-)allowed identities are a list of Generator instances.
One can define any action as long as it follows that pattern and
is verified at the moment it is undertaken.
In the example above, any user can create, list and read records, but only
a record's owner can edit it and only super users can perform the "foo_bar"
action.
We recommend you extend the provided
:py:class:`invenio_records_permissions.policies.records.RecordPermissionPolicy`
to customize record permissions for your instance.
This way you benefit from sane defaults.
After you have defined your own Policy, set it in your configuration:
.. code-block:: python
RECORDS_PERMISSIONS_RECORD_POLICY = (
'module.to.ExampleRecordPermissionPolicy'
)
The succinct encoding of the permissions for your instance gives you
- one central location where your permissions are defined
- exact control
- great flexibility by defining your own actions, generators and policies
"""
from elasticsearch_dsl.query import Q
from flask import current_app, request
from invenio_records_permissions.generators import Generator
class RecordIp(Generator):
"""Allowed any user with accessing with the IP."""
# TODO: Implement
def needs(self, **kwargs):
"""Enabling Needs, Set of Needs granting permission.
If ANY of the Needs are matched, permission is granted.
.. note::
``_load_permissions()`` method from `Permission
<https://invenio-access.readthedocs.io/en/latest/api.html
#invenio_access.permissions.Permission>`_ adds by default the
``superuser_access`` Need (if tied to a User or Role) for us.
It also expands ActionNeeds into the Users/Roles that
provide them.
"""
return []
def excludes(self, **kwargs):
"""Preventing Needs, Set of Needs denying permission.
If ANY of the Needs are matched, permission is revoked.
.. note::
``_load_permissions()`` method from `Permission
<https://invenio-access.readthedocs.io/en/latest/api.html
#invenio_access.permissions.Permission>`_ adds by default the
``superuser_access`` Need (if tied to a User or Role) for us.
It also expands ActionNeeds into the Users/Roles that
provide them.
If the same Need is returned by `needs` and `excludes`, then that
Need provider is disallowed.
"""
return []
def query_filter(self, **kwargs):
"""Elasticsearch filters, List of ElasticSearch query filters.
These filters consist of additive queries mapping to what the current
user should be able to retrieve via search.
"""
return Q('match_all')
def check_permission(self):
"""Check for User IP address in config variable."""
# Get user IP
user_ip = request.remote_addr # pragma: no cover
# Checks if the user IP is among single IPs
if user_ip in current_app.config['INVENIO_CONFIG_TUGRAZ_SINGLE_IP']:
return True # pragma: no cover
return False # pragma: no cover

84
invenio_config_tugraz/permissions.py
View File

@@ -1,84 +0,0 @@
# -*- coding: utf-8 -*-
#
# Copyright (C) 2020 Mojib Wali.
#
# invenio-config-tugraz is free software; you can redistribute it and/or
# modify it under the terms of the MIT License; see LICENSE file for more
# details.
"""
Records permission policies.
Default policies for records:
.. code-block:: python
# Read access given to everyone.
can_search = [AnyUser()]
# Create action given to no one (Not even superusers) bc Deposits should
# be used.
can_create = [Disable()]
# Read access given to everyone if public record/files and owners always.
can_read = [AnyUserIfPublic(), RecordOwners()]
# Update access given to record owners.
can_update = [RecordOwners()]
# Delete access given to admins only.
can_delete = [Admin()]
# Associated files permissions (which are really bucket permissions)
can_read_files = [AnyUserIfPublic(), RecordOwners()]
can_update_files = [RecordOwners()]
How to override default policies for records.
Using Custom Generator for a policy:
.. code-block:: python
from invenio_rdm_records.permissions import RDMRecordPermissionPolicy
from invenio_config_tugraz.generators import RecordIp
class TUGRAZPermissionPolicy(RDMRecordPermissionPolicy):
# Delete access given to RecordIp only.
can_delete = [RecordIp()]
RECORDS_PERMISSIONS_RECORD_POLICY = TUGRAZPermissionPolicy
Permissions for Invenio (RDM) Records.
"""
from invenio_records_permissions.generators import Admin, AnyUser, \
AnyUserIfPublic, Disable, RecordOwners
from invenio_records_permissions.policies.base import BasePermissionPolicy
from .generators import RecordIp
class TUGRAZPermissionPolicy(BasePermissionPolicy):
"""Access control configuration for records.
This overrides the /api/records endpoint.
"""
# Read access to API given to everyone.
can_search = [AnyUser(), RecordIp()]
# Read access given to everyone if public record/files and owners always.
can_read = [AnyUserIfPublic(), RecordOwners(), RecordIp()]
# Create action given to no one (Not even superusers) bc Deposits should
# be used.
can_create = [AnyUser()]
# Update access given to record owners.
can_update = [RecordOwners()]
# Delete access given to admins only.
can_delete = [Admin()]
# Associated files permissions (which are really bucket permissions)
can_read_files = [AnyUserIfPublic(), RecordOwners()]
can_update_files = [RecordOwners()]

13
invenio_config_tugraz/permissions/__init__.py Normal file
View File

@@ -0,0 +1,13 @@
# -*- coding: utf-8 -*-
#
# Copyright (C) 2024 Graz University of Technology.
#
# invenio-config-tugraz is free software; you can redistribute it and/or
# modify it under the terms of the MIT License; see LICENSE file for more
# details.
"""Permission-policies and roles, based on `flask-principal`."""
from .policies import TUGrazRDMRecordPermissionPolicy
__all__ = ("TUGrazRDMRecordPermissionPolicy",)

209
invenio_config_tugraz/permissions/generators.py Normal file
View File

@@ -0,0 +1,209 @@
# -*- coding: utf-8 -*-
#
# Copyright (C) 2020-2024 Graz University of Technology.
#
# invenio-config-tugraz is free software; you can redistribute it and/or
# modify it under the terms of the MIT License; see LICENSE file for more
# details.
r"""Permission generators for permission policies.
invenio's permissions build on
`flask-principal <https://pythonhosted.org/Flask-Principal>`_ .
In `flask-principal`, an action's `Need`s are checked
against current user's `Need`s to determine permissions.
For example, the action of deleting a record is only
permitted to users with `Need(method='role', value='admin')`.
Not all `Need`s can be known before the app is running.
For example, permissions for reading a record depend on whether
the record is public/private, so the set of `Need`s necessary
for reading a record must be computed dynamically at runtime.
This is the use case for
invenio's :py:class:`~invenio_records_permissions.generators.Generator`:
it generates `Need`s necessary for an action at runtime.
A `Generator` object defines 3 methods in addition to its constructor:
- ``needs(self, **kwargs)``: returns `Need`s, one of which a provider is
required to have to be allowed
- ``excludes(self, **kwargs)``: returns a list of `Need`s disallowing any
provider of a single one
- ``query_filter(self, **kwargs)``: returns a query filter to enable retrieval
of records
The ``needs`` and ``excludes`` methods specify access conditions from
the point-of-view of the object-of-concern; whereas, the ``query_filter``
method specifies those from the actor's point-of-view in search scenarios.
.. Note::
Exclusion has priority over inclusion. If a `Need` is returned by both
``needs`` and ``excludes``, providers of that `Need` will be **excluded**.
"""
from ipaddress import ip_address, ip_network
from typing import Any
from flask import current_app, request
from flask_principal import Need
from invenio_access.permissions import any_user
from invenio_records_permissions.generators import Generator
from invenio_search.engine import dsl
from .roles import tugraz_authenticated_user
class RecordSingleIP(Generator):
"""Allowed any user with accessing with the IP."""
def needs(self, record: dict | None = None, **__: dict) -> list[Need]:
"""Set of Needs granting permission. Enabling Needs."""
if record is None:
return []
# if record does not have singleip - return any_user
if not record.get("custom_fields", {}).get("single_ip", False):
return [any_user]
# if record has singleip, and the ip of the user matches the allowed ip
if self.check_permission():
return [any_user]
# non of the above - return empty
return []
def excludes(self, **kwargs: dict) -> list[Need]:
"""Set of Needs denying permission. Preventing Needs.
If ANY of the Needs are matched, permission is revoked.
.. note::
``_load_permissions()`` method from `Permission
<https://invenio-access.readthedocs.io/en/latest/api.html
#invenio_access.permissions.Permission>`_ adds by default the
``superuser_access`` Need (if tied to a User or Role) for us.
It also expands ActionNeeds into the Users/Roles that
provide them.
If the same Need is returned by `needs` and `excludes`, then that
Need provider is disallowed.
"""
try:
if (
kwargs["record"]["custom_fields"]["single_ip"]
and not self.check_permission()
):
return [any_user]
except KeyError:
return []
else:
return []
def query_filter(self, *_: dict, **__: dict) -> Any: # noqa: ANN401
"""Filter for singleip records."""
if not self.check_permission():
# If user ip is not on the list, and If the record contains 'singleip' will not be seen
return ~dsl.Q("match", **{"custom_fields.single_ip": True})
# Lists all records
return dsl.Q("match_all")
def check_permission(self) -> bool:
"""Check for User IP address in config variable.
If the user ip is in the configured list return True.
"""
try:
user_ip = request.remote_addr
except RuntimeError:
return False
single_ips = current_app.config["CONFIG_TUGRAZ_SINGLE_IPS"]
return user_ip in single_ips
class AllowedFromIPNetwork(Generator):
"""Allowed from ip range."""
def needs(self, record: dict | None = None, **__: dict) -> list[Need]:
"""Set of Needs granting permission. Enabling Needs."""
if record is None:
return []
# if the record doesn't have set the ip range allowance
if not record.get("custom_fields", {}).get("ip_network", False):
return [any_user]
# if the record has set the ip_range allowance and is in the range
if self.check_permission():
return [any_user]
# non of the above - return empty
return []
def excludes(self, **kwargs: dict) -> Need:
"""Set of Needs denying permission. Preventing Needs.
If ANY of the Needs are matched, permission is revoked.
.. note::
``_load_permissions()`` method from `Permission
<https://invenio-access.readthedocs.io/en/latest/api.html
#invenio_access.permissions.Permission>`_ adds by default the
``superuser_access`` Need (if tied to a User or Role) for us.
It also expands ActionNeeds into the Users/Roles that
provide them.
If the same Need is returned by `needs` and `excludes`, then that
Need provider is disallowed.
"""
try:
if (
kwargs["record"]["custom_fields"]["ip_network"]
and not self.check_permission()
):
return [any_user]
except KeyError:
return []
else:
return []
def query_filter(self, *_: dict, **__: dict) -> Any: # noqa: ANN401
"""Filter for ip range records."""
if not self.check_permission():
return ~dsl.Q("match", **{"custom_fields.ip_network": True})
return dsl.Q("match_all")
def check_permission(self) -> bool:
"""Check for User IP address in the configured network."""
try:
user_ip = request.remote_addr
except RuntimeError:
return False
network = current_app.config["CONFIG_TUGRAZ_IP_NETWORK"]
try:
return ip_address(user_ip) in ip_network(network)
except ValueError:
return False
class TUGrazAuthenticatedUser(Generator):
"""Generates the `tugraz_authenticated_user` role-need."""
def needs(self, **__: dict) -> list[Need]:
"""Generate needs to be checked against current user identity."""
return [tugraz_authenticated_user]

253
invenio_config_tugraz/permissions/policies.py Normal file
View File

@@ -0,0 +1,253 @@
# -*- coding: utf-8 -*-
#
# Copyright (C) 2020-2024 Graz University of Technology.
#
# invenio-config-tugraz is free software; you can redistribute it and/or
# modify it under the terms of the MIT License; see LICENSE file for more
# details.
"""TU Graz permission-policy for RDMRecordService.
To use, set config-variable `RDM_PERMISSION_POLICY` to `TUGrazRDMRecordPermissionPolicy`.
Policies list **what actions** can be done **by whom**
over an implied category of objects (typically records). A Policy is
instantiated on a per action basis and is a descendant of `Permission
<https://invenio-access.readthedocs.io/en/latest/api.html
#invenio_access.permissions.Permission>`_ in
`invenio-access <https://invenio-access.readthedocs.io>`_ .
Generators are used to provide the "by whom" part and the implied category of
object.
Actions are class variables of the form: ``can_<action>`` and the
corresponding (dis-)allowed identities are a list of Generator instances.
One can define any action as long as it follows that pattern and
is verified at the moment it is undertaken.
"""
from invenio_administration.generators import Administration
from invenio_communities.generators import CommunityCurators
from invenio_rdm_records.services.generators import (
AccessGrant,
CommunityInclusionReviewers,
IfDeleted,
IfExternalDOIRecord,
IfFileIsLocal,
IfNewRecord,
IfRecordDeleted,
IfRestricted,
RecordCommunitiesAction,
RecordOwners,
ResourceAccessToken,
SecretLinks,
SubmissionReviewer,
)
from invenio_records_permissions.generators import (
AnyUser,
Disable,
IfConfig,
SystemProcess,
)
from invenio_records_permissions.policies.records import RecordPermissionPolicy
from invenio_users_resources.services.permissions import UserManager
from .generators import AllowedFromIPNetwork, RecordSingleIP, TUGrazAuthenticatedUser
class TUGrazRDMRecordPermissionPolicy(RecordPermissionPolicy):
"""Overwrite authenticatedness to mean `tugraz_authenticated` rather than *signed up*."""
NEED_LABEL_TO_ACTION = {
"bucket-update": "update_files",
"bucket-read": "read_files",
"object-read": "read_files",
}
#
# General permission-groups, to be used below
#
can_manage = [
RecordOwners(),
RecordCommunitiesAction("curate"),
AccessGrant("manage"),
SystemProcess(),
]
can_curate = can_manage + [AccessGrant("edit"), SecretLinks("edit")]
can_review = can_curate + [SubmissionReviewer()]
can_preview = can_curate + [
AccessGrant("preview"),
SecretLinks("preview"),
SubmissionReviewer(),
UserManager,
]
can_view = can_preview + [
AccessGrant("view"),
SecretLinks("view"),
SubmissionReviewer(),
CommunityInclusionReviewers(),
RecordCommunitiesAction("view"),
AllowedFromIPNetwork(),
RecordSingleIP(),
]
can_tugraz_authenticated = [TUGrazAuthenticatedUser(), SystemProcess()]
can_authenticated = can_tugraz_authenticated
can_all = [
AnyUser(),
SystemProcess(),
AllowedFromIPNetwork(),
RecordSingleIP(),
]
#
# Miscellaneous
#
# Allow for querying of statistics
# - This is currently disabled because it's not needed and could potentially
# open up surface for denial of service attacks
can_query_stats = [Disable()]
#
# Records - reading and creating
#
can_search = can_all
can_read = [IfRestricted("record", then_=can_view, else_=can_all)]
can_read_deleted = [
IfRecordDeleted(then_=[UserManager, SystemProcess()], else_=can_read),
]
can_read_deleted_files = can_read_deleted
can_media_read_deleted_files = can_read_deleted_files
can_read_files = [
IfRestricted("files", then_=can_view, else_=can_all),
ResourceAccessToken("read"),
]
can_get_content_files = [
IfFileIsLocal(then_=can_read_files, else_=[SystemProcess()]),
]
can_create = can_tugraz_authenticated
#
# Drafts
#
can_search_drafts = can_tugraz_authenticated
can_read_draft = can_preview
can_draft_read_files = can_preview + [ResourceAccessToken("read")]
can_update_draft = can_review
can_draft_create_files = can_review
can_draft_set_content_files = [
IfFileIsLocal(then_=can_review, else_=[SystemProcess()]),
]
can_draft_get_content_files = [
IfFileIsLocal(then_=can_draft_read_files, else_=[SystemProcess()]),
]
can_draft_commit_files = [IfFileIsLocal(then_=can_review, else_=[SystemProcess()])]
can_draft_update_files = can_review
can_draft_delete_files = can_review
can_manage_files = [
IfConfig(
"RDM_ALLOW_METADATA_ONLY_RECORDS",
then_=[IfNewRecord(then_=can_tugraz_authenticated, else_=can_review)],
else_=[],
),
]
can_manage_record_access = [
IfConfig(
"RDM_ALLOW_RESTRICTED_RECORDS",
then_=[IfNewRecord(then_=can_tugraz_authenticated, else_=can_review)],
else_=[],
),
]
#
# PIDs
#
can_pid_create = can_review
can_pid_register = can_review
can_pid_update = can_review
can_pid_discard = can_review
can_pid_delete = can_review
#
# Actions
#
can_edit = [IfDeleted(then_=[Disable()], else_=can_curate)]
can_delete_draft = can_curate
can_new_version = [
IfConfig(
"RDM_ALLOW_EXTERNAL_DOI_VERSIONING",
then_=can_curate,
else_=[IfExternalDOIRecord(then_=[Disable()], else_=can_curate)],
),
]
can_publish = can_review
can_lift_embargo = can_manage
#
# Record communities
#
can_add_community = can_manage
can_remove_community = [RecordOwners(), CommunityCurators(), SystemProcess()]
can_remove_record = [CommunityCurators()]
can_bulk_add = [SystemProcess()]
#
# Media files - draft
#
can_draft_media_create_files = can_review
can_draft_media_read_files = can_review
can_draft_media_set_content_files = [
IfFileIsLocal(then_=can_review, else_=[SystemProcess()]),
]
can_draft_media_get_content_files = [
IfFileIsLocal(then_=can_preview, else_=[SystemProcess()]),
]
can_draft_media_commit_files = [
IfFileIsLocal(then_=can_preview, else_=[SystemProcess()]),
]
can_draft_media_delete_files = can_review
can_draft_media_update_files = can_review
#
# Media files - record
#
can_media_read_files = [
IfRestricted("record", then_=can_view, else_=can_all),
ResourceAccessToken("read"),
]
can_media_get_content_files = [
IfFileIsLocal(then_=can_read, else_=[SystemProcess()]),
]
can_media_create_files = [Disable()]
can_media_set_content_files = [Disable()]
can_media_commit_files = [Disable()]
can_media_update_files = [Disable()]
can_media_delete_files = [Disable()]
#
# Record deletetion
#
can_delete = [Administration(), SystemProcess()]
can_delete_files = [SystemProcess()]
can_purge = [SystemProcess()]
#
# Quotas for records/users
#
can_manage_quota = [UserManager, SystemProcess()]
#
# Disabled
#
# - Records/files are updated/deleted via drafts so we don't support
# using below actions.
can_update = [Disable()]
can_create_files = [Disable()]
can_set_content_files = [Disable()]
can_commit_files = [Disable()]
can_update_files = [Disable()]
# Used to hide at the moment the `parent.is_verified` field. It should be set to
# correct permissions based on which the field will be exposed only to moderators
can_moderate = [Disable()]

21
invenio_config_tugraz/permissions/roles.py Normal file
View File

@@ -0,0 +1,21 @@
# -*- coding: utf-8 -*-
#
# Copyright (C) 2024 Graz University of Technology.
#
# invenio-config-tugraz is free software; you can redistribute it and/or
# modify it under the terms of the MIT License; see LICENSE file for more
# details.
"""`RoleNeed`s for permission policies.
To use these roles, add them to the database via:
`$ invenio roles create tugraz_authenticated --description "..."`
then add roles to users via:
`$ invenio roles add user@email.com tugraz_authenticated`
"""
from flask_principal import RoleNeed
# using `flask_principal.RoleNeed`` instead of `invenio_access.SystemRoleNeed`,
# because these roles are assigned by an admin rather than automatically by the system
tugraz_authenticated_user = RoleNeed("tugraz_authenticated")

6
invenio_config_tugraz/restrictions/access_right/access_right.csv Normal file
View File

@@ -0,0 +1,6 @@
access_right,access_right_name,icon,notes
open, Open Access, lock open
embargoed, Embargoed, ban
restricted, Restricted, key
closed, Private, lock
singleip, Single Ip, lock
1 access_right,access_right_name,icon,notes
2 open, Open Access, lock open
3 embargoed, Embargoed, ban
4 restricted, Restricted, key
5 closed, Private, lock
6 singleip, Single Ip, lock

2
invenio_config_tugraz/restrictions/access_right/access_right_limit.csv Normal file
View File

@@ -0,0 +1,2 @@
access_right,access_right_name,icon,notes
open, Open Access, lock open
1 access_right,access_right_name,icon,notes
2 open, Open Access, lock open

1
invenio_config_tugraz/saml/idp/cert/sp.crt
View File

@@ -1 +0,0 @@
MIICjjCCAfegAwIBAgIBADANBgkqhkiG9w0BAQ0FADBkMQswCQYDVQQGEwJhdDENMAsGA1UECAwER3JhejEPMA0GA1UECgwGVFVHUkFaMRAwDgYDVQQDDAdpbnZlbmlvMSMwIQYJKoZIhvcNAQkBFhRtb2ppYi53YWxpQHR1Z3Jhei5hdDAeFw0yMDAxMTAyMDIwMTlaFw0yMTAxMDkyMDIwMTlaMGQxCzAJBgNVBAYTAmF0MQ0wCwYDVQQIDARHcmF6MQ8wDQYDVQQKDAZUVUdSQVoxEDAOBgNVBAMMB2ludmVuaW8xIzAhBgkqhkiG9w0BCQEWFG1vamliLndhbGlAdHVncmF6LmF0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5ZrPhRhyDyLTe93rpgqN9MMfnCsg+2QBW4EOuQnMXJzF1dqrFEsexot1FRW83IjqbY+680PmGABQtxUpS4Kinr/pLYbPhQ2WPQRad7mtOn/dD40VVwfG0GfcLrnKe5F4QLfNjervjl8jH/AKPCYwwfSeuw1LNoRjy1uDwkp9cRQIDAQABo1AwTjAdBgNVHQ4EFgQUPv2+wS1RuagCOed7w1FzouBmpP4wHwYDVR0jBBgwFoAUPv2+wS1RuagCOed7w1FzouBmpP4wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQ0FAAOBgQA4qvU7gbgE/MoljUW68qMPs8z8Q2Ngttp6F1KOMNO9rgrYWAJh4u6BMt11mlBgBlLLJzG67wXpBr0l78IcOXun4w955te0VRp7aZ0b1uOPt0aUoDOXuBAhZURLZfbsogpWiE6bdB8N0nHTwk2WG2PPIC5Z99UdDivcP5ZeSPAkUw==

1
invenio_config_tugraz/saml/idp/cert/sp.key
View File

@@ -1 +0,0 @@
MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIHxNp8P2PsV8CAggAMBQGCCqGSIb3DQMHBAjOyik6fsEC3gSCAoC4tFsYAl4GexyXESiRKpOQzHQNFtQtwDEevT1IKgsafSNjOMJZLKrnoejNoxEQUPPPXgGEd83Fmp2cSHm+YVksH06zcsA+RKf5ab6t0bsgcyljGzkHEDQtMRPcaXNlVMbU9VEDOX26MgmlU/pd+GGfE99IbEFc6qN1e7qOnmKSw93Q3o05ubO3wEI76JhOioGGXB3pEn8f4XLDwck0thzYD6H2vdF+kyIdM8w1BgyLdeP0aDkfG1V3rLGhE8246rwVUzRSZv6BCNBZFk7YO1d7j0+BDxnbHFS631zdCgMcd/XS8u6acc3IYr/bQLH4a1y0X3Z+8ks8arEgUtXqYx9wMlp5lajlsr9JDIU5OnuZ2XY+4sqDQsTZPjBpxK8oMjvJNNatnTf+18htkTdovpInlP7xpEjp1L7H74iKY25UsAZ9e+gqHZwILnk418mQ1E4JYU6JRUZspJSFfqwn9FL6DnvhzPIhtzwhr3eL4f4RXWxxe2xCzvWg+GaWuMfZdj77SV4pMOi7vb3HlYY6luShVlYKdSaw+jf6XVy4ZMTWT5wcE1mc3tAJqF18Mi8amOetpZhz16ISOKnO0rKrfmxteNPQn2AB8QquGGn050PTW4m8zFXDBiyg2xvcRLAW/8ych3k+pkEZi4tVCkLcHM56J/XUEKMCxiSok+vbzxfVf1D2vYFFS7Lw1nP5RnLKFdn8XdHQ+lu2diod18wYBQP4eoU+XjjP2zjlpULiWHt7PpCERqGg7H2Z2amIL5rTeqQuyXczw1/xG/VBNn9qe3DXFodvoV6OZb3efNT/eJgOyaPLi2FmB7Kpdp4JIdJgLnaBCwNBXkpGSwb732O/cug8

22
invenio_config_tugraz/saml/idp/idp.json
View File

@@ -1,22 +0,0 @@
{
"strict": true,
"debug": true,
"idp": {
"entityId": "https://sso.tugraz.at/idp/shibboleth",
"singleLogoutService": {
"binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect",
"url": "https://sso.tugraz.at/slo/Logout"
},
"singleSignOnService": {
"binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect",
"url": "https://sso.tugraz.at/idp/profile/SAML2/Redirect/SSO"
},
"x509cert": "MIIDHzCCAgegAwIBAgIUG6ra0BvXswfyErcCDmzw3AV+uI0wDQYJKoZIhvcNAQEFBQAwGDEWMBQGA1UEAxMNc3NvLnR1Z3Jhei5hdDAeFw0xMDAzMjkxNzEzMTZaFw0zMDAzMjkxODEzMTZaMBgxFjAUBgNVBAMTDXNzby50dWdyYXouYXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCEyQxHIM1zxbBnXn60Ksg7B7HcPLPcN7bXLrLPOFXtkZxm0YkHY5Rxignm7wHD7C81U09DFS2eT8qRCcVtVz+kuwdgS54fC/alg9oLxXk4CgKjhtZZ2ECLdTHfUXOA5uOLlpoN1LY6VpIjSYe3UEX3HxfhXx/fPeE8VInGCKnml8Too22G30htB/EU44A2yqrR3LUngJIaq //N0QbeMYitNh02o6xB5+bp6k6noM7DH6S9phe0kCEibaiLaCf7k9LpNnAz9bPtQVth0gdJqoUry/iK1QBTFTEXvvJynFEp0+5Wz/XFmEcFhsaK8OcHd0R9FfpX5Z2fewA2Q0SLKz+bAgMBAAGjYTBfMD4GA1UdEQQ3MDWCDXNzby50dWdyYXouYXSGJGh0dHBzOi8vc3NvLnR1Z3Jhei5hdC9pZHAvc2hpYmJvbGV0aDAdBgNVHQ4EFgQUXd76PcSiXR6wFna5qQi+S0W/9Y0wDQYJKoZIhvcNAQEFBQADggEBACgkQqxBtYY1OcuoAUP/P+ukJW7XyofK89qs2dkGClx7s0hR/1zImWgljgfguLJOSfC/CWE1wfNK9bTi4Fu9809PmOoaCxkNmniFRAyaOiBoUz5XIpJniW7wBo+YBpBlXZXi5PmU2DOsfZxo7fs4se32dHO1WqgJodqkK2Wa4HDiigh42trZ9i3uS73uHSSCeIJYQNj84BMJ+ifgj3Zi/TgLS+IX7Ayy2bkDzIzIRnj7ULQ/MgfacGXQXJPHyp+w+YvydQalPAWc43+5DkNacN34K8cE3XjHq1kx/BgYOtQ7M2Xa1oApLzPoHO4D2kaf6FCgGR8Mx7GVAz0aQVxfB8I="
}
}

26
invenio_config_tugraz/saml/idp/idp.xml
View File

@@ -1,26 +0,0 @@
<?xml version="1.0"?>
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="https://sso.tugraz.at/idp/shibboleth">
<md:IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<md:KeyDescriptor use="signing">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>MIIDHzCCAgegAwIBAgIUG6ra0BvXswfyErcCDmzw3AV+uI0wDQYJKoZIhvcNAQEFBQAwGDEWMBQGA1UEAxMNc3NvLnR1Z3Jhei5hdDAeFw0xMDAzMjkxNzEzMTZaFw0zMDAzMjkxODEzMTZaMBgxFjAUBgNVBAMTDXNzby50dWdyYXouYXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCEyQxHIM1zxbBnXn60Ksg7B7HcPLPcN7bXLrLPOFXtkZxm0YkHY5Rxignm7wHD7C81U09DFS2eT8qRCcVtVz+kuwdgS54fC/alg9oLxXk4CgKjhtZZ2ECLdTHfUXOA5uOLlpoN1LY6VpIjSYe3UEX3HxfhXx/fPeE8VInGCKnml8Too22G30htB/EU44A2yqrR3LUngJIaq//N0QbeMYitNh02o6xB5+bp6k6noM7DH6S9phe0kCEibaiLaCf7k9LpNnAz9bPtQVth0gdJqoUry/iK1QBTFTEXvvJynFEp0+5Wz/XFmEcFhsaK8OcHd0R9FfpX5Z2fewA2Q0SLKz+bAgMBAAGjYTBfMD4GA1UdEQQ3MDWCDXNzby50dWdyYXouYXSGJGh0dHBzOi8vc3NvLnR1Z3Jhei5hdC9pZHAvc2hpYmJvbGV0aDAdBgNVHQ4EFgQUXd76PcSiXR6wFna5qQi+S0W/9Y0wDQYJKoZIhvcNAQEFBQADggEBACgkQqxBtYY1OcuoAUP/P+ukJW7XyofK89qs2dkGClx7s0hR/1zImWgljgfguLJOSfC/CWE1wfNK9bTi4Fu9809PmOoaCxkNmniFRAyaOiBoUz5XIpJniW7wBo+YBpBlXZXi5PmU2DOsfZxo7fs4se32dHO1WqgJodqkK2Wa4HDiigh42trZ9i3uS73uHSSCeIJYQNj84BMJ+ifgj3Zi/TgLS+IX7Ayy2bkDzIzIRnj7ULQ/MgfacGXQXJPHyp+w+YvydQalPAWc43+5DkNacN34K8cE3XjHq1kx/BgYOtQ7M2Xa1oApLzPoHO4D2kaf6FCgGR8Mx7GVAz0aQVxfB8I=</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</md:KeyDescriptor>
<md:KeyDescriptor use="encryption">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIHxNp8P2PsV8CAggAMBQGCCqGSIb3DQMHBAjOyik6fsEC3gSCAoC4tFsYAl4GexyXESiRKpOQzHQNFtQtwDEevT1IKgsafSNjOMJZLKrnoejNoxEQUPPPXgGEd83Fmp2cSHm+YVksH06zcsA+RKf5ab6t0bsgcyljGzkHEDQtMRPcaXNlVMbU9VEDOX26MgmlU/pd+GGfE99IbEFc6qN1e7qOnmKSw93Q3o05ubO3wEI76JhOioGGXB3pEn8f4XLDwck0thzYD6H2vdF+kyIdM8w1BgyLdeP0aDkfG1V3rLGhE8246rwVUzRSZv6BCNBZFk7YO1d7j0+BDxnbHFS631zdCgMcd/XS8u6acc3IYr/bQLH4a1y0X3Z+8ks8arEgUtXqYx9wMlp5lajlsr9JDIU5OnuZ2XY+4sqDQsTZPjBpxK8oMjvJNNatnTf+18htkTdovpInlP7xpEjp1L7H74iKY25UsAZ9e+gqHZwILnk418mQ1E4JYU6JRUZspJSFfqwn9FL6DnvhzPIhtzwhr3eL4f4RXWxxe2xCzvWg+GaWuMfZdj77SV4pMOi7vb3HlYY6luShVlYKdSaw+jf6XVy4ZMTWT5wcE1mc3tAJqF18Mi8amOetpZhz16ISOKnO0rKrfmxteNPQn2AB8QquGGn050PTW4m8zFXDBiyg2xvcRLAW/8ych3k+pkEZi4tVCkLcHM56J/XUEKMCxiSok+vbzxfVf1D2vYFFS7Lw1nP5RnLKFdn8XdHQ+lu2diod18wYBQP4eoU+XjjP2zjlpULiWHt7PpCERqGg7H2Z2amIL5rTeqQuyXczw1/xG/VBNn9qe3DXFodvoV6OZb3efNT/eJgOyaPLi2FmB7Kpdp4JIdJgLnaBCwNBXkpGSwb732O/cug8</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</md:KeyDescriptor>
<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://sso.tugraz.at/slo/Logout"/>
<md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat>
<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://sso.tugraz.at/idp/profile/SAML2/Redirect/SSO"/>
</md:IDPSSODescriptor>
<md:ContactPerson contactType="technical">
<md:GivenName>Administrator</md:GivenName>
<md:EmailAddress>admin@example.org</md:EmailAddress>
</md:ContactPerson>
</md:EntityDescriptor>

1
invenio_config_tugraz/saml/onelogin/cert/sp.crt
View File

@@ -1 +0,0 @@
MIICjjCCAfegAwIBAgIBADANBgkqhkiG9w0BAQ0FADBkMQswCQYDVQQGEwJhdDENMAsGA1UECAwER3JhejEPMA0GA1UECgwGVFVHUkFaMRAwDgYDVQQDDAdpbnZlbmlvMSMwIQYJKoZIhvcNAQkBFhRtb2ppYi53YWxpQHR1Z3Jhei5hdDAeFw0yMDAxMTAyMDIwMTlaFw0yMTAxMDkyMDIwMTlaMGQxCzAJBgNVBAYTAmF0MQ0wCwYDVQQIDARHcmF6MQ8wDQYDVQQKDAZUVUdSQVoxEDAOBgNVBAMMB2ludmVuaW8xIzAhBgkqhkiG9w0BCQEWFG1vamliLndhbGlAdHVncmF6LmF0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5ZrPhRhyDyLTe93rpgqN9MMfnCsg+2QBW4EOuQnMXJzF1dqrFEsexot1FRW83IjqbY+680PmGABQtxUpS4Kinr/pLYbPhQ2WPQRad7mtOn/dD40VVwfG0GfcLrnKe5F4QLfNjervjl8jH/AKPCYwwfSeuw1LNoRjy1uDwkp9cRQIDAQABo1AwTjAdBgNVHQ4EFgQUPv2+wS1RuagCOed7w1FzouBmpP4wHwYDVR0jBBgwFoAUPv2+wS1RuagCOed7w1FzouBmpP4wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQ0FAAOBgQA4qvU7gbgE/MoljUW68qMPs8z8Q2Ngttp6F1KOMNO9rgrYWAJh4u6BMt11mlBgBlLLJzG67wXpBr0l78IcOXun4w955te0VRp7aZ0b1uOPt0aUoDOXuBAhZURLZfbsogpWiE6bdB8N0nHTwk2WG2PPIC5Z99UdDivcP5ZeSPAkUw==

17
invenio_config_tugraz/saml/onelogin/cert/sp.key
View File

@@ -1,17 +0,0 @@
-----BEGIN RSA PRIVATE KEY-----
MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIHxNp8P2PsV8CAggA
MBQGCCqGSIb3DQMHBAjOyik6fsEC3gSCAoC4tFsYAl4GexyXESiRKpOQzHQNFtQt
wDEevT1IKgsafSNjOMJZLKrnoejNoxEQUPPPXgGEd83Fmp2cSHm+YVksH06zcsA+
RKf5ab6t0bsgcyljGzkHEDQtMRPcaXNlVMbU9VEDOX26MgmlU/pd+GGfE99IbEFc
6qN1e7qOnmKSw93Q3o05ubO3wEI76JhOioGGXB3pEn8f4XLDwck0thzYD6H2vdF+
kyIdM8w1BgyLdeP0aDkfG1V3rLGhE8246rwVUzRSZv6BCNBZFk7YO1d7j0+BDxnb
HFS631zdCgMcd/XS8u6acc3IYr/bQLH4a1y0X3Z+8ks8arEgUtXqYx9wMlp5lajl
sr9JDIU5OnuZ2XY+4sqDQsTZPjBpxK8oMjvJNNatnTf+18htkTdovpInlP7xpEjp
1L7H74iKY25UsAZ9e+gqHZwILnk418mQ1E4JYU6JRUZspJSFfqwn9FL6DnvhzPIh
tzwhr3eL4f4RXWxxe2xCzvWg+GaWuMfZdj77SV4pMOi7vb3HlYY6luShVlYKdSaw
+jf6XVy4ZMTWT5wcE1mc3tAJqF18Mi8amOetpZhz16ISOKnO0rKrfmxteNPQn2AB
8QquGGn050PTW4m8zFXDBiyg2xvcRLAW/8ych3k+pkEZi4tVCkLcHM56J/XUEKMC
xiSok+vbzxfVf1D2vYFFS7Lw1nP5RnLKFdn8XdHQ+lu2diod18wYBQP4eoU+XjjP
2zjlpULiWHt7PpCERqGg7H2Z2amIL5rTeqQuyXczw1/xG/VBNn9qe3DXFodvoV6O
Zb3efNT/eJgOyaPLi2FmB7Kpdp4JIdJgLnaBCwNBXkpGSwb732O/cug8
-----END RSA PRIVATE KEY-----

