Commit a17627e8 authored by Pablo Panero's avatar Pablo Panero
Browse files

Add read_list permissions for admins/owners only. Pending PR invenio-records-rest/#215

parent 6d388737
......@@ -10,7 +10,8 @@ from invenio_oauthclient.contrib import cern
from .modules.cernsearch.permissions import (record_read_permission_factory,
record_create_permission_factory,
record_update_permission_factory,
record_delete_permission_factory)
record_delete_permission_factory,
record_read_list_permission_factory)
def _(x):
......@@ -99,6 +100,7 @@ RECORDS_REST_ENDPOINTS = dict(
},
max_result_window=10000,
read_permission_factory_imp=record_read_permission_factory,
read_list_permission_factory_imp=record_read_list_permission_factory,
create_permission_factory_imp=record_create_permission_factory,
update_permission_factory_imp=record_update_permission_factory,
delete_permission_factory_imp=record_delete_permission_factory,
......
......@@ -26,6 +26,11 @@ def record_read_permission_factory(record=None):
return record_permission_factory(record=record, action='read')
def record_read_list_permission_factory(record=None):
"""Read permission factory."""
return record_permission_factory(record=record, action='read_list')
def record_update_permission_factory(record=None):
"""Update permission factory."""
return record_permission_factory(record=record, action='update')
......@@ -46,6 +51,7 @@ class RecordPermission(object):
create_actions = ['create']
read_actions = ['read']
read_list_actions = ['read_list']
update_actions = ['update']
delete_actions = ['delete']
......@@ -63,7 +69,9 @@ class RecordPermission(object):
def create(cls, record, action, user=None):
"""Create a record permission."""
# Allow everything for testing
if action in cls.create_actions:
if action in cls.read_list_actions:
return cls(record, has_owner_permission, user)
elif action in cls.create_actions:
return cls(record, has_owner_permission, user)
elif action in cls.read_actions:
return cls(record, has_read_record_permission, user)
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment