Skip to content

Commit

Permalink
errors: add RecordPermissionDeniedError
Browse files Browse the repository at this point in the history
* closes inveniosoftware/product-rdm#178

Co-authored-by: jrcastro2 <[email protected]>
  • Loading branch information
anikachurilova and jrcastro2 committed May 22, 2024
1 parent a0ed585 commit bde3176
Show file tree
Hide file tree
Showing 2 changed files with 21 additions and 4 deletions.
12 changes: 12 additions & 0 deletions invenio_records_resources/services/errors.py
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,18 @@
from marshmallow import ValidationError


class RecordPermissionDeniedError(PermissionDenied):
"""Record permission denied error."""

description = "Permission denied."

def __init__(self, action_name=None, record=None, *args, **kwargs):
"""Initialize exception."""
self.record = record
self.action_name = action_name
super(RecordPermissionDeniedError, self).__init__(*args, **kwargs)


class PermissionDeniedError(PermissionDenied):
"""Permission denied error."""

Expand Down
13 changes: 9 additions & 4 deletions invenio_records_resources/services/records/service.py
Original file line number Diff line number Diff line change
Expand Up @@ -19,11 +19,14 @@
from kombu import Queue
from werkzeug.local import LocalProxy

from invenio_records_resources.services.errors import PermissionDeniedError
from invenio_records_resources.services.errors import (
PermissionDeniedError,
RecordPermissionDeniedError,
)

from ..base import LinksTemplate, Service
from ..errors import RevisionIdMismatchError
from ..uow import RecordCommitOp, RecordDeleteOp, RecordIndexOp, unit_of_work
from ..uow import RecordCommitOp, RecordDeleteOp, unit_of_work
from .schema import ServiceSchemaWrapper


Expand Down Expand Up @@ -375,8 +378,10 @@ def read(self, identity, id_, expand=False, action="read"):
"""Retrieve a record."""
# Resolve and require permission
record = self.record_cls.pid.resolve(id_)
self.require_permission(identity, action, record=record)

try:
self.require_permission(identity, action, record=record)
except PermissionDeniedError as e:
raise RecordPermissionDeniedError(action_name=action, record=record)
# Run components
for component in self.components:
if hasattr(component, "read"):
Expand Down

0 comments on commit bde3176

Please sign in to comment.