v0.4.2

* vocab: remove override vocab
* global: disable user registration

.editorconfig

@@ -32,8 +32,8 @@ indent_size = 4
 [*.{css,html,js,json,yml}]
 indent_size = 2
 
-# Matches the exact files either package.json or .travis.yml
-[{package.json,.travis.yml}]
+# Matches the exact files either package.json or .github/workflows/*.yml
+[{package.json,.github/workflows/*.yml}]
 indent_size = 2
 
 # Dockerfile

.github/workflows/tests.yml

@@ -0,0 +1,54 @@
+name: CI
+
+on:
+  push:
+    branches: master
+  pull_request:
+    branches: master
+  schedule:
+    # * is a special character in YAML so you have to quote this string
+    - cron:  '0 3 * * 6'
+  workflow_dispatch:
+    inputs:
+      reason:
+        description: 'Reason'
+        required: false
+        default: 'Manual trigger'
+
+jobs:
+  Tests:
+    runs-on: ubuntu-20.04
+    strategy:
+      matrix:
+          python-version: [3.6, 3.7, 3.8]
+          requirements-level: [min, pypi]
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+
+      - name: Set up Python ${{ matrix.python-version }}
+        uses: actions/setup-python@v2
+        with:
+          python-version: ${{ matrix.python-version }}
+
+      - name: Generate dependencies
+        run: |
+          python -m pip install --upgrade pip setuptools py wheel requirements-builder
+          requirements-builder -e all --level=${{ matrix.requirements-level }} setup.py > .${{ matrix.requirements-level }}-${{ matrix.python-version }}-requirements.txt
+
+      - name: Cache pip
+        uses: actions/cache@v2
+        with:
+          path: ~/.cache/pip
+          key: ${{ runner.os }}-pip-${{ hashFiles('.${{ matrix.requirements-level }}-${{ matrix.python-version }}-requirements.txt') }}
+
+      - name: Install dependencies
+        run: |
+          pip install -r .${{matrix.requirements-level}}-${{ matrix.python-version }}-requirements.txt
+          pip install .[all]
+          pip freeze
+
+      - name: Run tests
+        run: |
+          ./run-tests.sh

.travis.yml

@@ -1,53 +0,0 @@
-# -*- coding: utf-8 -*-
-#
-# Copyright (C) 2020 Mojib Wali.
-#
-# invenio-config-tugraz is free software; you can redistribute it and/or
-# modify it under the terms of the MIT License; see LICENSE file for more
-# details.
-branches:
-  except:
-  - /^v\d+\.\d+(\.\d+)?(\S*)?$/
-
-notifications:
-  email: false
-
-sudo: false
-
-language: python
-
-matrix:
-  fast_finish: true
-  allow_failures:
-    # To allow failures, you need to specify the full environment
-    - env: REQUIREMENTS=devel
-
-cache:
-  - pip
-
-env:
-  - REQUIREMENTS=lowest
-  - REQUIREMENTS=release DEPLOY=true
-  - REQUIREMENTS=devel
-
-python:
-  - "3.6"
-  - "3.7"
-
-before_install:
-  - "nvm install 6; nvm use 6"
-  - "travis_retry pip install --upgrade pip setuptools py"
-  - "travis_retry pip install twine wheel coveralls requirements-builder"
-  - "requirements-builder -e all --level=min setup.py > .travis-lowest-requirements.txt"
-  - "requirements-builder -e all --level=pypi setup.py > .travis-release-requirements.txt"
-  - "requirements-builder -e all --level=dev --req requirements-devel.txt setup.py > .travis-devel-requirements.txt"
-
-install:
-  - "travis_retry pip install -r .travis-${REQUIREMENTS}-requirements.txt"
-  - "travis_retry pip install -e .[all]"
-
-script:
-  - "./run-tests.sh"
-
-after_success:
-  - coveralls

CONTRIBUTING.rst

@@ -10,7 +10,7 @@ Types of Contributions
 Report Bugs
 ~~~~~~~~~~~
 
-Report bugs at https://github.com/mb-wali/invenio-config-tugraz/issues.
+Report bugs at https://github.com/tu-graz-library/invenio-config-tugraz/issues.
 
 If you are reporting a bug, please include:
 
@@ -41,7 +41,7 @@ Submit Feedback
 ~~~~~~~~~~~~~~~
 
 The best way to send feedback is to file an issue at
-https://github.com/mb-wali/invenio-config-tugraz/issues.
+https://github.com/tu-graz-library/invenio-config-tugraz/issues.
 
