invenio.cfg

"""
InvenioRDM settings for InvenioRDM Starter project.

This file was automatically generated by 'invenio-cli init'.

For the full list of settings and their values, see
https://inveniordm.docs.cern.ch/reference/configuration/.
"""

from copy import deepcopy
from datetime import datetime
import re
from flask import request, url_for
import idutils
from marshmallow import validate
from invenio_rdm_records.services.pids import providers
from invenio_rdm_records.services import facets
from invenio_rdm_records.contrib.journal import (
    JOURNAL_CUSTOM_FIELDS,
    JOURNAL_CUSTOM_FIELDS_UI,
    JOURNAL_NAMESPACE,
)
from invenio_records_resources.services.custom_fields import TextCF
from invenio_records_resources.services.records.queryparser import (
    FieldValueMapper,
    QueryParser,
    SearchFieldTransformer,
)
# from invenio_records_resources.services.records.facets import TermsFacet
from invenio_communities.communities.records.models import CommunityMetadata
from invenio_db import db
from luqum.tree import Phrase

from invenio_access import action_factory
from invenio_records.dictutils import dict_lookup
from invenio_records_permissions.generators import (
    ConditionalGenerator,
    Generator,
)
from invenio_administration.generators import Administration
from invenio_communities.permissions import CommunityPermissionPolicy
from invenio_rdm_records.services.generators import (
    AccessGrant,
    CommunityInclusionReviewers,
    IfDeleted,
    IfExternalDOIRecord,
    IfFileIsLocal,
    IfNewRecord,
    IfRecordDeleted,
    IfRestricted,
    RecordCommunitiesAction,
    RecordOwners,
    ResourceAccessToken,
    SecretLinks,
    SubmissionReviewer,
)
from invenio_rdm_records.services.permissions import RDMRecordPermissionPolicy
from invenio_records_permissions.generators import (
    Disable,
    IfConfig,
    SystemProcess,
)

def _(x):  # needed to avoid start time failure with lazy strings
    return x

RATELIMIT_ENABLED = True
RATELIMIT_AUTHENTICATED_USER = "50000 per hour;900 per minute"
RATELIMIT_GUEST_USER = "30000 per hour;500 per minute"

# Flask
# =====
# See https://flask.palletsprojects.com/en/1.1.x/config/

# Define the value of the cache control header `max-age` returned by the server when serving
# public files. Files will be cached by the browser for the provided number of seconds.
# See flask documentation for more information:
# https://flask.palletsprojects.com/en/2.1.x/config/#SEND_FILE_MAX_AGE_DEFAULT
SEND_FILE_MAX_AGE_DEFAULT = 300

# Set via env variable
# SECRET_KEY=

# Since HAProxy and Nginx route all requests no matter the host header
# provided, the allowed hosts variable is set to localhost. In production it
# should be set to the correct host and it is strongly recommended to only
# route correct hosts to the application.
APP_ALLOWED_HOSTS = ['localhost', '127.0.0.1']


# Flask-SQLAlchemy
# ================
# See https://flask-sqlalchemy.palletsprojects.com/en/2.x/config/

# Set via env variable
# SQLALCHEMY_DATABASE_URI=


# Invenio-App
# ===========
# See https://invenio-app.readthedocs.io/en/latest/configuration.html

APP_DEFAULT_SECURE_HEADERS = {
    "content_security_policy": {
        "default-src": [
            "'self'",
            "data:", # for fonts
            "'unsafe-inline'", # for inline scripts and styles
            "blob:", # for pdf preview
            "fly.storage.tigris.dev", # for S3 object storage
            # Add your own policies here (e.g. analytics)
        ],
        "img-src": [
            "*",
        ]
    },
    "force_https": True,
    "force_https_permanent": False,
    "force_file_save": False,
    "frame_options": "sameorigin",
    "frame_options_allow_from": None,
    "strict_transport_security": True,
    "strict_transport_security_preload": False,
    "strict_transport_security_max_age": 31556926,  # One year in seconds
    "strict_transport_security_include_subdomains": True,
    "content_security_policy_report_uri": None,
    "content_security_policy_report_only": False,
    "session_cookie_secure": True,
    "session_cookie_http_only": True,
}


