Adjust permission check to rdm-records refactor

* prior to the invenio-rdm-records refactor, the RecordService configs were set globally by name in the configuration (e.g. RDM_RECORDS_BIBLIOGRAPHIC_SERVICE_CONFIG = MyConfigClass) * now, this is limited to the Services registered in the InvenioRDMRecords Flask extension and does no longer affect all newly instantiated Bibliographic*Services

Adjust permission check to rdm-records refactor
8e04e7b1 · Moser, Maximilian · 3e7f5dd5 · 8e04e7b1 · 8e04e7b1
Commit 8e04e7b1 authored 4 years ago by Moser, Maximilian
--- a/invenio_config_tuw/utils.py
+++ b/invenio_config_tuw/utils.py
@@ -52,10 +52,12 @@ def is_open(record):


 def check_permission(
-    permission_str, record, service_cls=BibliographicRecordFilesService
+    permission_str, record, service=None, service_cls=BibliographicRecordFilesService
 ):
    """Check if the current user has the specified permissions."""
-    service = service_cls()
+    if service is None:
+        service = service_cls()
+
    try:
        try:
            identity = get_identity_for_user(current_user.id)

--- a/invenio_config_tuw/views.py
+++ b/invenio_config_tuw/views.py
 from flask import abort, current_app, request
+from invenio_app_rdm.theme.utils import previewer_record_file_factory
 from invenio_files_rest.views import ObjectResource
 from invenio_previewer import current_previewer
 from invenio_previewer.api import PreviewFile
 from invenio_previewer.extensions import default
-from invenio_app_rdm.theme.utils import previewer_record_file_factory
+from invenio_rdm_records.proxies import current_rdm_records

 from .utils import check_permission

@@ -27,7 +28,8 @@ def file_download_ui(pid, record, _record_file_factory=None, **kwargs):

    obj = fileobj.obj

-    if not check_permission("read_files", record):
+    service = current_rdm_records.records_service
+    if not check_permission("read_files", record, service=service):
        abort(403)

    # Check permissions
@@ -69,9 +71,10 @@ def preview(pid, record, template=None, **kwargs):
        record,
        request.view_args.get("filename", request.args.get("filename", type=str)),
    )
+    service = current_rdm_records.records_service
    if fileobj is None:  # actually check against None, not against bool(fileobj)
        abort(404)
-    elif not check_permission("read_files", record):
+    elif not check_permission("read_files", record, service=service):
        return default.preview(fileobj)

    # Try to see if specific previewer is set