Add non-searchable tags

invenio_vocabularies/contrib/affiliations/affiliations.py

@@ -16,7 +16,8 @@
 from invenio_records_resources.records.systemfields import ModelPIDField
 from invenio_records_resources.resources.records.headers import etag_headers
 
-from ...services.permissions import PermissionPolicy
+from invenio_vocabularies.services.permissions import PermissionPolicy
+
 from .config import AffiliationsSearchOptions, service_components
 from .schema import AffiliationSchema
 

invenio_vocabularies/contrib/awards/awards.py

@@ -27,7 +27,8 @@
 )
 from invenio_records_resources.resources.records.headers import etag_headers
 
-from ...services.permissions import PermissionPolicy
+from invenio_vocabularies.services.permissions import PermissionPolicy
+
 from ..funders.api import Funder
 from ..subjects.api import Subject
 from .config import AwardsSearchOptions, service_components

invenio_vocabularies/contrib/funders/funders.py

@@ -21,7 +21,8 @@
 from invenio_records_resources.records.systemfields import ModelPIDField
 from invenio_records_resources.resources.records.headers import etag_headers
 
-from ...services.permissions import PermissionPolicy
+from invenio_vocabularies.services.permissions import PermissionPolicy
+
 from .config import FundersSearchOptions, service_components
 from .schema import FunderSchema
 from .serializer import FunderL10NItemSchema

invenio_vocabularies/contrib/names/jsonschemas/names/name-v1.0.0.json

@@ -15,15 +15,41 @@
       "description": "Identifier of the name scheme.",
       "$ref": "local://definitions-v1.0.0.json#/identifier"
     },
-    "name": {"type": "string"},
-    "given_name": {"type": "string"},
-    "family_name": {"type": "string"},
+    "name": {
+      "type": "string"
+    },
+    "given_name": {
+      "type": "string"
+    },
+    "family_name": {
+      "type": "string"
+    },
     "identifiers": {
       "description": "Identifiers for the person.",
       "type": "array",
-      "items": {"$ref": "local://definitions-v1.0.0.json#/identifiers_with_scheme"},
+      "items": {
+        "$ref": "local://definitions-v1.0.0.json#/identifiers_with_scheme"
+      },
       "uniqueItems": true
     },
+    "props": {
+      "type": "object",
+      "patternProperties": {
+        "^.*$": {
+          "oneOf": [
+            {
+              "type": "string"
+            },
+            {
+              "type": "boolean"
+            },
+            {
+              "type": "array"
+            }
+          ]
+        }
+      }
+    },
     "affiliations": {
       "description": "Affiliations of the person.",
       "type": "array",
@@ -42,4 +68,4 @@
       "uniqueItems": true
     }
   }
-}
+}

invenio_vocabularies/contrib/names/mappings/os-v1/names/name-v2.0.0.json

@@ -144,6 +144,10 @@
             "type": "keyword"
           }
         }
+      },
+      "props": {
+        "type": "object",
+        "dynamic": "true"
       }
     }
   }

invenio_vocabularies/contrib/names/mappings/os-v2/names/name-v2.0.0.json

@@ -144,6 +144,10 @@
             "type": "keyword"
           }
         }
+      },
+      "props": {
+        "type": "object",
+        "dynamic": "true"
       }
     }
   }

invenio_vocabularies/contrib/names/permissions.py

@@ -10,11 +10,23 @@
 
 from invenio_records_permissions.generators import AuthenticatedUser, SystemProcess
 
-from ...services.permissions import PermissionPolicy
+from invenio_vocabularies.services.generators import IfTags
+from invenio_vocabularies.services.permissions import PermissionPolicy
 
 
 class NamesPermissionPolicy(PermissionPolicy):
-    """Permission policy."""
+    """Names permission policy.
 
-    can_search = [SystemProcess(), AuthenticatedUser()]
-    can_read = [SystemProcess(), AuthenticatedUser()]
+    Names endpoints are protected, only authenticated users can access them.
+    """
+
+    can_search = [
+        SystemProcess(),
+        IfTags(exclude=["unlisted"], only_authenticated=True),
+    ]
+    can_read = [SystemProcess(), IfTags(exclude=["unlisted"], only_authenticated=True)]
+    # this permission is needed for the /api/vocabularies/ endpoint
+    can_list_vocabularies = [
+        SystemProcess(),
+        IfTags(exclude=["unlisted"], only_authenticated=True),
+    ]

invenio_vocabularies/contrib/names/schema.py

@@ -42,6 +42,7 @@ class NameSchema(BaseVocabularySchema, ModePIDFieldVocabularyMixin):
         )
     )
     affiliations = fields.List(fields.Nested(AffiliationRelationSchema))
+    props = fields.Dict(keys=fields.Str(), values=fields.Raw())
 
     @validates_schema
     def validate_names(self, data, **kwargs):

invenio_vocabularies/contrib/names/services.py

@@ -1,4 +1,4 @@
 # -*- coding: utf-8 -*-
 #
 # Copyright (C) 2021 CERN.
 #
@@ -19,11 +19,12 @@
 class NamesService(record_type.service_cls):
     """Name service."""
 
-    def resolve(self, identity, id_, id_type):
+    def resolve(self, identity, id_, id_type, many=False):
         """Get the record with a given identifier.
 
-        This method assumes that the are no duplicates in the system
-        (i.e. only one name record can have a pair of identifier:scheme).
+        param id_: The identifier value.
+        param id_type: The identifier type.
+        param many: If True, return a list of records.
         """
         search_query = dsl.Q(
             "bool",
@@ -36,20 +37,25 @@
 
         # max_records = 1, we assume there cannot be duplicates
         # the loading process needs to make sure of that
-        results = self._read_many(identity, search_query, max_records=1)
+        if many:
+            results = self._read_many(identity, search_query)
+        else:
+            results = self._read_many(identity, search_query, max_records=1)
+
         # cant use the results_item because it returns dicts intead of records
         total = results.hits.total["value"]
         if total == 0:
             # Not a PID but trated as such
             raise PIDDoesNotExistError(pid_type=id_type, pid_value=id_)
-
-        # (0 < #hits <= max_records) = 1
-        record = self.record_cls.loads(results[0].to_dict())
-        self.require_permission(identity, "read", record=record)
-
-        return self.result_item(
-            self,
-            identity,
-            record,
-            links_tpl=self.links_item_tpl,
-        )
+        if many:
+            return self.result_list(self, identity, results)
+        else:
+            record = self.record_cls.loads(results[0].to_dict())
+            self.require_permission(identity, "read", record=record)
+
+            return self.result_item(
+                self,
+                identity,
+                record,
+                links_tpl=self.links_item_tpl,
+            )

invenio_vocabularies/services/generators.py

@@ -0,0 +1,49 @@
+# -*- coding: utf-8 -*-
+#
+# Copyright (C) 2024 CERN.
+#
+# Invenio-Vocabularies is free software; you can redistribute it and/or
+# modify it under the terms of the MIT License; see LICENSE file for more
+# details.
+#
+
+"""Vocabulary generators."""
+
+from invenio_access import any_user, authenticated_user
+from invenio_records_permissions.generators import Generator
+from invenio_search.engine import dsl
+
+
+class IfTags(Generator):
+    """Generator to filter based on tags.
+
+    This generator will filter records based on the tags field.
+    Optionally, it can be configured to only allow authenticated users.
+    """
+
+    def __init__(self, include=None, exclude=None, only_authenticated=False):
+        """Constructor."""
+        self.include = include or []
+        self.exclude = exclude or []
+        self.only_authenticated = only_authenticated
+
+    def needs(self, **kwargs):
+        """Enabling Needs."""
+        return [authenticated_user] if self.only_authenticated else [any_user]
+
+    def query_filter(self, **kwargs):
+        """Search based on configured tags."""
+        must_clauses = []
+        must_not_clauses = []
+
+        if self.include:
+            must_clauses.append(dsl.Q("terms", tags=self.include))
+
+        if self.exclude:
+            must_not_clauses.append(dsl.Q("terms", tags=self.exclude))
+
+        return dsl.Q(
+            "bool",
+            must=must_clauses,
+            must_not=must_not_clauses,
+        )

invenio_vocabularies/services/permissions.py

@@ -9,17 +9,19 @@
 """Vocabulary permissions."""
 
 from invenio_records_permissions import RecordPermissionPolicy
-from invenio_records_permissions.generators import AnyUser, SystemProcess
+from invenio_records_permissions.generators import SystemProcess
+
+from invenio_vocabularies.services.generators import IfTags
 
 
 class PermissionPolicy(RecordPermissionPolicy):
     """Permission policy."""
 
-    can_search = [SystemProcess(), AnyUser()]
-    can_read = [SystemProcess(), AnyUser()]
+    can_search = [SystemProcess(), IfTags(exclude=["unlisted"])]
+    can_read = [SystemProcess(), IfTags(exclude=["unlisted"])]
     can_create = [SystemProcess()]
     can_update = [SystemProcess()]
     can_delete = [SystemProcess()]
     can_manage = [SystemProcess()]
     # this permission is needed for the /api/vocabularies/ endpoint
-    can_list_vocabularies = [SystemProcess(), AnyUser()]
+    can_list_vocabularies = [SystemProcess(), IfTags(exclude=["unlisted"])]

tests/conftest.py

@@ -37,7 +37,12 @@
 from flask_principal import Identity, Need, UserNeed
 from flask_security import login_user
 from flask_security.utils import hash_password
-from invenio_access.permissions import ActionUsers, any_user, system_process
+from invenio_access.permissions import (
+    ActionUsers,
+    any_user,
+    superuser_access,
+    system_process,
+)
 from invenio_access.proxies import current_access
 from invenio_accounts.proxies import current_datastore
 from invenio_accounts.testutils import login_user_via_session
@@ -113,6 +118,17 @@ def identity():
     return i
 
 
+@pytest.fixture(scope="module")
+def superuser_identity():
+    """Super user identity to interact with the services."""
+    i = Identity(2)
+    i.provides.add(UserNeed(2))
+    i.provides.add(any_user)
+    i.provides.add(system_process)
+    i.provides.add(superuser_access)
+    return i
+
+
 @pytest.fixture(scope="module")
 def service(app):
     """Vocabularies service object."""
@@ -151,6 +167,14 @@ def lang_data2(lang_data):
     return data
 
 
+@pytest.fixture()
+def non_searchable_lang_data(lang_data):
+    """Example data for testing unlisted cases."""
+    data = dict(lang_data)
+    data["tags"] = ["unlisted", "recommended"]
+    return data
+
+
 @pytest.fixture()
 def example_record(db, identity, service, example_data):
     """Example record."""

tests/contrib/names/conftest.py

@@ -13,8 +13,11 @@
 """
 
 import pytest
+from invenio_indexer.api import RecordIndexer
 from invenio_records_resources.proxies import current_service_registry
 
+from invenio_vocabularies.contrib.names.api import Name
+
 
 @pytest.fixture(scope="module")
 def service():
@@ -56,3 +59,29 @@ def name_full_data():
         ],
         "affiliations": [{"id": "cern"}, {"name": "CustomORG"}],
     }
+
+
+@pytest.fixture(scope="function")
+def non_searchable_name_data():
+    """Full name data."""
+    return {
+        "id": "0000-0001-8135-3489",
+        "name": "Doe, John",
+        "given_name": "John",
+        "family_name": "Doe",
+        "identifiers": [
+            {"identifier": "0000-0001-8135-3489", "scheme": "orcid"},
+            {"identifier": "gnd:4079154-3", "scheme": "gnd"},
+        ],
+        "affiliations": [{"id": "cern"}, {"name": "CustomORG"}],
+        "tags": ["unlisted"],
+    }
+
+
+@pytest.fixture(scope="module")
+def indexer():
+    """Indexer instance with correct Record class."""
+    return RecordIndexer(
+        record_cls=Name,
+        record_to_index=lambda r: (r.__class__.index._name, "_doc"),
+    )