# Flask-Babel
# ===========
# See https://python-babel.github.io/flask-babel/#configuration

# Default locale (language)
BABEL_DEFAULT_LOCALE = 'en'
# Default time zone
BABEL_DEFAULT_TIMEZONE = 'UTC'


# Invenio-I18N
# ============
# See https://invenio-i18n.readthedocs.io/en/latest/configuration.html

# Other supported languages (do not include BABEL_DEFAULT_LOCALE in list).
I18N_LANGUAGES = [
    ('de', _('German')),
    ('es', _('Spanish')),
    ('fr', _('French')),
    ('it', _('Italian')),
    ('pt', _('Portuguese')),
    ('tr', _('Turkish')),
]

# Invenio-Mail
# ===========
# See https://invenio-mail.readthedocs.io/en/latest/configuration.html

# Set this to False when enable email sending.
MAIL_SUPPRESS_SEND = True

# Invenio-Theme
# =============
# See https://invenio-theme.readthedocs.io/en/latest/configuration.html

# The name of the site to be used on the header and as a title.
THEME_SITENAME = "InvenioRDM Starter"
# Frontpage title
THEME_FRONTPAGE_TITLE = "InvenioRDM Starter"
# Frontpage subtitle
THEME_FRONTPAGE_SUBTITLE = "A starter project for the turn-key research data management repository."
# Header logo
THEME_LOGO = "images/starter.svg"


# Invenio-App-RDM
# ===============
# See https://invenio-app-rdm.readthedocs.io/en/latest/configuration.html

# Instance's theme entrypoint file. Path relative to the ``assets/`` folder.
INSTANCE_THEME_FILE = "./less/theme.less"

# Invenio-Files-Rest
# ==================
FILES_REST_STORAGE_FACTORY='invenio_s3.s3fs_storage_factory'

# Invenio-S3
# ==========
S3_ENDPOINT_URL='http://localhost:9000/'
S3_ACCESS_KEY_ID='CHANGE_ME'
S3_SECRET_ACCESS_KEY='CHANGE_ME'

# Invenio-Records-Resources
# =========================
# See https://github.com/inveniosoftware/invenio-records-resources/blob/master/invenio_records_resources/config.py

SITE_UI_URL = "https://localhost"

SITE_API_URL = "https://localhost/api"

APP_RDM_DEPOSIT_FORM_DEFAULTS = {
    "publication_date": lambda: datetime.now().strftime("%Y-%m-%d"),
    "rights": [
        {
            "id": "cc-by-4.0",
            "title": "Creative Commons Attribution 4.0 International",
            "description": ("The Creative Commons Attribution license allows "
                            "re-distribution and re-use of a licensed work "
                            "on the condition that the creator is "
                            "appropriately credited."),
            "link": "https://creativecommons.org/licenses/by/4.0/legalcode",
        }
    ],
    "resource_type": {
        "id": "publication-preprint",
    },
}

# See https://github.com/inveniosoftware/invenio-app-rdm/blob/master/invenio_app_rdm/config.py
APP_RDM_DEPOSIT_FORM_AUTOCOMPLETE_NAMES = 'search' # "search_only" or "off"

# Invenio-RDM-Records
# ===================
# See https://inveniordm.docs.cern.ch/customize/dois/
DATACITE_ENABLED = False
DATACITE_PREFIX = '10.1234'

#
# Persistent identifiers configuration
#
RDM_PERSISTENT_IDENTIFIER_PROVIDERS = [
    # DOI provider for externally managed DOIs
    providers.ExternalPIDProvider(
        "external",
        "doi",
        validators=[providers.BlockedPrefixes(config_names=["DATACITE_PREFIX"])],
        label=_("DOI"),
    ),
    # OAI identifier
    providers.OAIPIDProvider(
        "oai",
        label=_("OAI ID"),
    ),
]
"""A list of configured persistent identifier providers."""

RDM_PERSISTENT_IDENTIFIERS = {
    "doi": {
        "providers": ["external"],
        "required": False,
        "label": _("DOI"),
        "validator": idutils.is_doi,
        "normalizer": idutils.normalize_doi,
        "is_enabled": providers.ExternalPIDProvider.is_enabled,
    },
    "oai": {
        "providers": ["oai"],
        "required": True,
        "label": _("OAI"),
        "is_enabled": providers.OAIPIDProvider.is_enabled,
    },
}
"""The configured persistent identifiers for records."""

RDM_PARENT_PERSISTENT_IDENTIFIERS={}

def always_valid(identifier):
    """Gives every identifier as valid."""
    return True

RDM_RECORDS_IDENTIFIERS_SCHEMES = {
    "ark": {"label": _("ARK"), "validator": idutils.is_ark, "datacite": "ARK"},
    "arxiv": {"label": _("arXiv"), "validator": idutils.is_arxiv, "datacite": "arXiv"},
    "ads": {
        "label": _("Bibcode"),
        "validator": idutils.is_ads,
        "datacite": "bibcode",
    },
    "crossreffunderid": {
        "label": _("Crossref Funder ID"),
        "validator": always_valid,
        "datacite": "Crossref Funder ID",
    },
    "doi": {"label": _("DOI"), "validator": idutils.is_doi, "datacite": "DOI"},
    "ean13": {"label": _("EAN13"), "validator": idutils.is_ean13, "datacite": "EAN13"},
    "eissn": {"label": _("EISSN"), "validator": idutils.is_issn, "datacite": "EISSN"},
    "grid": {"label": _("GRID"), "validator": always_valid, "datacite": "GRID"},
    "handle": {
        "label": _("Handle"),
        "validator": idutils.is_handle,
        "datacite": "Handle",
    },
    "igsn": {"label": _("IGSN"), "validator": always_valid, "datacite": "IGSN"},
    "isbn": {"label": _("ISBN"), "validator": idutils.is_isbn, "datacite": "ISBN"},
    "isni": {"label": _("ISNI"), "validator": idutils.is_isni, "datacite": "ISNI"},
    "issn": {"label": _("ISSN"), "validator": idutils.is_issn, "datacite": "ISSN"},
    "istc": {"label": _("ISTC"), "validator": idutils.is_istc, "datacite": "ISTC"},
    "lissn": {"label": _("LISSN"), "validator": idutils.is_issn, "datacite": "LISSN"},
    "lsid": {"label": _("LSID"), "validator": idutils.is_lsid, "datacite": "LSID"},
    "pmid": {"label": _("PMID"), "validator": idutils.is_pmid, "datacite": "PMID"},
    "purl": {"label": _("PURL"), "validator": idutils.is_purl, "datacite": "PURL"},
    "upc": {"label": _("UPC"), "validator": always_valid, "datacite": "UPC"},
    "url": {"label": _("URL"), "validator": idutils.is_url, "datacite": "URL"},
    "urn": {"label": _("URN"), "validator": idutils.is_urn, "datacite": "URN"},
    "w3id": {"label": _("W3ID"), "validator": always_valid, "datacite": "w3id"},

    # Custom identifiers added for InvenioRDM Starter
    "uuid": {"label": _("UUID"), "validator": always_valid, "datacite": "UUID"},
    "guid": {"label": _("GUID"), "validator": always_valid, "datacite": "GUID"},

    "other": {"label": _("Other"), "validator": always_valid, "datacite": "Other"},
}
"""These are used for references, main, alternate and related identifiers."""

# Authentication - Invenio-Accounts and Invenio-OAuthclient
# =========================================================
# See: https://inveniordm.docs.cern.ch/customize/authentication/

# Invenio-Accounts
# ----------------
# See https://github.com/inveniosoftware/invenio-accounts/blob/master/invenio_accounts/config.py
ACCOUNTS_LOCAL_LOGIN_ENABLED = True  # enable local login
SECURITY_REGISTERABLE = True  # local login: allow users to register
SECURITY_RECOVERABLE = True  # local login: allow users to reset the password
SECURITY_CHANGEABLE = True  # local login: allow users to change psw
SECURITY_CONFIRMABLE = True  # local login: users can confirm e-mail address
SECURITY_LOGIN_WITHOUT_CONFIRMATION = False # require users to confirm email before being able to login

