[FEAT] Some pure functions (unfinished yet) to manage rights.

gargantext/models/nodes.py

@@ -33,7 +33,7 @@ class Node(Base):
     parent_id = Column(Integer, ForeignKey('nodes.id', ondelete='CASCADE'))
     # main data
     name = Column(String(255))
-    date  = Column(DateTime(), default=datetime.now)
+    date = Column(DateTime(), default=datetime.now)
     # metadata (see https://bashelton.com/2014/03/updating-postgresql-json-fields-via-sqlalchemy/)
     hyperdata = Column(JSONB, default=dict)
 

gargantext/models/users.py

@@ -123,18 +123,19 @@ class User(Base):
     def pending_invitations(self):
         """ Get invitations that have not been accepted nor refused.
         """
-        Friend = aliased(User)
-        Contact1 = aliased(Contact)
-        Contact2 = aliased(Contact)
-        # outerjoin
-        query = (session
-            .query(Friend)
-            .join(Contact1, Contact1.user2_id == Friend.id)
-            .join(Contact2, Contact2.user1_id == Friend.id)
-            .filter(Contact1.user1_id == self.id, Contact1.is_blocked == False)
-            .filter(Contact2.user2_id == self.id)
-        )
-        return query.all()
+        undefined
+#        Friend = aliased(User)
+#        Contact1 = aliased(Contact)
+#        Contact2 = aliased(Contact)
+#        # TODO outerjoin
+#        query = (session
+#            .query(Friend)
+#            .join(Contact1, Contact1.user2_id == Friend.id)
+#            .join(Contact2, Contact2.user1_id == Friend.id)
+#            .filter(Contact1.user1_id == self.id, Contact1.is_blocked == False)
+#            .filter(Contact2.user2_id == self.id)
+#        )
+#        return query.all()
 
 
 
@@ -151,17 +152,17 @@ class User(Base):
 #                node.id in (contact.id for contact in self.friends())
 
 
-# Deprecated
-#    def contacts_nodes(self, typename=None):
-#        from .nodes import Node
-#        for contact in self.contacts():
-#            contact_nodes = (session
-#                .query(Node)
-#                .filter(Node.user_id == contact.id)
-#                .filter(Node.typename == typename)
-#                .order_by(Node.date)
-#            ).all()
-#            yield contact, contact_nodes
+# TODO add the right management toolbox
+    def contacts_nodes(self, typename=None):
+        from .nodes import Node
+        for contact in self.friends():
+            contact_nodes = (session
+                .query(Node)
+                .filter(Node.user_id == contact.id)
+                .filter(Node.typename == typename)
+                .order_by(Node.date)
+            ).all()
+            yield contact, contact_nodes
 
 
 

gargantext/util/http.py

@@ -27,15 +27,15 @@ def requires_auth(func):
 
         # user was authenticated but something made the session expire
         except DetachedInstanceError as die:
-            print("===\n Detached instance error: trying to rollback session")
+            print("=== Warning:\nDetached instance error: trying to rollback session")
             print(die)
             from gargantext.util.db import session
             session.rollback()
-            print("=== session rollback ok!")
+            print("=== Info:\nsession rollback ok!")
             # re init the global cache (it must still have detached instances)
             from gargantext.util.db_cache import cache
             cache.clean_all()
-            print("=== cache reinit ok!")
+            print("=== Info:\ncache reinit ok!")
             # and relogin for safety
             url = '/auth/login/?next=%s' % urlencode(request.path)
             return redirect(url)

gargantext/views/api/nodes.py

@@ -26,7 +26,7 @@ _hyperdata_available_fields = ['title', 'source', 'abstract', 'statuses',
 
 
 
-def check_rights(request, node_id=None):
+def check_rights(request, mode="read", node_id=None):
     """
     check rights of a request and maybe a node if given as parameters.
     
@@ -54,14 +54,14 @@ def check_rights(request, node_id=None):
                           .filter( NodeUser.node_id == node_id )
                           .first (                             )
                   )
-    print(nodeRights.mode)
+    
     # If the user is anonymous
     # Is the user authenticated i.e. anonymous ?
     if request.user.id is None and nodeRights is not None :
     # if request.user.id is None and nodeRights not defined then False
         
         # Check if the node has public rights
-        if int(str(nodeRights.mode)[2]) == 4:
+        if nodeRights.mode_others == 4:
             return True
         else:
             return False
@@ -72,10 +72,10 @@ def check_rights(request, node_id=None):
         # Is the user owner of the node ?
         if nodeRights.user_id == request.user.id:
             # Has the user the rights to read the Node ?
-            if int(str(nodeRights.mode)[0]) == 7:
+            if nodeRights.mode_user == 7:
                 return True
         
-        elif int(str(nodeRights.mode)[1]) == 7:
+        elif nodeRights.mode_group == 7:
         # Is the user owner of the node ?
             return True
         else: