From 90d019c4e4fb04ce2145ec02ae3656b5dbb9cc83 Mon Sep 17 00:00:00 2001
From: jrcastro2 <jrcastro9515@gmail.com>
Date: Fri, 11 Oct 2024 11:27:46 +0200
Subject: [PATCH] WIP

---
 .../contrib/names/permissions.py              | 11 +++++----
 invenio_vocabularies/services/generators.py   | 23 +++++--------------
 invenio_vocabularies/services/permissions.py  |  8 +++----
 tests/conftest.py                             |  4 ++--
 tests/contrib/names/conftest.py               |  2 +-
 tests/contrib/names/test_name_permissions.py  |  4 ++--
 tests/services/test_permissions.py            |  4 ++--
 7 files changed, 24 insertions(+), 32 deletions(-)

diff --git a/invenio_vocabularies/contrib/names/permissions.py b/invenio_vocabularies/contrib/names/permissions.py
index 80d5bbc7..7cd0e751 100644
--- a/invenio_vocabularies/contrib/names/permissions.py
+++ b/invenio_vocabularies/contrib/names/permissions.py
@@ -10,20 +10,23 @@
 
 from invenio_records_permissions.generators import AuthenticatedUser, SystemProcess
 
-from invenio_vocabularies.services.generators import Tags
+from invenio_vocabularies.services.generators import IfTags
 from invenio_vocabularies.services.permissions import PermissionPolicy
 
 
 class NamesPermissionPolicy(PermissionPolicy):
-    """Names permission policy."""
+    """Names permission policy.
+    
+    Names endpoints are protected, only authenticated users can access them.
+    """
 
     can_search = [
         SystemProcess(),
-        Tags(exclude=["non-searchable"], only_authenticated=True),
+        IfTags(exclude=["unlisted"], only_authenticated=True),
     ]
     can_read = [SystemProcess(), AuthenticatedUser()]
     # this permission is needed for the /api/vocabularies/ endpoint
     can_list_vocabularies = [
         SystemProcess(),
-        Tags(exclude=["non-searchable"], only_authenticated=True),
+        IfTags(exclude=["unlisted"], only_authenticated=True),
     ]
diff --git a/invenio_vocabularies/services/generators.py b/invenio_vocabularies/services/generators.py
index a4f8befc..e0e620fb 100644
--- a/invenio_vocabularies/services/generators.py
+++ b/invenio_vocabularies/services/generators.py
@@ -14,23 +14,12 @@
 from invenio_search.engine import dsl
 
 
-class AnyUser(Generator):
-    """Allows any user."""
-
-    def needs(self, **kwargs):
-        """Enabling Needs."""
-        return [any_user]
-
-    def query_filter(self, **kwargs):
-        """Match only searchable values in search."""
-        return dsl.Q(
-            "bool",
-            must_not=[dsl.Q("term", tags="non-searchable")],
-        )
-
-
-class Tags(Generator):
-    """Allows any user."""
+class IfTags(Generator):
+    """Generator to filter based on tags.
+    
+    This generator will filter records based on the tags field.
+    Optionally, it can be configured to only allow authenticated users.
+    """
 
     def __init__(self, include=None, exclude=None, only_authenticated=False):
         """Constructor."""
diff --git a/invenio_vocabularies/services/permissions.py b/invenio_vocabularies/services/permissions.py
index def472f8..74693c89 100644
--- a/invenio_vocabularies/services/permissions.py
+++ b/invenio_vocabularies/services/permissions.py
@@ -11,17 +11,17 @@
 from invenio_records_permissions import RecordPermissionPolicy
 from invenio_records_permissions.generators import SystemProcess
 
-from invenio_vocabularies.services.generators import Tags
+from invenio_vocabularies.services.generators import IfTags
 
 
 class PermissionPolicy(RecordPermissionPolicy):
     """Permission policy."""
 