# Enable optional custom fields
RDM_NAMESPACES = {
    **JOURNAL_NAMESPACE,
    "rs": None,
}

RDM_CUSTOM_FIELDS = [
    *JOURNAL_CUSTOM_FIELDS,
    TextCF( # content in markdown format
        name="rs:content_text",
    ),
    TextCF( # feature image url
    name="rs:image",
    field_args={
            "validate": validate.URL(),
        },
        multiple=False,
    ),
]


RDM_CUSTOM_FIELDS_UI = [
    {
        "section": _("Publishing information"),
        "hide_from_landing_page": True,
        "fields": [
            # journal
            *JOURNAL_CUSTOM_FIELDS_UI["fields"],
        ],
    },
    {
        "section": _("Images"),
        "hide_from_landing_page": True,
        "fields": [
            dict(
                field="rs:image",
                ui_widget="Input",
                props=dict(
                    label="Feature Image URL",
                    icon="image",
                    required=False,
                ),
            ),
        ],
    },
]

RDM_SORT_OPTIONS = {
    "bestmatch": dict(
        title=_('Best match'),
        fields=['_score'],
    ),
    "newest": dict(
        title=_('Newest'),
        fields=['-metadata.publication_date', '-metadata.dates.date'],
    ),
    "oldest": dict(
        title=_('Oldest'),
        fields=['metadata.publication_date', 'metadata.dates.date'],
    ),
    "version": dict(
        title=_("Version"),
        fields=["-versions.index"],
    ),
    "updated-desc": dict(
        title=_("Recently updated"),
        fields=["-updated"],
    ),
    "updated-asc": dict(
        title=_("Least recently updated"),
        fields=["updated"],
    ),
    "created-desc": dict(
        title=_("Recently added"),
        fields=["-created"],
    ),
    "created-asc": dict(
        title=_("Least recently added"),
        fields=["created"],
    ),
}

# def orcid = TermsFacet(
#     field="is_published",
#     label=_("ORCID"),
#     value_labels={"true": _("Yes"), "false": _("No")},
# )

RDM_FACETS = {
    "access_status": {
        "facet": facets.access_status,
        "ui": {
            "field": "access.status",
        },
    },
    "is_published": {
        "facet": facets.is_published,
        "ui": {
            "field": "is_published",
        },
    },
    "file_type": {
        "facet": facets.filetype,
        "ui": {
            "field": "files.types",
        },
    },
    "language": {
        "facet": facets.language,
        "ui": {
            "field": "languages",
        },
    },
    "resource_type": {
        "facet": facets.resource_type,
        "ui": {
            "field": "resource_type.type",
            "childAgg": {
                "field": "resource_type.subtype",
            },
        },
    },
    "subject": {
        "facet": facets.subject,
        "ui": {
            "field": "subjects.subject",
        },
    },
}

# from https://github.com/zenodo/zenodo-rdm/blob/master/site/zenodo_rdm/queryparser.py
def word_doi(node):
    """Quote DOIs."""
    if not node.value.startswith("10."):
        return node
    return Phrase(f'"{node.value}"')

def word_communities(node):
    """Resolve community slugs to IDs."""
    slug = node.value
    uuid = (
        db.session.query(CommunityMetadata.id)
        .filter(CommunityMetadata.slug == slug)
        .scalar()
    )
    return Phrase(f'"{uuid}"')

RDM_SEARCH = {
    # Supported values from RDM_FACETS
    "facets": ["language", "subject"],

    # Supported values from RDM_SORT_OPTIONS
    "sort": [
        "bestmatch",
        "newest",
        "oldest",
        "updated-desc",
        "updated-asc",
        "created-desc",
        "created-asc",
    ],
    "query_parser_cls": QueryParser.factory(
        mapping={
            # shortcuts
            "title": "metadata.title",
            "subject": "metadata.subjects.subject",
            "contributor": "metadata.creators.person_or_org.name",
            # taken from Zenodo
            "doi": FieldValueMapper("pids.doi.identifier", word=word_doi),
            "communities": FieldValueMapper("parent.communities.ids", word=word_communities),
            # Persistent identifiers
            "orcid": "metadata.creators.person_or_org.identifiers.identifier",
            "ror": "metadata.creators.affiliations.id",
            "issn": "custom_fields.journal\:journal.issn",
            # Specific to InveniRDM Starter
            "content": "custom_fields.rs\:content_text",
        },
        tree_transformer_cls=SearchFieldTransformer,
    ),
}

COMMUNITIES_RECORDS_SEARCH = deepcopy(RDM_SEARCH)
"""Communities record search config is the same as the main record search."""

RDM_SEARCH_DRAFTS = {
    "facets": ["is_published", "language", "subject"],
    "sort": ["bestmatch", "newest", "oldest", "updated-desc", "updated-asc", "created-desc", "created-asc"],
}
"""User records search configuration (i.e. list of uploads)."""

# Toggle to show or hide the 'Browse' menu entry for communities.
COMMUNITIES_SHOW_BROWSE_MENU_ENTRY = True

# Enable featured communities
COMMUNITIES_ADMINISTRATION_DISABLED = False

# Invenio-OAuthclient
# -------------------
# See https://github.com/inveniosoftware/invenio-oauthclient/blob/master/invenio_oauthclient/config.py

OAUTHCLIENT_REMOTE_APPS = {}  # configure external login providers

from invenio_oauthclient.views.client import auto_redirect_login
ACCOUNTS_LOGIN_VIEW_FUNCTION = auto_redirect_login  # autoredirect to external login if enabled
OAUTHCLIENT_AUTO_REDIRECT_TO_EXTERNAL_LOGIN = False  # autoredirect to external login

# Invenio-UserProfiles
# --------------------
USERPROFILES_READ_ONLY = False  # allow users to change profile info (name, email, etc...)

# OAI-PMH
# =======
# See https://github.com/inveniosoftware/invenio-oaiserver/blob/master/invenio_oaiserver/config.py

OAISERVER_ID_PREFIX = "invenio-rdm"
"""The prefix that will be applied to the generated OAI-PMH ids."""

# Invenio-Search
# --------------

SEARCH_INDEX_PREFIX = "invenio-rdm-starter-"

# See https://inveniordm.docs.cern.ch/reference/configuration/
RDM_CITATION_STYLES = [
    ('apa', _('APA')),
    ('harvard-cite-them-right', _('Harvard')),
    ('ieee', _('IEEE')),
    ('modern-language-association', _('MLA')),
    ('vancouver', _('Vancouver')),
    ('chicago-author-date', _('Chicago')),
    ('american-chemical-society', _('ACS')),
]

RDM_DEFAULT_CITATION_STYLE = 'apa'

# Redirection of legacy URLs
# --------------------------

def camelcase_to_titlecase(s):
    t = re.sub(r'(?<=[a-z])(?=[A-Z])', ' ', s)
    return t[0].upper() + t[1:].lower()

def blogs_detail_view_function():
    """Implements redirector view function for blogs detail.

    The following routes are redirected as follows:
        - /blogs/<id>/ -> GET /communities/<pid_value>

    :return: url for the view 'invenio_app_rdm_communities.communities_detail'
    :rtype: str
    """
    _id = request.view_args["id"]
    values = {"pid_value": _id}
    target = url_for("invenio_app_rdm_communities.communities_detail", **values)
    return target

def blogs_search_view_function():
    """Implements redirector view function for blogs search.

    The following routes are redirected as follows:
        - /blogs -> GET /communities/search?q=<query>&f=<tags>&p=<page>

    :return: url for the view 'invenio_communities.communities_search'
    :rtype: str
    """
    _q = request.args.get("query", "")
    category = request.args.get("category", None)
    _f = ""
    if category:
        category = camelcase_to_titlecase(category)
        _f = f"subject:{category}"
    _p = request.args.get("page", 1)
    values = {"q": _q, "f": _f, "p": _p}
    target = url_for("invenio_communities.communities_search", **values)
    return target

def posts_detail_view_function():
    """Implements redirector view function for posts detail.
    Assumes that the pid_value is a DOI.