20
invenio_config_tugraz/saml/onelogin/onelogin.json
View File

@@ -1,20 +0,0 @@
{
"strict": true,
"debug": true,
"idp": {
"entityId": "https://app.onelogin.com/saml/metadata/01661574-91ed-4735-a3b9-f4ddebb2cbb8",
"singleLogoutService": {
"binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect",
"url": "https://tugraz-dev.onelogin.com/trust/saml2/http-redirect/slo/1070112"
},
"singleSignOnService": {
"binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect",
"url": "https://tugraz-dev.onelogin.com/trust/saml2/http-post/sso/01661574-91ed-4735-a3b9-f4ddebb2cbb8"
},
"x509cert": "MIID2DCCAsCgAwIBAgIUWRGl84DFd+GbLYt0BmwyI+FCKVIwDQYJKoZIhvcNAQEFBQAwRDEPMA0GA1UECgwGVFVHUkFaMRUwEwYDVQQLDAxPbmVMb2dpbiBJZFAxGjAYBgNVBAMMEU9uZUxvZ2luIEFjY291bnQgMB4XDTIwMDEyODEwNDI1M1oXDTI1MDEyODEwNDI1M1owRDEPMA0GA1UECgwGVFVHUkFaMRUwEwYDVQQLDAxPbmVMb2dpbiBJZFAxGjAYBgNVBAMMEU9uZUxvZ2luIEFjY291bnQgMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAve5a++I/VHC22fMk5v8GwCvdIyiziOwGjq0XXyjTg9TyhHJZbfDXa7S0NjK7dK4+d3iaB3MvCpnr+7H2J2Cohracgy2BQz9Z4BqsjDat016zkAPoID9R6osliqocw1jESnyL59OJWftAiA4rFmQs6v/b56vgre8EP6qKbykq6mWvepGyBbfjRsYbFoIDmnW8kJoZtLMDQfTBvEF2veHDt9EbsWP+hyedMYTWCfsbTHhFKNrhRKr3m3k+w6Zsca2zp3A8xiFv0fcl6PglEwEZz2Iwb0ySifaf4ZLDVjSekpCLf29doBJYUeE5TUP8oHfATOcWW+m5D3MXVcMUax+AFwIDAQABo4HBMIG+MAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFK4GHoSfnMQKb8RjP2HrGzJ4ICiDMH8GA1UdIwR4MHaAFK4GHoSfnMQKb8RjP2HrGzJ4ICiDoUikRjBEMQ8wDQYDVQQKDAZUVUdSQVoxFTATBgNVBAsMDE9uZUxvZ2luIElkUDEaMBgGA1UEAwwRT25lTG9naW4gQWNjb3VudCCCFFkRpfOAxXfhmy2LdAZsMiPhQilSMA4GA1UdDwEB/wQEAwIHgDANBgkqhkiG9w0BAQUFAAOCAQEAUg7UHFju0QA7ubcSLBuvEMUQL9jxtzDi0ndSi8qqtLJSjBalcfll0X/gI+sAMGMd0MW7P3abOVVfGBSlZN01KCPC2WHKRwzyO3sOCatkPrn2SYthQWHD/W7psyFgoDt5lQNijLyZdpvZbRIotxcWpoaTcBzaArd/0MNe1VaGlLK5GeqtbwL+dQD+O3mtSUfF918qeiOHEwI7nfPo7vjUyRT8Ov1loqP5+A0/R1CyL0Dh/tVdIkOHx6EjrIXsb/K6xXPknYZqPApPkZq514ZCEPhAILFU+5R/cQMZMZEacCdKuQ9XMkR8bqnh8xu620SCYiSVPXtVW4bpXKs0nJazBQ=="
}
}

26
invenio_config_tugraz/saml/onelogin/onelogin.xml
View File

@@ -1,26 +0,0 @@
<?xml version="1.0"?>
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="https://app.onelogin.com/saml/metadata/01661574-91ed-4735-a3b9-f4ddebb2cbb8">
<md:IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<md:KeyDescriptor use="signing">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>MIID2DCCAsCgAwIBAgIUWRGl84DFd+GbLYt0BmwyI+FCKVIwDQYJKoZIhvcNAQEFBQAwRDEPMA0GA1UECgwGVFVHUkFaMRUwEwYDVQQLDAxPbmVMb2dpbiBJZFAxGjAYBgNVBAMMEU9uZUxvZ2luIEFjY291bnQgMB4XDTIwMDEyODEwNDI1M1oXDTI1MDEyODEwNDI1M1owRDEPMA0GA1UECgwGVFVHUkFaMRUwEwYDVQQLDAxPbmVMb2dpbiBJZFAxGjAYBgNVBAMMEU9uZUxvZ2luIEFjY291bnQgMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAve5a++I/VHC22fMk5v8GwCvdIyiziOwGjq0XXyjTg9TyhHJZbfDXa7S0NjK7dK4+d3iaB3MvCpnr+7H2J2Cohracgy2BQz9Z4BqsjDat016zkAPoID9R6osliqocw1jESnyL59OJWftAiA4rFmQs6v/b56vgre8EP6qKbykq6mWvepGyBbfjRsYbFoIDmnW8kJoZtLMDQfTBvEF2veHDt9EbsWP+hyedMYTWCfsbTHhFKNrhRKr3m3k+w6Zsca2zp3A8xiFv0fcl6PglEwEZz2Iwb0ySifaf4ZLDVjSekpCLf29doBJYUeE5TUP8oHfATOcWW+m5D3MXVcMUax+AFwIDAQABo4HBMIG+MAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFK4GHoSfnMQKb8RjP2HrGzJ4ICiDMH8GA1UdIwR4MHaAFK4GHoSfnMQKb8RjP2HrGzJ4ICiDoUikRjBEMQ8wDQYDVQQKDAZUVUdSQVoxFTATBgNVBAsMDE9uZUxvZ2luIElkUDEaMBgGA1UEAwwRT25lTG9naW4gQWNjb3VudCCCFFkRpfOAxXfhmy2LdAZsMiPhQilSMA4GA1UdDwEB/wQEAwIHgDANBgkqhkiG9w0BAQUFAAOCAQEAUg7UHFju0QA7ubcSLBuvEMUQL9jxtzDi0ndSi8qqtLJSjBalcfll0X/gI+sAMGMd0MW7P3abOVVfGBSlZN01KCPC2WHKRwzyO3sOCatkPrn2SYthQWHD/W7psyFgoDt5lQNijLyZdpvZbRIotxcWpoaTcBzaArd/0MNe1VaGlLK5GeqtbwL+dQD+O3mtSUfF918qeiOHEwI7nfPo7vjUyRT8Ov1loqP5+A0/R1CyL0Dh/tVdIkOHx6EjrIXsb/K6xXPknYZqPApPkZq514ZCEPhAILFU+5R/cQMZMZEacCdKuQ9XMkR8bqnh8xu620SCYiSVPXtVW4bpXKs0nJazBQ==</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</md:KeyDescriptor>
<md:KeyDescriptor use="encryption">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIHxNp8P2PsV8CAggAMBQGCCqGSIb3DQMHBAjOyik6fsEC3gSCAoC4tFsYAl4GexyXESiRKpOQzHQNFtQtwDEevT1IKgsafSNjOMJZLKrnoejNoxEQUPPPXgGEd83Fmp2cSHm+YVksH06zcsA+RKf5ab6t0bsgcyljGzkHEDQtMRPcaXNlVMbU9VEDOX26MgmlU/pd+GGfE99IbEFc6qN1e7qOnmKSw93Q3o05ubO3wEI76JhOioGGXB3pEn8f4XLDwck0thzYD6H2vdF+kyIdM8w1BgyLdeP0aDkfG1V3rLGhE8246rwVUzRSZv6BCNBZFk7YO1d7j0+BDxnbHFS631zdCgMcd/XS8u6acc3IYr/bQLH4a1y0X3Z+8ks8arEgUtXqYx9wMlp5lajlsr9JDIU5OnuZ2XY+4sqDQsTZPjBpxK8oMjvJNNatnTf+18htkTdovpInlP7xpEjp1L7H74iKY25UsAZ9e+gqHZwILnk418mQ1E4JYU6JRUZspJSFfqwn9FL6DnvhzPIhtzwhr3eL4f4RXWxxe2xCzvWg+GaWuMfZdj77SV4pMOi7vb3HlYY6luShVlYKdSaw+jf6XVy4ZMTWT5wcE1mc3tAJqF18Mi8amOetpZhz16ISOKnO0rKrfmxteNPQn2AB8QquGGn050PTW4m8zFXDBiyg2xvcRLAW/8ych3k+pkEZi4tVCkLcHM56J/XUEKMCxiSok+vbzxfVf1D2vYFFS7Lw1nP5RnLKFdn8XdHQ+lu2diod18wYBQP4eoU+XjjP2zjlpULiWHt7PpCERqGg7H2Z2amIL5rTeqQuyXczw1/xG/VBNn9qe3DXFodvoV6OZb3efNT/eJgOyaPLi2FmB7Kpdp4JIdJgLnaBCwNBXkpGSwb732O/cug8</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</md:KeyDescriptor>
<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://tugraz-dev.onelogin.com/trust/saml2/http-redirect/slo/1070112"/>
<md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat>
<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://tugraz-dev.onelogin.com/trust/saml2/http-post/sso/01661574-91ed-4735-a3b9-f4ddebb2cbb8"/>
</md:IDPSSODescriptor>
<md:ContactPerson contactType="technical">
<md:GivenName>Administrator</md:GivenName>
<md:EmailAddress>admin@example.org</md:EmailAddress>
</md:ContactPerson>
</md:EntityDescriptor>

BIN
invenio_config_tugraz/static/documents/TUGraz_Repository_General_Data_Protection_Rights_de.pdf Normal file
View File

Binary file not shown.

BIN
invenio_config_tugraz/static/documents/TUGraz_Repository_General_Data_Protection_Rights_en.pdf Normal file
View File

Binary file not shown.

BIN
invenio_config_tugraz/static/documents/TUGraz_Repository_Guide_01_de.pdf Normal file
View File

Binary file not shown.

BIN
invenio_config_tugraz/static/documents/TUGraz_Repository_Guide_01_en.pdf Normal file
View File

Binary file not shown.