-    can_search = [SystemProcess(), Tags(exclude=["non-searchable"])]
-    can_read = [SystemProcess(), Tags(exclude=["non-searchable"])]
+    can_search = [SystemProcess(), IfTags(exclude=["unlisted"])]
+    can_read = [SystemProcess(), IfTags(exclude=["unlisted"])]
     can_create = [SystemProcess()]
     can_update = [SystemProcess()]
     can_delete = [SystemProcess()]
     can_manage = [SystemProcess()]
     # this permission is needed for the /api/vocabularies/ endpoint
-    can_list_vocabularies = [SystemProcess(), Tags(exclude=["non-searchable"])]
+    can_list_vocabularies = [SystemProcess(), IfTags(exclude=["unlisted"])]
diff --git a/tests/conftest.py b/tests/conftest.py
index 3ef547e5..1f3c3479 100644
--- a/tests/conftest.py
+++ b/tests/conftest.py
@@ -169,9 +169,9 @@ def lang_data2(lang_data):
 
 @pytest.fixture()
 def non_searchable_lang_data(lang_data):
-    """Example data for testing non-searchable cases."""
+    """Example data for testing unlisted cases."""
     data = dict(lang_data)
-    data["tags"] = ["non-searchable", "recommended"]
+    data["tags"] = ["unlisted", "recommended"]
     return data
 
 
diff --git a/tests/contrib/names/conftest.py b/tests/contrib/names/conftest.py
index 83a2ce76..157b77aa 100644
--- a/tests/contrib/names/conftest.py
+++ b/tests/contrib/names/conftest.py
@@ -74,7 +74,7 @@ def non_searchable_name_data():
             {"identifier": "gnd:4079154-3", "scheme": "gnd"},
         ],
         "affiliations": [{"id": "cern"}, {"name": "CustomORG"}],
-        "tags": ["non-searchable"],
+        "tags": ["unlisted"],
     }
 
 
diff --git a/tests/contrib/names/test_name_permissions.py b/tests/contrib/names/test_name_permissions.py
index 09c7de61..4ac27ab1 100644
--- a/tests/contrib/names/test_name_permissions.py
+++ b/tests/contrib/names/test_name_permissions.py
@@ -35,7 +35,7 @@ def test_non_searchable_tag(
     superuser_identity,
     indexer,
 ):
-    """Test that non-searchable tags are not returned in search results."""
+    """Test that unlisted tags are not returned in search results."""
     # Service
     assert service.id == "names"
     assert service.config.indexer_queue_name == "names"
@@ -50,7 +50,7 @@ def test_non_searchable_tag(
     res = service.search(anyuser_idty, type="names", q=f"id:{id_}", size=25, page=1)
     assert res.total == 0
 
-    # Admins should be able to see the non-searchable tags
+    # Admins should be able to see the unlisted tags
     res = service.search(
         superuser_identity, type="names", q=f"id:{id_}", size=25, page=1
     )
diff --git a/tests/services/test_permissions.py b/tests/services/test_permissions.py
index 39c96135..62869f19 100644
--- a/tests/services/test_permissions.py
+++ b/tests/services/test_permissions.py
@@ -73,7 +73,7 @@ def test_permissions_readonly(anyuser_idty, lang_type, lang_data, service):
 def test_non_searchable_tag(
     anyuser_idty, lang_type, non_searchable_lang_data, service, superuser_identity
 ):
-    """Test that non-searchable tags are not returned in search results."""
+    """Test that unlisted tags are not returned in search results."""
     item = service.create(system_identity, non_searchable_lang_data)
     id_ = item.id
     # Refresh index to make changes live.
@@ -83,7 +83,7 @@ def test_non_searchable_tag(
     res = service.search(anyuser_idty, type="languages", q=f"id:{id_}", size=25, page=1)
     assert res.total == 0
 
-    # Admins should be able to see the non-searchable tags
+    # Admins should be able to see the unlisted tags
     res = service.search(
         superuser_identity, type="languages", q=f"id:{id_}", size=25, page=1
     )