    The following routes are redirected as follows:
        - /posts/<prefix>/<suffix> -> GET /search?q=doi:<pid_value>

    :return: url for the view 'invenio_search_ui.search'
    :rtype: str
    """
    prefix = request.view_args["prefix"]
    suffix = request.view_args["suffix"]
    values = {"q": f"doi:{prefix}/{suffix}"}
    target = url_for("invenio_search_ui.search", **values)
    return target

def posts_search_view_function():
    """Implements redirector view function for posts search.

    The following routes are redirected as follows:
        - /posts -> GET /search?q=<query>&f=<tags>&p=<page>

    :return: url for the view 'invenio_search_ui.search'
    :rtype: str
    """
    _q = request.args.get("query", "")
    category = request.args.get("category", None)
    tags = request.args.get("tags", None)
    _f = ""
    if category:
        category = camelcase_to_titlecase(category)
        _f = f"subject:{category}"
    if tags:
        _f = f"subject:{tags}"
    _p = request.args.get("page", 1)
    values = {"q": _q, "f": _f, "p": _p}
    target = url_for("invenio_search_ui.search", **values)
    return target

REDIRECTOR_RULES = {
    "redirect_signin": {
        "source": "/auth/signin",
        "target": "https://legacy.rogue-scholar.org/auth/signin",
    },
    "redirect_about": {
        "source": "/about",
        "target": "https://legacy.rogue-scholar.org/about",
    },
    "redirect_board": {
        "source": "/board",
        "target": "https://legacy.rogue-scholar.org/board",
    },
    "redirect_blogs": {
        "source": "/blogs",
        "target": blogs_search_view_function,
    },
    "redirect_en_blogs": {
        "source": "/en/blogs",
        "target": blogs_search_view_function,
    },
    "redirect_de_blogs": {
        "source": "/de/blogs",
        "target": blogs_search_view_function,
    },
    "redirect_es_blogs": {
        "source": "/es/blogs",
        "target": blogs_search_view_function,
    },
    "redirect_fr_blogs": {
        "source": "/fr/blogs",
        "target": blogs_search_view_function,
    },
    "redirect_pt_blogs": {
        "source": "/pt/blogs",
        "target": blogs_search_view_function,
    },
    "redirect_it_blogs": {
        "source": "/it/blogs",
        "target": blogs_search_view_function,
    },
    "redirect_tr_blogs": {
        "source": "/tr/blogs",
        "target": blogs_search_view_function,
    },
    "redirect_blogs_detail": {
        "source": "/blogs/<id>",
        "target": blogs_detail_view_function,
    },
    "redirect_en_blogs_detail": {
        "source": "/en/blogs/<id>",
        "target": blogs_detail_view_function,
    },    
    "redirect_de_blogs_detail": {
        "source": "/de/blogs/<id>",
        "target": blogs_detail_view_function,
    },
    "redirect_es_blogs_detail": {
        "source": "/es/blogs/<id>",
        "target": blogs_detail_view_function,
    },
    "redirect_fr_blogs_detail": {
        "source": "/fr/blogs/<id>",
        "target": blogs_detail_view_function,
    },
    "redirect_pt_blogs_detail": {
        "source": "/pt/blogs/<id>",
        "target": blogs_detail_view_function,
    },
    "redirect_it_blogs_detail": {
        "source": "/it/blogs/<id>",
        "target": blogs_detail_view_function,
    },
    "redirect_tr_blogs_detail": {
        "source": "/tr/blogs/<id>",
        "target": blogs_detail_view_function,
    },
    "redirect_posts": {
        "source": "/posts",
        "target": posts_search_view_function,
    },
    "redirect_en": {
        "source": "/en",
        "target": posts_search_view_function,
    },
    "redirect_de": {
        "source": "/de",
        "target": posts_search_view_function,
    },
    "redirect_es": {
        "source": "/es",
        "target": posts_search_view_function,
    },
    "redirect_fr": {
        "source": "/fr",
        "target": posts_search_view_function,
    },
    "redirect_pt": {
        "source": "/pt",
        "target": posts_search_view_function,
    },
    "redirect_it": {
        "source": "/it",
        "target": posts_search_view_function,
    },
    "redirect_tr": {
        "source": "/tr",
        "target": posts_search_view_function,
    },
    "redirect_en_posts": {
        "source": "/en/posts",
        "target": posts_search_view_function,
    },
    "redirect_de_posts": {
        "source": "/de/posts",
        "target": posts_search_view_function,
    },
    "redirect_es_posts": {
        "source": "/es/posts",
        "target": posts_search_view_function,
    },
    "redirect_fr_posts": {
        "source": "/fr/posts",
        "target": posts_search_view_function,
    },
    "redirect_pt_posts": {
        "source": "/pt/posts",
        "target": posts_search_view_function,
    },
    "redirect_it_posts": {
        "source": "/it/posts",
        "target": posts_search_view_function,
    },
    "redirect_tr_posts": {
        "source": "/tr/posts",
        "target": posts_search_view_function,
    },
    "redirect_posts_search": {
        "source": "/posts/<prefix>/<suffix>",
        "target": posts_detail_view_function,
    },
    "redirect_en_posts_search": {
        "source": "/en/posts/<prefix>/<suffix>",
        "target": posts_detail_view_function,
    },
    "redirect_de_posts_search": {
        "source": "/de/posts/<prefix>/<suffix>",
        "target": posts_detail_view_function,
    },
    "redirect_es_posts_search": {
        "source": "/es/posts/<prefix>/<suffix>",
        "target": posts_detail_view_function,
    },
    "redirect_fr_posts_search": {
        "source": "/fr/posts/<prefix>/<suffix>",
        "target": posts_detail_view_function,
    },
    "redirect_pt_posts_search": {
        "source": "/pt/posts/<prefix>/<suffix>",
        "target": posts_detail_view_function,
    },
    "redirect_it_posts_search": {
        "source": "/it/posts/<prefix>/<suffix>",
        "target": posts_detail_view_function,
    },
    "redirect_tr_posts_search": {
        "source": "/tr/posts/<prefix>/<suffix>",
        "target": posts_detail_view_function,
    },
}