BIN
invenio_config_tugraz/static/documents/TUGraz_Repository_Guide_02.1_de.pdf Normal file
View File

Binary file not shown.

BIN
invenio_config_tugraz/static/documents/TUGraz_Repository_Guide_02.1_en.pdf Normal file
View File

Binary file not shown.

BIN
invenio_config_tugraz/static/documents/TUGraz_Repository_Guide_02_de.pdf Normal file
View File

Binary file not shown.

BIN
invenio_config_tugraz/static/documents/TUGraz_Repository_Guide_02_en.pdf Normal file
View File

Binary file not shown.

BIN
invenio_config_tugraz/static/documents/TUGraz_Repository_Terms_And_Conditions_de.pdf Normal file
View File

Binary file not shown.

BIN
invenio_config_tugraz/static/documents/TUGraz_Repository_Terms_And_Conditions_en.pdf Normal file
View File

Binary file not shown.

18
invenio_config_tugraz/templates/security/email/welcome.txt Normal file
View File

@@ -0,0 +1,18 @@
{{ _('Dear user,') }}
{{ _('Welcome to the Repository of TU Graz!') }}
{{ _('To help you get started, here are some useful links:') }}
- {{ _('Guidelines:')}} {{ _('Repository Guide')}} ({{ _('how to upload files')}}) ({{ config.SITE_UI_URL }}{{ url_for('invenio_config_tugraz.guide') }})
- {{ _('Search Guide')}} ({{ config.SITE_UI_URL }}{{url_for('invenio_app_rdm.help_search')}})
- {{ _('Terms And Conditions') }} ({{ config.SITE_UI_URL }}{{ url_for('invenio_config_tugraz.terms') }})
- {{ _('Data Protection Rights')}} ({{ config.SITE_UI_URL }}{{ url_for('invenio_config_tugraz.gdpr') }})
{% if security.confirmable %}
{{ _('You can confirm your email through the link below:') }}
{{ confirmation_link }}">
{% endif %}
{{ _('If you require any assistance please do not hesitate to contact us at repository-support@tugraz.at.') }}
{{ _('Best regards,') }}
{{ _('TU Graz Repository Team') }}

74
invenio_config_tugraz/translations/de/LC_MESSAGES/messages.po
View File

@@ -1,15 +1,15 @@
# German translations for invenio-config-tugraz.
# Copyright (C) 2020 Mojib Wali
# Copyright (C) 2021 Graz University of Technology
# This file is distributed under the same license as the
# invenio-config-tugraz project.
# FIRST AUTHOR <EMAIL@ADDRESS>, 2020.
# FIRST AUTHOR <EMAIL@ADDRESS>, 2021.
#
msgid ""
msgstr ""
"Project-Id-Version: invenio-config-tugraz 0.1.5\n"
"Project-Id-Version: invenio-config-tugraz 0.5.5\n"
"Report-Msgid-Bugs-To: mojib.wali@tugraz.at\n"
"POT-Creation-Date: 2020-10-06 09:28+0200\n"
"PO-Revision-Date: 2020-10-06 09:28+0200\n"
"POT-Creation-Date: 2021-04-27 15:30+0200\n"
"PO-Revision-Date: 2021-04-22 11:57+0200\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language: de\n"
"Language-Team: de <LL@li.org>\n"
@@ -17,9 +17,67 @@ msgstr ""
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=utf-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Generated-By: Babel 2.8.0\n"
"Generated-By: Babel 2.9.0\n"
#: invenio_config_tugraz/config.py:80
msgid "Welcome to RDM!"
#: invenio_config_tugraz/config.py:87
msgid "Welcome to TU Graz Repository!"
msgstr "Willkommen im TU Graz Repository!"
#: invenio_config_tugraz/templates/security/email/welcome.txt:1
msgid "Dear user,"
msgstr "Lieber Nutzer,"
#: invenio_config_tugraz/templates/security/email/welcome.txt:3
msgid "Welcome to the Repository of TU Graz!"
msgstr "Willkommen im TU Graz Repository!"
#: invenio_config_tugraz/templates/security/email/welcome.txt:5
msgid "To help you get started, here are some useful links:"
msgstr ""
"Um Ihnen den Einstieg zu erleichtern, finden Sie hier einige nützliche "
"Links:"
#: invenio_config_tugraz/templates/security/email/welcome.txt:7
msgid "Guidelines:"
msgstr "Leitfaden:"
#: invenio_config_tugraz/templates/security/email/welcome.txt:7
msgid "Repository Guide"
msgstr "Handbuch"
#: invenio_config_tugraz/templates/security/email/welcome.txt:7
msgid "how to upload files"
msgstr "wie man Dateien hochlädt"
#: invenio_config_tugraz/templates/security/email/welcome.txt:8
msgid "Search Guide"
msgstr "Suchanleitung"
#: invenio_config_tugraz/templates/security/email/welcome.txt:9
msgid "Terms And Conditions"
msgstr "Nutzungsbedingungen"
#: invenio_config_tugraz/templates/security/email/welcome.txt:10
msgid "Data Protection Rights"
msgstr "Datenschutzerklärung"
#: invenio_config_tugraz/templates/security/email/welcome.txt:13
msgid "You can confirm your email through the link below:"
msgstr "Sie können Ihre E-Mail über den folgenden Link bestätigen:"
#: invenio_config_tugraz/templates/security/email/welcome.txt:16
msgid ""
"If you require any assistance please do not hesitate to contact us at "
"repository-support@tugraz.at."
msgstr ""
"Wenn Sie Hilfe benötigen, zögern Sie bitte nicht, uns unter repository-"
"support@tugraz.at zu kontaktieren."
#: invenio_config_tugraz/templates/security/email/welcome.txt:18
msgid "Best regards,"
msgstr "Mit freundlichen Grüßen,"
#: invenio_config_tugraz/templates/security/email/welcome.txt:19
msgid "TU Graz Repository Team"
msgstr "TU Graz Repository Team"

68
invenio_config_tugraz/translations/messages.pot
View File

@@ -1,24 +1,78 @@
# Translations template for invenio-config-tugraz.
# Copyright (C) 2020 Mojib Wali
# Copyright (C) 2021 Graz University of Technology
# This file is distributed under the same license as the
# invenio-config-tugraz project.
# FIRST AUTHOR <EMAIL@ADDRESS>, 2020.
# FIRST AUTHOR <EMAIL@ADDRESS>, 2021.
#
#, fuzzy
msgid ""
msgstr ""
"Project-Id-Version: invenio-config-tugraz 0.1.5\n"
"Project-Id-Version: invenio-config-tugraz 0.5.5\n"
"Report-Msgid-Bugs-To: mojib.wali@tugraz.at\n"
"POT-Creation-Date: 2020-10-06 09:28+0200\n"
"POT-Creation-Date: 2021-04-27 15:30+0200\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=utf-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Generated-By: Babel 2.8.0\n"
"Generated-By: Babel 2.9.0\n"
#: invenio_config_tugraz/config.py:80
msgid "Welcome to RDM!"
#: invenio_config_tugraz/config.py:87
msgid "Welcome to TU Graz Repository!"
msgstr ""
#: invenio_config_tugraz/templates/security/email/welcome.txt:1
msgid "Dear user,"
msgstr ""
#: invenio_config_tugraz/templates/security/email/welcome.txt:3
msgid "Welcome to the Repository of TU Graz!"
msgstr ""
#: invenio_config_tugraz/templates/security/email/welcome.txt:5
msgid "To help you get started, here are some useful links:"
msgstr ""
#: invenio_config_tugraz/templates/security/email/welcome.txt:7
msgid "Guidelines:"
msgstr ""
#: invenio_config_tugraz/templates/security/email/welcome.txt:7
msgid "Repository Guide"
msgstr ""
#: invenio_config_tugraz/templates/security/email/welcome.txt:7
msgid "how to upload files"
msgstr ""
#: invenio_config_tugraz/templates/security/email/welcome.txt:8
msgid "Search Guide"
msgstr ""
#: invenio_config_tugraz/templates/security/email/welcome.txt:9
msgid "Terms And Conditions"
msgstr ""
#: invenio_config_tugraz/templates/security/email/welcome.txt:10
msgid "Data Protection Rights"
msgstr ""
#: invenio_config_tugraz/templates/security/email/welcome.txt:13
msgid "You can confirm your email through the link below:"
msgstr ""
#: invenio_config_tugraz/templates/security/email/welcome.txt:16
msgid ""
"If you require any assistance please do not hesitate to contact us at "
"repository-support@tugraz.at."
msgstr ""
#: invenio_config_tugraz/templates/security/email/welcome.txt:18
msgid "Best regards,"
msgstr ""
#: invenio_config_tugraz/templates/security/email/welcome.txt:19
msgid "TU Graz Repository Team"
msgstr ""