 If you are proposing a feature:
 
@@ -113,6 +113,6 @@ Before you submit a pull request, check that it meets these guidelines:
 1. The pull request should include tests and must not decrease test coverage.
 2. If the pull request adds functionality, the docs should be updated. Put
    your new functionality into a function with a docstring.
-3. The pull request should work for Python 2.7, 3.5 and 3.6. Check
-   https://travis-ci.org/https://github.com/https://github.com/mb-/pull_requests
+3. The pull request should work for Python 3.6 and 3.7. Check
+   https://github.com/github/tu-graz-library/invenio-config-tugraz//actions?query=event%3Apull_request
    and make sure that the tests pass for all supported Python versions.

MANIFEST.in

@@ -43,3 +43,6 @@ recursive-include invenio_config_tugraz *.json
 recursive-include invenio_config_tugraz *.key
 recursive-include invenio_config_tugraz *.xml
 recursive-include invenio_config_tugraz *.gitkeep
+
+# added by check-manifest
+recursive-include invenio_config_tugraz *.csv

README.rst

@@ -9,8 +9,8 @@
  invenio-config-tugraz
 =======================
 
-.. image:: https://travis-ci.com/mb-wali/invenio-config-tugraz.svg
-        :target: https://travis-ci.com/github/mb-wali/invenio-config-tugraz
+.. image:: https://github.com/tu-graz-library/invenio-config-tugraz/workflows/CI/badge.svg
+        :target: https://github.com/tu-graz-library/invenio-config-tugraz/actions
 
 .. image:: https://img.shields.io/pypi/dm/invenio-config-tugraz.svg
         :target: https://pypi.python.org/pypi/invenio-config-tugraz
@@ -27,6 +27,9 @@
 .. image:: https://img.shields.io/coveralls/mb-wali/invenio-config-tugraz.svg
         :target: https://coveralls.io/r/mb-wali/invenio-config-tugraz
 
+.. image:: https://img.shields.io/badge/code%20style-black-000000.svg
+        :target: https://github.com/psf/black
+
 invenio module that adds tugraz configs.
 
 Override configs from diffrent invenio modules to meet TU Graz requirement:

docs/conf.py

@@ -120,13 +120,13 @@ html_theme = "alabaster"
 
 html_theme_options = {
     "description": "invenio module that adds tugraz configs.",
-    "github_user": "inveniosoftware",
+    "github_user": "TU Graz",
     "github_repo": "invenio-config-tugraz",
     "github_button": False,
     "github_banner": True,
     "show_powered_by": False,
     "extra_nav_links": {
-        "invenio-config-tugraz@GitHub": "https://github.com/mb-wali/invenio-config-tugraz",
+        "invenio-config-tugraz@GitHub": "https://github.com/tu-graz-library/invenio-config-tugraz",
         "invenio-config-tugraz@PyPI": "https://pypi.python.org/pypi/invenio-config-tugraz/",
     },
 }

invenio_config_tugraz/base_permissions.py

@@ -1,6 +1,6 @@
 # -*- coding: utf-8 -*-
 #
-# Copyright (C) 2020 Mojib Wali.
+# Copyright (C) 2020 Graz University of Technology.
 #
 # invenio-config-tugraz is free software; you can redistribute it and/or
 # modify it under the terms of the MIT License; see LICENSE file for more
@@ -46,7 +46,7 @@ Using Custom Generator for a policy:
     RECORDS_PERMISSIONS_RECORD_POLICY = TUGRAZPermissionPolicy
 
 
-Permissions for Invenio (RDM) Records.
+Permissions for Invenio records.
 """
 
 from invenio_records_permissions.generators import (

invenio_config_tugraz/config.py

@@ -1,6 +1,6 @@
 # -*- coding: utf-8 -*-
 #
-# Copyright (C) 2020 Mojib Wali.
+# Copyright (C) 2020 Graz University of Technology.
 #
 # invenio-config-tugraz is free software; you can redistribute it and/or
 # modify it under the terms of the MIT License; see LICENSE file for more
@@ -8,6 +8,8 @@
 
 """invenio module that adds tugraz configs."""
 