"""InvenioRDMStarter permissions."""

# these are defined here as there is a circular dependency otherwise with the
# permissions.py file
media_files_management_action = action_factory("manage-media-files")
manage_external_doi_files_action = action_factory("manage-external-doi-files")


class IfFilesRestrictedForCommunity(IfRestricted):
    """Conditional generator for files restriction for community."""

    def __init__(self, then_, else_):
        """Constructor."""
        super().__init__("files", then_, else_)

    def _condition(self, record, **kwargs):
        """Check if community can access restricted files of the migrated record."""
        try:
            can_community_read_files = dict_lookup(
                record.parent, "permission_flags.can_community_read_files"
            )
        except KeyError:
            can_community_read_files = True

        is_restricted = super()._condition(record, **kwargs)
        if is_restricted:
            return not can_community_read_files
        else:
            return False


class MediaFilesManager(Generator):
    """Allows media files management."""

    def __init__(self):
        """Constructor."""
        super(MediaFilesManager, self).__init__()

    def needs(self, **kwargs):
        """Enabling Needs."""
        return [media_files_management_action]


class ExternalDOIFilesManager(Generator):
    """Allows to manage files for exteranl DOI records."""

    def __init__(self):
        """Initialize generator."""
        super(ExternalDOIFilesManager, self).__init__()

    def needs(self, **kwargs):
        """Enable Needs."""
        return [manage_external_doi_files_action]


class IfRecordManagementAllowedForCommunity(ConditionalGenerator):
    """Conditional generator for community access to record management."""

    def _condition(self, record, **kwargs):
        """Check if community can manage the migrated record."""
        if record is None:
            return False
        try:
            can_community_manage_record = dict_lookup(
                record.parent, "permission_flags.can_community_manage_record"
            )
        except KeyError:
            can_community_manage_record = True

        return can_community_manage_record

    def query_filter(self, **kwargs):
        """Filters for current identity as super user."""
        then_query = self._make_query(self.then_, **kwargs)
        else_query = self._make_query(self.else_, **kwargs)

        return then_query if then_query else else_query


class InvenioRDMStarterRecordPermissionPolicy(RDMRecordPermissionPolicy):
    """Access control configuration for records."""