73
invenio_config_tugraz/utils.py Normal file
View File

@@ -0,0 +1,73 @@
# -*- coding: utf-8 -*-
#
# Copyright (C) 2022-2024 Graz University of Technology.
#
# invenio-config-tugraz is free software; you can redistribute it and/or
# modify it under the terms of the MIT License; see LICENSE file for more
# details.
"""Utils file."""
import warnings
from flask_principal import Identity
from invenio_access import any_user
from invenio_access.utils import get_identity
from invenio_accounts import current_accounts
def get_identity_from_user_by_email(email: str | None = None) -> Identity:
"""Get the user specified via email or ID."""
warnings.warn("deprecated", DeprecationWarning, stacklevel=2)
if email is None:
msg = "the email has to be set to get a identity"
raise ValueError(msg)
user = current_accounts.datastore.get_user(email)
if user is None:
msg = f"user with {email} not found"
raise LookupError(msg)
identity = get_identity(user)
# TODO: this is a temporary solution. this should be done with data from the db
identity.provides.add(any_user)
return identity
def tugraz_account_setup_extension(user, account_info) -> None: # noqa: ANN001, ARG001
"""Add tugraz_authenticated role to user after SAML-login was acknowledged.
To use, have `acs_handler_factory` call invenio_saml's `default_account_setup` first,
then this function second.
.. code-block:: python
# invenio.cfg
from invenio_saml.handlers import default_account_setup, acs_handler_factory
def tugraz_account_setup(user, account_info):
# links external `account_info` with our database's `user` for future logins
default_account_setup(user, account_info)
tugraz_account_setup_extension(user, account_info)
SSO_SAML_IDPS = {
"my-tugraz-idp": {
...
"acs_handler": acs_handler_factory(
"my-tugraz-idp", account_setup=tugraz_account_setup
)
}
}
For this to work, the role tugraz_authenticated must have been created
(e.g. via `invenio roles create tugraz_authenticated`).
"""
user_email = account_info["user"]["email"]
# NOTE: `datastore.commit`ing will be done by acs_handler that calls this func
# NOTE: this is a No-Op when user_email already has role tugraz_authenticated
current_accounts.datastore.add_role_to_user(user_email, "tugraz_authenticated")

15
invenio_config_tugraz/version.py
View File

@@ -1,15 +0,0 @@
# -*- coding: utf-8 -*-
#
# Copyright (C) 2020 Mojib Wali.
#
# invenio-config-tugraz is free software; you can redistribute it and/or
# modify it under the terms of the MIT License; see LICENSE file for more
# details.
"""Version information for invenio-config-tugraz.
This file is imported by ``invenio_config_tugraz.__init__``,
and parsed by ``setup.py``.
"""
__version__ = '0.2.1'

67
invenio_config_tugraz/views.py Normal file
View File

@@ -0,0 +1,67 @@
# -*- coding: utf-8 -*-
#
# Copyright (C) 2020-2024 Graz University of Technology.
#
# invenio-config-tugraz is free software; you can redistribute it and/or
# modify it under the terms of the MIT License; see LICENSE file for more
# details.
"""invenio module for TUGRAZ config."""
from flask import Blueprint, Flask, redirect, url_for
from invenio_i18n import get_locale
from werkzeug.wrappers import Response as BaseResponse
def ui_blueprint(app: Flask) -> Blueprint:
"""Blueprint for the routes and resources provided by invenio-config-tugraz."""
routes = app.config.get("CONFIG_TUGRAZ_ROUTES")
blueprint = Blueprint(
"invenio_config_tugraz",
__name__,
template_folder="templates",
static_folder="static",
)
blueprint.add_url_rule(routes["guide"], view_func=guide)
blueprint.add_url_rule(routes["terms"], view_func=terms)
blueprint.add_url_rule(routes["gdpr"], view_func=gdpr)
return blueprint
def guide() -> BaseResponse:
"""TUGraz_Repository_Guide."""
locale = get_locale()
return redirect(
url_for(
"static",
filename=f"documents/TUGraz_Repository_Guide_02.1_{locale}.pdf",
_external=True,
),
)
def terms() -> BaseResponse:
"""Terms_And_Conditions."""
locale = get_locale()
return redirect(
url_for(
"static",
filename=f"documents/TUGraz_Repository_Terms_And_Conditions_{locale}.pdf",
_external=True,
),
)
def gdpr() -> BaseResponse:
"""General_Data_Protection_Rights."""
locale = get_locale()
return redirect(
url_for(
"static",
filename=f"documents/TUGraz_Repository_General_Data_Protection_Rights_{locale}.pdf",
_external=True,
),
)

22
pyproject.toml Normal file
View File

@@ -0,0 +1,22 @@
[build-system]
requires = ["setuptools", "wheel", "babel>2.8"]
build-backend = "setuptools.build_meta"
[tool.ruff]
exclude = ["docs"]
[tool.ruff.lint]
select = ["ALL"]
ignore = [
"ANN101", "ANN102",
"D203", "D211", "D212", "D213",
"E501",
"ERA001",
"FA102",
"FIX002",
"INP001",
"RUF005", "RUF012",
"S101",
"TD002", "TD003",
"UP009",
]

12
pytest.ini
View File

@@ -1,12 +0,0 @@
# -*- coding: utf-8 -*-
#
# Copyright (C) 2020 Mojib Wali.
#
# invenio-config-tugraz is free software; you can redistribute it and/or
# modify it under the terms of the MIT License; see LICENSE file for more
# details.
[pytest]
addopts = --isort --pydocstyle --pycodestyle --doctest-glob="*.rst" --doctest-modules --cov=invenio_config_tugraz --cov-report=term-missing
testpaths = tests invenio_config_tugraz
live_server_scope = module

13
requirements-devel.txt
View File

@@ -1,13 +0,0 @@
# -*- coding: utf-8 -*-
#
# Copyright (C) 2020 Mojib Wali.
#
# invenio-config-tugraz is free software; you can redistribute it and/or
# modify it under the terms of the MIT License; see LICENSE file for more
# details.
#
# TODO: Add development versions of some important dependencies here to get a
# warning when there are breaking upstream changes, e.g.:
#
# -e git+git://github.com/mitsuhiko/werkzeug.git#egg=Werkzeug
# -e git+git://github.com/mitsuhiko/jinja2.git#egg=Jinja2

24
run-tests.sh
View File

@@ -1,17 +1,23 @@
#!/usr/bin/env sh
#!/usr/bin/env bash
# -*- coding: utf-8 -*-
#
# Copyright (C) 2020 Mojib Wali.
# Copyright (C) 2019-2020 CERN.
# Copyright (C) 2019-2020 Northwestern University.
# Copyright (C) 2020-2024 Graz University of Technology.
#
# invenio-config-tugraz is free software; you can redistribute it and/or
# modify it under the terms of the MIT License; see LICENSE file for more
# details.
docker-services-cli up postgresql es redis
python -m check_manifest --ignore ".travis-*" && \
python -m sphinx.cmd.build -qnNW docs docs/_build/html && \
docker-services-cli up es postgresql redis
# Quit on errors
set -o errexit
# Quit on unbound symbols
set -o nounset
ruff check .
python -m check_manifest
python -m sphinx.cmd.build -qnN docs docs/_build/html
python -m pytest
tests_exit_code=$?
docker-services-cli down
exit "$tests_exit_code"

71
setup.cfg
View File

@@ -1,11 +1,64 @@
# -*- coding: utf-8 -*-
#
# Copyright (C) 2020 Mojib Wali.
# Copyright (C) 2020-2024 Graz University of Technology.
#
# invenio-config-tugraz is free software; you can redistribute it and/or
# modify it under the terms of the MIT License; see LICENSE file for more
# details.
[metadata]
name = invenio-config-tugraz
version = attr: invenio_config_tugraz.__version__
description = "Invenio module that adds tugraz configs."
long_description = file: README.rst, CHANGES.rst
keywords = invenio config TU-Graz
license = MIT
author = "Graz University of Technology"
author_email = info@tugraz.at
platforms = any
url = https://github.com/tu-graz-library/invenio-config-tugraz
classifiers =
Environment :: Web Environment
Intended Audience :: Developers
License :: OSI Approved :: MIT License
Operating System :: OS Independent
Programming Language :: Python
Topic :: Internet :: WWW/HTTP :: Dynamic Content
Topic :: Software Development :: Libraries :: Python Modules
Programming Language :: Python :: 3.12
Development Status :: 3 - Alpha
[options]
include_package_data = True
packages = find:
python_requires = >=3.12
zip_safe = False
install_requires =
invenio-cache>=1.1.1
invenio-i18n>=2.0.0
invenio-rdm-records>=4.0.0
[options.extras_require]
tests =
invenio-app>=1.5.0
invenio-search[opensearch2]>=2.1.0,<3.0.0
pytest-black-ng>=0.4.0
pytest-invenio>=2.1.0,<3.0.0
ruff>=0.5.3
Sphinx>=4.5.0
[options.entry_points]
invenio_base.apps =
invenio_config_tugraz = invenio_config_tugraz:InvenioConfigTugraz
invenio_base.blueprints =
invenio_config_tugraz = invenio_config_tugraz.views:ui_blueprint
invenio_i18n.translations =
messages = invenio_config_tugraz
invenio_config.module =
invenio_config_tugraz = invenio_config_tugraz.config
invenio_base.finalize_app =
invenio_config_tugraz = invenio_config_tugraz.ext:finalize_app
[aliases]
test = pytest
@@ -17,14 +70,11 @@ all_files = 1
[bdist_wheel]
universal = 1
[pydocstyle]
add_ignore = D401
[compile_catalog]
directory = invenio_config_tugraz/translations/
[extract_messages]
copyright_holder = Mojib Wali
copyright_holder = Graz University of Technology
msgid_bugs_address = mojib.wali@tugraz.at
mapping-file = babel.ini
output-file = invenio_config_tugraz/translations/messages.pot
@@ -37,3 +87,14 @@ output-dir = invenio_config_tugraz/translations/
[update_catalog]
input-file = invenio_config_tugraz/translations/messages.pot
output-dir = invenio_config_tugraz/translations/
[isort]
profile=black
[check-manifest]
ignore = *-requirements.txt
[tool:pytest]
addopts = --black --cov=invenio_config_tugraz --cov-report=term-missing
testpaths = tests invenio_config_tugraz
live_server_scope = module

