From 85bbac045674fa77335367c3b403e2031e6bead0 Mon Sep 17 00:00:00 2001 From: Chris Topaloudis Date: Thu, 14 May 2020 11:00:59 +0200 Subject: [PATCH] managing access: review and update for Invenio v3.2 and ES 7 --- 12-managing-access/README.md | 9 ++- .../my_site/authors/mappings/__init__.py | 2 - .../mappings/v6/authors/author-v1.0.0.json | 29 ------- .../authors/mappings/{v6 => v7}/__init__.py | 4 +- .../mappings/v7/authors/author-v1.0.0.json | 27 +++++++ .../mappings/v6/records/record-v1.0.0.json | 79 ------------------- .../mappings/v7/records/record-v1.0.0.json | 77 ++++++++++++++++++ 7 files changed, 110 insertions(+), 117 deletions(-) delete mode 100644 12-managing-access/solution/my-site/my_site/authors/mappings/v6/authors/author-v1.0.0.json rename 12-managing-access/solution/my-site/my_site/authors/mappings/{v6 => v7}/__init__.py (67%) create mode 100644 12-managing-access/solution/my-site/my_site/authors/mappings/v7/authors/author-v1.0.0.json delete mode 100644 12-managing-access/solution/my-site/my_site/records/mappings/v6/records/record-v1.0.0.json create mode 100644 12-managing-access/solution/my-site/my_site/records/mappings/v7/records/record-v1.0.0.json diff --git a/12-managing-access/README.md b/12-managing-access/README.md index 9923e0b..31a068d 100644 --- a/12-managing-access/README.md +++ b/12-managing-access/README.md @@ -4,13 +4,13 @@ - [Step 1 - Allow for access only from the owner](#step-1---allow-for-access-only-from-the-owner) - [Step 2 - search filter](#step-2---search-filter) - [Step 3 - Create permissions](#step-3---create-permissions) -- [Extras - Additional excersises](#extras) +- [Extras - Additional exercises](#extras) The goal of this tutorial is to implement record access permissions in simple and complicated cases. Prerequisites: -1. previous steps with owner field +1. previous steps with owner field 2. at least two different users ```commandline @@ -19,7 +19,7 @@ my-site users create manager@test.ch -a --password=123456 # create admin user ID my-site users create visitor@test.ch -a --password=123456 # create visitor user ID 3 ``` -2. at least two records +3. at least two records ```commandline curl -k --header "Content-Type: application/json" --request POST --data '{"title":"My test record", "contributors": [{"name": "Doe, John"}], "owner": 1}' https://localhost:5000/api/records/?prettyprint=1 @@ -31,6 +31,7 @@ curl -k --header "Content-Type: application/json" --request POST --data '{"title ## Step 1 - Allow for access only from the owner ### Use case: + Restrict the access to read, edit and delete action for the record only to its owner. 1. We implement the permission factory. The permission requires a need to be fulfilled by a user for a record. In this case we remember that: @@ -222,7 +223,7 @@ RECORDS_REST_ENDPOINTS = { ### Use case: restrict creation of records to authenticated users -1. Implement the permission factory in `my_site/records/permissions.py` +1. Implement the permission factory in `my_site/records/permissions.py` ```python from invenio_access import Permission, authenticated_user diff --git a/12-managing-access/solution/my-site/my_site/authors/mappings/__init__.py b/12-managing-access/solution/my-site/my_site/authors/mappings/__init__.py index ac73b6f..292b154 100644 --- a/12-managing-access/solution/my-site/my_site/authors/mappings/__init__.py +++ b/12-managing-access/solution/my-site/my_site/authors/mappings/__init__.py @@ -12,5 +12,3 @@ in Elasticsearch. You need to provide one mapping per major version of Elasticsearch you want to support. """ - -from __future__ import absolute_import, print_function diff --git a/12-managing-access/solution/my-site/my_site/authors/mappings/v6/authors/author-v1.0.0.json b/12-managing-access/solution/my-site/my_site/authors/mappings/v6/authors/author-v1.0.0.json deleted file mode 100644 index e21f372..0000000 --- a/12-managing-access/solution/my-site/my_site/authors/mappings/v6/authors/author-v1.0.0.json +++ /dev/null @@ -1,29 +0,0 @@ -{ - "mappings": { - "author-v1.0.0": { - "date_detection": false, - "numeric_detection": false, - "properties": { - "$schema": { - "type": "text", - "index": false - }, - "id": { - "type": "keyword" - }, - "name": { - "type": "text" - }, - "organization": { - "type": "text" - }, - "_created": { - "type": "date" - }, - "_updated": { - "type": "date" - } - } - } - } -} diff --git a/12-managing-access/solution/my-site/my_site/authors/mappings/v6/__init__.py b/12-managing-access/solution/my-site/my_site/authors/mappings/v7/__init__.py similarity index 67% rename from 12-managing-access/solution/my-site/my_site/authors/mappings/v6/__init__.py rename to 12-managing-access/solution/my-site/my_site/authors/mappings/v7/__init__.py index 018003d..5233dc2 100644 --- a/12-managing-access/solution/my-site/my_site/authors/mappings/v6/__init__.py +++ b/12-managing-access/solution/my-site/my_site/authors/mappings/v7/__init__.py @@ -5,6 +5,4 @@ # My site is free software; you can redistribute it and/or modify it under # the terms of the MIT License; see LICENSE file for more details. -"""Mappings for Elasticsearch 5.x.""" - -from __future__ import absolute_import, print_function +"""Mappings for Elasticsearch 7.x.""" diff --git a/12-managing-access/solution/my-site/my_site/authors/mappings/v7/authors/author-v1.0.0.json b/12-managing-access/solution/my-site/my_site/authors/mappings/v7/authors/author-v1.0.0.json new file mode 100644 index 0000000..6912023 --- /dev/null +++ b/12-managing-access/solution/my-site/my_site/authors/mappings/v7/authors/author-v1.0.0.json @@ -0,0 +1,27 @@ +{ + "mappings": { + "date_detection": false, + "numeric_detection": false, + "properties": { + "$schema": { + "type": "text", + "index": false + }, + "id": { + "type": "keyword" + }, + "name": { + "type": "text" + }, + "organization": { + "type": "text" + }, + "_created": { + "type": "date" + }, + "_updated": { + "type": "date" + } + } + } +} \ No newline at end of file diff --git a/12-managing-access/solution/my-site/my_site/records/mappings/v6/records/record-v1.0.0.json b/12-managing-access/solution/my-site/my_site/records/mappings/v6/records/record-v1.0.0.json deleted file mode 100644 index be63be3..0000000 --- a/12-managing-access/solution/my-site/my_site/records/mappings/v6/records/record-v1.0.0.json +++ /dev/null @@ -1,79 +0,0 @@ -{ - "mappings": { - "record-v1.0.0": { - "date_detection": false, - "numeric_detection": false, - "properties": { - "$schema": { - "type": "text", - "index": false - }, - "title": { - "type": "text", - "copy_to": "suggest_title" - }, - "suggest_title": { - "type": "completion" - }, - "author": { - "type": "object", - "properties": { - "id": { - "type": "integer" - }, - "name": { - "type": "text" - } - } - }, - "id": { - "type": "keyword" - }, - "owner": { - "type": "integer" - }, - "publication_date": { - "type": "date", - "format": "date" - }, - "contributors_count": { - "type": "short" - }, - "contributors": { - "type": "object", - "properties": { - "ids": { - "type": "object", - "properties": { - "source": { - "type": "text" - }, - "value": { - "type": "keyword" - } - } - }, - "affiliations": { - "type": "text" - }, - "role": { - "type": "keyword" - }, - "email": { - "type": "text" - }, - "name": { - "type": "text" - } - } - }, - "_created": { - "type": "date" - }, - "_updated": { - "type": "date" - } - } - } - } -} diff --git a/12-managing-access/solution/my-site/my_site/records/mappings/v7/records/record-v1.0.0.json b/12-managing-access/solution/my-site/my_site/records/mappings/v7/records/record-v1.0.0.json new file mode 100644 index 0000000..e4a27cc --- /dev/null +++ b/12-managing-access/solution/my-site/my_site/records/mappings/v7/records/record-v1.0.0.json @@ -0,0 +1,77 @@ +{ + "mappings": { + "date_detection": false, + "numeric_detection": false, + "properties": { + "$schema": { + "type": "text", + "index": false + }, + "title": { + "type": "text", + "copy_to": "suggest_title" + }, + "suggest_title": { + "type": "completion" + }, + "author": { + "type": "object", + "properties": { + "id": { + "type": "integer" + }, + "name": { + "type": "text" + } + } + }, + "id": { + "type": "keyword" + }, + "owner": { + "type": "integer" + }, + "publication_date": { + "type": "date", + "format": "date" + }, + "contributors_count": { + "type": "short" + }, + "contributors": { + "type": "object", + "properties": { + "ids": { + "type": "object", + "properties": { + "source": { + "type": "text" + }, + "value": { + "type": "keyword" + } + } + }, + "affiliations": { + "type": "text" + }, + "role": { + "type": "keyword" + }, + "email": { + "type": "text" + }, + "name": { + "type": "text" + } + } + }, + "_created": { + "type": "date" + }, + "_updated": { + "type": "date" + } + } + } +} \ No newline at end of file