    #
    # High-level permissions (used by low-level)
    #
    can_manage = [
        IfRecordManagementAllowedForCommunity(
            then_=RDMRecordPermissionPolicy.can_manage,
            else_=[
                RecordOwners(),
                AccessGrant("manage"),
                SystemProcess(),
            ],
        )
    ]
    can_curate = can_manage + [SystemProcess()]
    can_review = can_curate + [SystemProcess()]
    can_preview = can_curate + [SystemProcess()]

    #
    #  Records
    #

    # Used for search filtering of deleted records
    # cannot be implemented inside can_read - otherwise permission will
    # kick in before tombstone renders
    can_create = [SystemProcess()]
    can_read_deleted = [SystemProcess()]
    can_read_deleted_files = can_read_deleted
    can_media_read_deleted_files = can_read_deleted_files

    #
    # Drafts
    #
    # Allow reading metadata of a draft
    can_read_draft = can_preview
    # Allow reading files of a draft
    can_draft_read_files = can_preview + [SystemProcess()]
    # Allow updating metadata of a draft
    can_update_draft = can_review
    # Allow uploading, updating and deleting files in drafts
    can_draft_create_files = can_review
    can_draft_set_content_files = [SystemProcess()]
    can_draft_get_content_files = [SystemProcess()]
    can_draft_commit_files = [SystemProcess()]
    can_draft_update_files = can_review
    can_draft_delete_files = can_review
    can_manage_record_access = can_review

    #
    # PIDs
    #
    can_pid_create = can_review
    can_pid_register = can_review
    can_pid_update = can_review
    can_pid_discard = can_review
    can_pid_delete = can_review

    #
    # Actions
    #
    # Allow to put a record in edit mode (create a draft from record)
    can_edit = [SystemProcess()]
    # Allow deleting/discarding a draft and all associated files
    can_delete_draft = [SystemProcess()]
    # Allow creating a new version of an existing published record.
    can_new_version = [SystemProcess()]
    # Allow publishing a new record or changes to an existing record.
    can_publish = [SystemProcess()]
    # Allow lifting a record or draft.
    can_lift_embargo = [SystemProcess()]

    #
    # Record communities
    #
    # Who can add record to a community
    can_add_community = can_review

    # Media files
    can_draft_media_create_files = [MediaFilesManager(), SystemProcess()]
    can_draft_media_read_files = can_draft_media_create_files
    can_draft_media_set_content_files = [SystemProcess()]
    can_draft_media_commit_files = [SystemProcess()]
    can_draft_media_update_files = can_draft_media_create_files
    can_draft_media_delete_files = can_draft_media_create_files
    can_moderate = [SystemProcess()]
    can_media_create_files = [SystemProcess()]
    can_media_set_content_files = [SystemProcess()]
    can_media_commit_files = [SystemProcess()]
    can_media_update_files = [SystemProcess()]
    can_media_delete_files = [SystemProcess()]
    can_modify_locked_files = [SystemProcess()]


class InvenioRDMStarterCommunityPermissionPolicy(CommunityPermissionPolicy):
    """Permissions for Community CRUD operations.
    We start with limited permissions for community creation and moderation.
    """

    can_create = [SystemProcess()]
    can_moderate = [SystemProcess()]
    can_rename = [SystemProcess()]
    can_submit_record = [SystemProcess()]
    can_include_directly = [SystemProcess()]


RDM_PERMISSION_POLICY = InvenioRDMStarterRecordPermissionPolicy
"""InvenioRDMStarter record permission policy."""

COMMUNITIES_ALLOW_RESTRICTED = False
"""Don't allow restricted records in communities."""

COMMUNITIES_PERMISSION_POLICY = InvenioRDMStarterCommunityPermissionPolicy
"""InvenioRDMStarter community permission policy."""