+from os.path import abspath, dirname, join
+
 from flask_babelex import gettext as _
 
 INVENIO_CONFIG_TUGRAZ_SHIBBOLETH = True
@@ -37,6 +39,7 @@ APP_ALLOWED_HOSTS = [
     "127.0.0.1",
     "invenio-dev01.tugraz.at",
     "invenio-test.tugraz.at",
+    "repository.tugraz.at"
 ]
 """Allowed Hosts"""
 
@@ -103,18 +106,24 @@ Set this to False when sending actual emails.
 # ]
 # REST_ENABLE_CORS = True
 
-
-# Invenio-shibboleth
+# Invenio-userprofiles
 # ===========
-# See https://invenio-shibboleth.readthedocs.io/en/latest/configuration.html
+# See https://invenio-userprofiles.readthedocs.io/en/latest/configuration.html
 
-USERPROFILES_EXTEND_SECURITY_FORMS = True
+USERPROFILES_EXTEND_SECURITY_FORMS = False
 """Set True in order to register user_profile.
 
 This also forces user to add username and fullname
 when register.
 """
 
+USERPROFILES_EMAIL_ENABLED = False
+"""Exclude the user email in the profile form."""
+
+# Invenio-shibboleth
+# ===========
+# See https://invenio-shibboleth.readthedocs.io/en/latest/configuration.html
+
 SSO_SAML_IDPS = {}
 """Configuration of IDPS. Actual values can be find in to invenio.cfg file"""
 
@@ -147,7 +156,7 @@ SECURITY_CHANGEABLE = False
 SECURITY_RECOVERABLE = False
 """Allow password recovery by users."""
 
-SECURITY_REGISTERABLE = True
+SECURITY_REGISTERABLE = False
 """"Allow users to register.
 
 With this variable set to "False" users will not be
@@ -187,8 +196,28 @@ RECAPTCHA_PRIVATE_KEY = None
 # See:
 # https://invenio-records-permissions.readthedocs.io/en/latest/configuration.html
 #
-# Uncomment these to enable overriden
+# Uncomment these to enable overriding Base permissions - (NOT RECOMMANDED)
 # RECORDS_PERMISSIONS_RECORD_POLICY = (
-#    'invenio_config_tugraz.permissions.TUGRAZPermissionPolicy'
+#    'invenio_config_tugraz.base_permissions.TUGRAZPermissionPolicy'
+# )
+#
+# Uncomment these to enable overriding RDM permissions
+# RDM_RECORDS_BIBLIOGRAPHIC_SERVICE_CONFIG = (
+#     'invenio_config_tugraz.rdm_permissions.TUGRAZBibliographicRecordServiceConfig'
 # )
 """Access control configuration for records."""
+
+# invenio-rdm-records
+# =======
+# See:
+# https://invenio-rdm-records.readthedocs.io/en/latest/configuration.html
+#
+# Custom Access Right
+# RDM_RECORDS_CUSTOM_VOCABULARIES = {
+#     'access_right': {
+#         'path': join(
+#             dirname(abspath(__file__)),
+#             'restrictions', 'access_right', 'access_right_limit.csv'
+#         )
+#     }
+# }

invenio_config_tugraz/generators.py

@@ -153,27 +153,32 @@ The succinct encoding of the permissions for your instance gives you
 
 from elasticsearch_dsl.query import Q
 from flask import current_app, request
+from invenio_access.permissions import any_user, authenticated_user, superuser_access
 from invenio_records_permissions.generators import Generator
 
 
 class RecordIp(Generator):
     """Allowed any user with accessing with the IP."""
 
-    # TODO: Implement
-    def needs(self, **kwargs):
-        """Enabling Needs, Set of Needs granting permission.
+    def needs(self, record=None, **kwargs):
+        """Enabling Needs, Set of Needs granting permission."""
+        if record is None:
+            return []
 
-        If ANY of the Needs are matched, permission is granted.
+        # check if singleip is in the records restriction
+        is_single_ip = record.get("access", {}).get("access_right") == "singleip"
 
-        .. note::
+        # check if the user ip is on list
+        visible = self.check_permission()
 
-            ``_load_permissions()`` method from `Permission
-            <https://invenio-access.readthedocs.io/en/latest/api.html
-            #invenio_access.permissions.Permission>`_ adds by default the
-            ``superuser_access`` Need (if tied to a User or Role) for us.
-            It also expands ActionNeeds into the Users/Roles that
-            provide them.
-        """
+        if not is_single_ip:
+            # if record does not have singleip - return any_user
+            return [any_user]
+            # if record has singleip, then check the ip of user - if ip user is on list - return any_user
+        elif visible:
+            return [any_user]
+        else:
+            # non of the above - return empty
             return []
 
     def excludes(self, **kwargs):
@@ -196,19 +201,40 @@ class RecordIp(Generator):
         """
         return []
 
-    def query_filter(self, **kwargs):
-        """Elasticsearch filters, List of ElasticSearch query filters.
+    def query_filter(self, *args, **kwargs):
+        """Filters for singleip records."""
+        # check if the user ip is on list
+        visible = self.check_permission()
 
-        These filters consist of additive queries mapping to what the current
-        user should be able to retrieve via search.
-        """
+        if not visible:
+            # If user ip is not on the list, and If the record contains 'singleip' will not be seen
+            return ~Q("match", **{"access.access_right": "singleip"})
+
+        # Lists all records
         return Q("match_all")
 
     def check_permission(self):
         """Check for User IP address in config variable."""
         # Get user IP
-        user_ip = request.remote_addr  # pragma: no cover
+        user_ip = request.remote_addr
         # Checks if the user IP is among single IPs
-        if user_ip in current_app.config["INVENIO_CONFIG_TUGRAZ_SINGLE_IP"]:  # pragma: no cover
-            return True  # pragma: no cover
-        return False  # pragma: no cover
+        if user_ip in current_app.config["INVENIO_CONFIG_TUGRAZ_SINGLE_IP"]:
+            return True
+        return False
+
+
+class AuthenticatedUser(Generator):
+    """Allows authenticated users."""
+
+    def __init__(self):
+        """Constructor."""
+        super(AuthenticatedUser, self).__init__()
+
+    def needs(self, **kwargs):
+        """Enabling Needs."""
+        return [authenticated_user]
+
+    def query_filter(self, **kwargs):
+        """Filters for current identity as super user."""
+        # TODO: Implement with new permissions metadata
+        return []

invenio_config_tugraz/rdm_permissions.py

@@ -0,0 +1,111 @@
+# -*- coding: utf-8 -*-
+#
+# Copyright (C) 2020 Graz University of Technology.
+#
+# invenio-config-tugraz is free software; you can redistribute it and/or
+# modify it under the terms of the MIT License; see LICENSE file for more
+# details.
+
+"""
+Records permission policies.
+
+Default policies for records:
+
+.. code-block:: python
+
+    # Read access given to everyone.
+    can_search = [AnyUser()]
+    # Create action given to no one (Not even superusers) bc Deposits should
+    # be used.
+    can_create = [Disable()]
+    # Read access given to everyone if public record/files and owners always.
+    can_read = [AnyUserIfPublic(), RecordOwners()]
+    # Update access given to record owners.
+    can_update = [RecordOwners()]
+    # Delete access given to admins only.
+    can_delete = [Admin()]
+    # Associated files permissions (which are really bucket permissions)
+    can_read_files = [AnyUserIfPublic(), RecordOwners()]
+    can_update_files = [RecordOwners()]
+
+How to override default policies for rdm-records.
+
+Using Custom Generator for a policy:
+
+.. code-block:: python
+
+    from invenio_rdm_records.services import (
+    BibliographicRecordServiceConfig,
+    RDMRecordPermissionPolicy,
+    )
+
+    from invenio_config_tugraz.generators import RecordIp
+
+    class TUGRAZPermissionPolicy(RDMRecordPermissionPolicy):
+
+    # Create access given to SuperUser only.
+
+    can_create = [SuperUser()]
+
+    RDM_RECORDS_BIBLIOGRAPHIC_SERVICE_CONFIG  = TUGRAZBibliographicRecordServiceConfig
+
+
+Permissions for Invenio (RDM) Records.
+"""
+
+from invenio_rdm_records.services import (
+    BibliographicRecordServiceConfig,
+    RDMRecordPermissionPolicy,
+)
+from invenio_records_permissions.generators import (
+    Admin,
+    AnyUser,
+    RecordOwners,
+    SuperUser,
+)
+
+from .generators import AuthenticatedUser, RecordIp
+
+
+class TUGRAZPermissionPolicy(RDMRecordPermissionPolicy):
+    """Access control configuration for rdm records.
+
+    This overrides the origin:
+    https://github.com/inveniosoftware/invenio-rdm-records/blob/master/invenio_rdm_records/services/permissions.py.
+
+    """
+
+    # Read access given to:
+    # TODO:
+    # AnyUserIfPublic : grant access if record is public
+    # RecordIp: grant access for single_ip
+    # RecordOwners: owner of records, enable once the deposit is allowed only for loged-in users.
+    # CURRENT:
+    # RecordIp: grant access for single_ip
+    can_read = [RecordIp()]  # RecordOwners()
+
+    # Search access given to:
+    # AnyUser : grant access anyUser
+    # RecordIp: grant access for single_ip
+    can_search = [AnyUser(), RecordIp()]
+
+    # Update access given to record owners.
+    can_update = [RecordOwners()]
+
+    # Delete access given to admins only.
+    can_delete = [Admin()]
+
+    # Create action given to AuthenticatedUser
+    # UI - if user is loged in
+    # API - if user has Access token (Bearer API-TOKEN)
+    can_create = [AuthenticatedUser()]
+
+    # Associated files permissions (which are really bucket permissions)
+    # can_read_files = [AnyUserIfPublic(), RecordOwners()]
+    # can_update_files = [RecordOwners()]
+
+
+class TUGRAZBibliographicRecordServiceConfig(BibliographicRecordServiceConfig):
+    """Overriding BibliographicRecordServiceConfig."""
+
+    permission_policy_cls = TUGRAZPermissionPolicy

invenio_config_tugraz/restrictions/access_right/access_right.csv

@@ -0,0 +1,6 @@
+access_right,access_right_name,icon,notes
+open, Open Access, lock open
+embargoed, Embargoed, ban
+restricted, Restricted, key
+closed, Private, lock
+singleip, Single Ip, lock

invenio_config_tugraz/restrictions/access_right/access_right_limit.csv

@@ -0,0 +1,2 @@
+access_right,access_right_name,icon,notes
+open, Open Access, lock open

invenio_config_tugraz/version.py

@@ -12,4 +12,4 @@ This file is imported by ``invenio_config_tugraz.__init__``,
 and parsed by ``setup.py``.
 """
 
-__version__ = "0.2.2"
+__version__ = "0.4.2"

pytest.ini

@@ -7,6 +7,6 @@
 # details.
 
 [pytest]
-addopts = --isort --pydocstyle --pycodestyle --doctest-glob="*.rst" --doctest-modules --cov=invenio_config_tugraz --cov-report=term-missing
+addopts = --isort --pydocstyle --pycodestyle --doctest-glob="*.rst" --doctest-modules --cov=invenio_config_tugraz --cov-report=term-missing tests invenio_config_tugraz
 testpaths = tests invenio_config_tugraz
 live_server_scope = module

run-tests.sh

@@ -1,17 +1,33 @@
-#!/usr/bin/env sh
+#!/usr/bin/env bash
 # -*- coding: utf-8 -*-
 #
-# Copyright (C) 2020 Mojib Wali.
+# Copyright (C) 2019-2020 CERN.
+# Copyright (C) 2019-2020 Northwestern University.
+# Copyright (C) 2020 Graz University of Technology.
 #
 # invenio-config-tugraz is free software; you can redistribute it and/or
 # modify it under the terms of the MIT License; see LICENSE file for more
 # details.
 
-docker-services-cli up postgresql es redis
-python -m check_manifest --ignore ".travis-*" && \
-python -m sphinx.cmd.build -qnNW docs docs/_build/html && \
-docker-services-cli up es postgresql redis
+
+# Quit on errors
+set -o errexit
+
+# Quit on unbound symbols
+set -o nounset
+
+# Always bring down docker services
+
+function cleanup() {
+    eval "$(docker-services-cli down --env)"
+}
+trap cleanup EXIT
+
+
+python -m check_manifest --ignore ".*-requirements.txt"
+python -m sphinx.cmd.build -qnNW docs docs/_build/html
+eval "$(docker-services-cli up --db ${DB:-postgresql} --search ${SEARCH:-elasticsearch} --cache ${CACHE:-redis} --env)"
 python -m pytest
 tests_exit_code=$?
-docker-services-cli down
+python -m sphinx.cmd.build -qnNW -b doctest docs docs/_build/doctest
 exit "$tests_exit_code"

setup.py

@@ -20,11 +20,12 @@ tests_require = [
     "SQLAlchemy-Utils>=0.33.1,<0.36",
     "invenio-rdm-records~=0.20.8",
     "invenio-search[elasticsearch7]>=1.4.0",
+    "psycopg2-binary>=2.8.6",
 ]
 
 extras_require = {
     "docs": [
-        "Sphinx>=1.5.1",
+        "Sphinx>=3",
     ],
     "tests": tests_require,
 }
@@ -61,8 +62,8 @@ setup(
     keywords="invenio, config, Tu Graz",
     license="MIT",
     author="Mojib Wali",
-    author_email="mojib.wali@tugraz.at",
-    url="https://github.com/mb-wali/invenio-config-tugraz",
+    author_email="mb_wali@hotmail.com",
+    url="https://github.com/tu-graz-library/invenio-config-tugraz",
     packages=packages,
     zip_safe=False,
     include_package_data=True,

tests/conftest.py

@@ -20,6 +20,7 @@ import pytest
 from flask import Flask
 from flask_babelex import Babel
 from invenio_db import InvenioDB, db
+from sqlalchemy_utils.functions import create_database, database_exists, drop_database
 
 from invenio_config_tugraz import InvenioConfigTugraz
 
@@ -70,3 +71,93 @@ def create_app(request):
     app.test_request_context().push()
 
     return app
+
+
+@pytest.fixture(scope='function')
+def open_record():
+    """Open record data as dict coming from the external world."""
+    return {
+        "access": {
+            "metadata": False,
+            "files": False,
+            "owned_by": [1],
+            "access_right": "open"
+        },
+        "metadata": {
+            "publication_date": "2020-06-01",
+            "resource_type": {
+                "type": "image",
+                "subtype": "image-photo"
+            },
+            # Technically not required
+            "creators": [{
+                "name": "Troy Brown",
+                "type": "personal"
+            }, {
+                "name": "Phillip Lester",
+                "type": "personal",
+                "identifiers": {"orcid": "0000-0002-1825-0097"},
+                "affiliations": [{
+                    "name": "Carter-Morris",
+                    "identifiers": {"ror": "03yrm5c26"}
+                }]
+            }, {
+                "name": "Steven Williamson",
+                "type": "personal",
+                "identifiers": {"orcid": "0000-0002-1825-0097"},
+                "affiliations": [{
+                    "name": "Ritter and Sons",
+                    "identifiers": {"ror": "03yrm5c26"}
+                }, {
+                    "name": "Montgomery, Bush and Madden",
+                    "identifiers": {"ror": "03yrm5c26"}
+                }]
+            }],
+            "title": "A Romans story"
+        }
+    }
+
+
+@pytest.fixture(scope='function')
+def singleip_record():
+    """Single Ip record data as dict coming from the external world."""
+    return {
+        "access": {
+            "metadata": False,
+            "files": False,
+            "owned_by": [1],
+            "access_right": "singleip"
+        },
+        "metadata": {
+            "publication_date": "2020-06-01",
+            "resource_type": {
+                "type": "image",
+                "subtype": "image-photo"
+            },
+            # Technically not required
+            "creators": [{
+                "name": "Troy Brown",
+                "type": "personal"
+            }, {
+                "name": "Phillip Lester",
+                "type": "personal",
+                "identifiers": {"orcid": "0000-0002-1825-0097"},
+                "affiliations": [{
+                    "name": "Carter-Morris",
+                    "identifiers": {"ror": "03yrm5c26"}
+                }]
+            }, {
+                "name": "Steven Williamson",
+                "type": "personal",
+                "identifiers": {"orcid": "0000-0002-1825-0097"},
+                "affiliations": [{
+                    "name": "Ritter and Sons",
+                    "identifiers": {"ror": "03yrm5c26"}
+                }, {
+                    "name": "Montgomery, Bush and Madden",
+                    "identifiers": {"ror": "03yrm5c26"}
+                }]
+            }],
+            "title": "A Romans story"
+        }
+    }

tests/test_generators.py

@@ -8,13 +8,31 @@
 
 """Test Generators."""
 
-from invenio_config_tugraz.generators import RecordIp
+from invenio_access.permissions import any_user, authenticated_user
+
+from invenio_config_tugraz.generators import AuthenticatedUser, RecordIp
 
 
-def test_recordip():
+def test_recordip(create_app, open_record, singleip_record):
     """Test Generator RecordIp."""
     generator = RecordIp()
+    open_record = open_record
+    singleiprec = singleip_record
 
-    assert generator.needs() == []
+    assert generator.needs(record=None) == []
+    assert generator.needs(record=open_record) == [any_user]
+    assert generator.needs(record=singleiprec) == []
+
+    assert generator.excludes(record=open_record) == []
+    assert generator.excludes(record=open_record) == []
+
+    assert generator.query_filter().to_dict() == {'bool': {'must_not': [{'match': {'access.access_right': 'singleip'}}]}}
+
+
+def test_authenticateduser():
+    """Test Generator AuthenticatedUser."""
+    generator = AuthenticatedUser()
+
+    assert generator.needs() == [authenticated_user]
     assert generator.excludes() == []
-    assert generator.query_filter().to_dict() == {"match_all": {}}
+    assert generator.query_filter() == []