91
setup.py
View File

@@ -1,6 +1,6 @@
# -*- coding: utf-8 -*-
#
# Copyright (C) 2020 Mojib Wali.
# Copyright (C) 2020-2022 Graz University of Technology.
#
# invenio-config-tugraz is free software; you can redistribute it and/or
# modify it under the terms of the MIT License; see LICENSE file for more
@@ -8,91 +8,6 @@
"""invenio module that adds tugraz configs."""
import os
from setuptools import setup
from setuptools import find_packages, setup
readme = open('README.rst').read()
history = open('CHANGES.rst').read()
tests_require = [
'pytest-invenio>=1.4.0',
]
extras_require = {
'docs': [
'Sphinx>=1.5.1',
],
'tests': tests_require,
}
extras_require['all'] = []
for reqs in extras_require.values():
extras_require['all'].extend(reqs)
setup_requires = [
'Babel>=1.3',
'pytest-runner>=3.0.0,<5',
]
install_requires = [
'Flask-BabelEx>=0.9.4',
'elasticsearch_dsl>=7.2.1',
'invenio-rdm-records~=0.18.3',
'invenio_search>=1.3.1',
]
packages = find_packages()
# Get the version string. Cannot be done with import!
g = {}
with open(os.path.join('invenio_config_tugraz', 'version.py'), 'rt') as fp:
exec(fp.read(), g)
version = g['__version__']
setup(
name='invenio-config-tugraz',
version=version,
description=__doc__,
long_description=readme + '\n\n' + history,
keywords='invenio, config, Tu Graz',
license='MIT',
author='Mojib Wali',
author_email='mojib.wali@tugraz.at',
url='https://github.com/mb-wali/invenio-config-tugraz',
packages=packages,
zip_safe=False,
include_package_data=True,
platforms='any',
entry_points={
'invenio_base.apps': [
'invenio_config_tugraz = invenio_config_tugraz:invenioconfigtugraz',
],
'invenio_i18n.translations': [
'messages = invenio_config_tugraz',
],
'invenio_config.module': [
'invenio_config_tugraz = invenio_config_tugraz.config',
],
},
extras_require=extras_require,
install_requires=install_requires,
setup_requires=setup_requires,
tests_require=tests_require,
classifiers=[
'Environment :: Web Environment',
'Intended Audience :: Developers',
'License :: OSI Approved :: MIT License',
'Operating System :: OS Independent',
'Programming Language :: Python',
'Topic :: Internet :: WWW/HTTP :: Dynamic Content',
'Topic :: Software Development :: Libraries :: Python Modules',
'Programming Language :: Python :: 3',
'Programming Language :: Python :: 3.6',
'Programming Language :: Python :: 3.7',
'Programming Language :: Python :: 3.8',
'Development Status :: 3 - Alpha',
],
)
setup()

28
tests/conftest.py
View File

@@ -1,6 +1,7 @@
# -*- coding: utf-8 -*-
#
# Copyright (C) 2020 Mojib Wali.
# Copyright (C) 2020-2024 Graz University of Technology.
#
# invenio-config-tugraz is free software; you can redistribute it and/or
# modify it under the terms of the MIT License; see LICENSE file for more
@@ -12,32 +13,21 @@ See https://pytest-invenio.readthedocs.io/ for documentation on which test
fixtures are available.
"""
import shutil
import tempfile
import pytest
from flask import Flask
from flask_babelex import Babel
from invenio_config_tugraz import invenioconfigtugraz
from invenio_config_tugraz import InvenioConfigTugraz
@pytest.fixture(scope='module')
def celery_config():
"""Override pytest-invenio fixture.
TODO: Remove this fixture if you add Celery support.
"""
return {}
@pytest.fixture(scope='module')
def create_app(instance_path):
@pytest.fixture(scope="module")
def create_app(instance_path: str) -> Flask:
"""Application factory fixture."""
def factory(**config):
app = Flask('testapp', instance_path=instance_path)
def factory(**config: str) -> Flask:
app = Flask("testapp", instance_path=instance_path)
app.config.update(**config)
Babel(app)
invenioconfigtugraz(app)
InvenioConfigTugraz(app)
return app
return factory

17
tests/test_generators.py
View File

@@ -1,17 +0,0 @@
# -*- coding: utf-8 -*-
#
# Copyright (C) 2020 Mojib Wali.
#
# invenio-config-tugraz is free software; you can redistribute it and/or
# modify it under the terms of the MIT License; see LICENSE file for more
# details.
from invenio_config_tugraz.generators import RecordIp
def test_recordip():
generator = RecordIp()
assert generator.needs() == []
assert generator.excludes() == []
assert generator.query_filter().to_dict() == {'match_all': {}}

23
tests/test_invenio_config_tugraz.py
View File

@@ -1,6 +1,6 @@
# -*- coding: utf-8 -*-
#
# Copyright (C) 2020 Mojib Wali.
# Copyright (C) 2020-2024 Graz University of Technology.
#
# invenio-config-tugraz is free software; you can redistribute it and/or
# modify it under the terms of the MIT License; see LICENSE file for more
@@ -10,23 +10,24 @@
from flask import Flask
from invenio_config_tugraz import invenioconfigtugraz
from invenio_config_tugraz import InvenioConfigTugraz
def test_version():
def test_version() -> None:
"""Test version import."""
from invenio_config_tugraz import __version__
assert __version__
def test_init():
def test_init() -> None:
"""Test extension initialization."""
app = Flask('testapp')
ext = invenioconfigtugraz(app)
assert 'invenio-config-tugraz' in app.extensions
app = Flask("testapp")
ext = InvenioConfigTugraz(app)
assert "invenio-config-tugraz" in app.extensions
app = Flask('testapp')
ext = invenioconfigtugraz()
assert 'invenio-config-tugraz' not in app.extensions
app = Flask("testapp")
ext = InvenioConfigTugraz()
assert "invenio-config-tugraz" not in app.extensions
ext.init_app(app)
assert 'invenio-config-tugraz' in app.extensions
assert "invenio-config-tugraz" in app.extensions

88
tests/test_policies.py Normal file
View File

@@ -0,0 +1,88 @@
# -*- coding: utf-8 -*-
#
# Copyright (C) 2024 Graz University of Technology.
#
# invenio-config-tugraz is free software; you can redistribute it and/or
# modify it under the terms of the MIT License; see LICENSE file for more
# details.
"""Tests for permissions-policy."""
from invenio_rdm_records.services.permissions import RDMRecordPermissionPolicy
from invenio_config_tugraz.permissions.policies import TUGrazRDMRecordPermissionPolicy
ALLOWED_DIFFERENCES = {
"can_authenticated",
"can_create",
"can_search",
"can_view",
"can_all",
"can_search_drafts",
"can_tugraz_authenticated",
}
def test_policies_synced() -> None:
"""Make sure our permission-policy stays synced with invenio's."""
tugraz_cans = {
name: getattr(TUGrazRDMRecordPermissionPolicy, name)
for name in dir(TUGrazRDMRecordPermissionPolicy)
if name.startswith("can_")
}
rdm_cans = {
name: getattr(RDMRecordPermissionPolicy, name)
for name in dir(RDMRecordPermissionPolicy)
if name.startswith("can_")
}
# check whether same set of `can_<action>`s`
if extras := set(tugraz_cans) - set(rdm_cans) - ALLOWED_DIFFERENCES:
msg = f"""
TU Graz's permission-policy has additional fields over invenio-rdm's:{extras}
if this is intentional, add to ALLOWED_DIFFERENCES in test-file
otherwise remove extraneous fields from TUGrazRDMRecordPermissionPolicy
"""
raise KeyError(msg)
if missing := set(rdm_cans) - set(tugraz_cans):
msg = f"""
invenio-rdm's permission-policy has fields unhandled by TU Graz's: {missing}
if this is intentional, add to ALLOWED_DIFFERENCES
otherwise set the corresponding fields in TUGrazRDMRecordPermissionPolicy
"""
raise KeyError(msg)
# check whether same permission-generators used for same `can_<action>`
for can_name in rdm_cans.keys() & tugraz_cans.keys():
if can_name in ALLOWED_DIFFERENCES:
continue
tugraz_can = tugraz_cans[can_name]
rdm_can = rdm_cans[can_name]
# permission-Generators don't implement equality checks for their instances
# we can however compare which types (classes) of Generators are used...
if {type(gen) for gen in tugraz_can} != {type(gen) for gen in rdm_can}:
msg = f"""
permission-policy for `{can_name}` differs between TU-Graz and invenio-rdm
if this is intentional, add to ALLOWED_DIFFERENCES in test-file
otherwise fix TUGrazRDMRecordPermissionPolicy
"""
raise ValueError(msg)
# check whether same `NEED_LABEL_TO_ACTION`
tugraz_label_to_action = TUGrazRDMRecordPermissionPolicy.NEED_LABEL_TO_ACTION
rdm_label_to_action = RDMRecordPermissionPolicy.NEED_LABEL_TO_ACTION
for label in tugraz_label_to_action.keys() & rdm_label_to_action.keys():
if label in ALLOWED_DIFFERENCES:
continue
if tugraz_label_to_action.get(label) != rdm_label_to_action.get(label):
msg = f"""
invenio-rdm's NEED_LABEL_TO_ACTION differs from TU Graz's in {label}
if this is intentional, add to ALLOWED_DIFFERENCES in test-file
otherwise fix TUGrazRDMRecordPermissionPolicy.NEED_LABEL_TO_ACTION
"""
raise ValueError(msg)