Add non-searchable tags #398
Conversation
jrcastro2
commented
Sep 6, 2024
•
jrcastro2
commented
- closes names vocab: allow names vocab to have 2 types of objects CERNDocumentServer/cds-rdm#193
- closes Vocab: Add non-searchable tag CERNDocumentServer/cds-rdm#194
jrcastro2
force-pushed
the
add-deprecation
branch
from
0a560e3
to
eda8b19
Compare
invenio_vocabularies/generators.py
Outdated
| class AnyUser(Generator): | ||
| """Allows any user.""" | ||
|
|
||
| def needs(self, **kwargs): | ||
| """Enabling Needs.""" | ||
| return [any_user] | ||
|
|
||
| def query_filter(self, **kwargs): | ||
| """Match only searchable values in search.""" | ||
| return dsl.Q( | ||
| "bool", | ||
| must_not=[dsl.Q("term", tags="non-searchable")], | ||
| ) |
There was a problem hiding this comment.
| class AnyUser(Generator): | |
| """Allows any user.""" | |
| def needs(self, **kwargs): | |
| """Enabling Needs.""" | |
| return [any_user] | |
| def query_filter(self, **kwargs): | |
| """Match only searchable values in search.""" | |
| return dsl.Q( | |
| "bool", | |
| must_not=[dsl.Q("term", tags="non-searchable")], | |
| ) | |
| class Tags(Generator): | |
| """Search filter based on tags.""" | |
| def __init__(self, include=None, exclude=None): | |
| ... | |
| def query_filter(self, **kwargs): | |
| """Search based on configured tags.""" | |
| return dsl.Q( | |
| "bool", | |
| must=[dsl.Q("term", tags=self.include)], | |
| must_not=[dsl.Q("term", tags=self.exclude)], | |
| ) |
- major: I would not reuse the name
AnyUsersince we might start mixing them up and misinterpret its meaning - minor: defining a
Tagsgenerator might be a more flexible approach since it allows us to combine like the following:
class VocabularyPermissionPolicy:
can_search = [
SystemProcess(),
Administration(),
Tags(exclude=["non-searchable"])
]This assumes that Administration() makes sure that admins search/see everything (which I'm not sure if is the case today).
invenio_vocabularies/permissions.py
Outdated
| """Permission policy.""" | ||
|
|
||
| can_search = [SystemProcess(), AnyUser()] | ||
| can_read = [SystemProcess(), AnyUser()] |
There was a problem hiding this comment.
| can_read = [SystemProcess(), AnyUser()] | |
| can_read = [SystemProcess()] |
minor: reads should always be possible, since we just want to control the search behaviour for end-users
jrcastro2
force-pushed
the
add-deprecation
branch
from
eda8b19
to
9da1e75
Compare
jrcastro2
force-pushed
the
add-deprecation
branch
3 times, most recently
from
9a5a2ae
to
88cb173
Compare
| # this permission is needed for the /api/vocabularies/ endpoint | ||
| can_list_vocabularies = [ | ||
| SystemProcess(), | ||
| Tags(exclude=["non-searchable"], only_authenticated=True), |
There was a problem hiding this comment.
side question, for me to understand how this works. How can I know what tags are available?
There was a problem hiding this comment.
Hmm, I think it's only documented in the RFC: https://github.com/inveniosoftware/rfcs/blob/fdb09b8b86263607364c8cc554b3a6580ccba2e2/rfcs/rdm-0077-vocabulary-harvesting.md#data-model
There is PR adding the non-searchableexplanation, however maybe we should document htis better in the docs (?)
| can_search = [SystemProcess(), AnyUser()] | ||
| can_read = [SystemProcess(), AnyUser()] | ||
| can_search = [SystemProcess(), Tags(exclude=["non-searchable"])] | ||
| can_read = [SystemProcess(), Tags(exclude=["non-searchable"])] |
There was a problem hiding this comment.
Is it really what we want here that nobody at all can search non-searchable names?
There was a problem hiding this comment.
People with admin permission can search for it. If there is other permissions that should have access to it let me know. But to me it makes sense that only administrators do have.
jrcastro2
force-pushed
the
add-deprecation
branch
2 times, most recently
from
90d019c
to
b1d6113
Compare
jrcastro2
force-pushed
the
add-deprecation
branch
from
b1d6113
to
daf495b
Compare
| can_search = [ | ||
| SystemProcess(), | ||
| IfTags(exclude=["unlisted"], only_authenticated=True), | ||
| ] |
There was a problem hiding this comment.
| can_search = [ | |
| SystemProcess(), | |
| IfTags(exclude=["unlisted"], only_authenticated=True), | |
| ] | |
| can_search = [ | |
| SystemProcess(), | |
| IfTags(exclude=["unlisted"]), | |
| AuthenticatedUser(), | |
| ] |
minor: wouldn't that be possible in terms of reusing/composing with existing generators? The only_authenticated parameter feels a bit ad-hoc
There was a problem hiding this comment.
Right! I agree but unfortunately it doesn't work like that, at the moment if we change it to your suggestion (which was my first thought/try as well) it will simply grant access if any of the needs is matched, meaning that ti will match for unlisted OR authenticated, while what we want to achieve is to grant access to unlisted AND authenticated for Names vocab while for the rest we want to grant access to unlisted AND any user.
That's why I added that param. The only easy alternative I can think of is creating 2 generators that would be AnyUserIfTags and AuthenticatedUserIfTags maybe this would be more readable ... Unless there are better sugesstions, they are more than welcomed!
invenio_vocabularies/contrib/names/jsonschemas/names/name-v1.0.0.json
Outdated
Show resolved
Hide resolved
* update props json schema to allow multiple types
jrcastro2
force-pushed
the
add-deprecation
branch
from
daf495b
to
8b26a1b
Compare
