check community role permissions

oarepo_communities/services/permissions/generators.py

@@ -6,7 +6,7 @@
 from invenio_communities.communities.records.api import Community
 from invenio_communities.communities.records.models import CommunityMetadata
 from invenio_communities.generators import CommunityRoleNeed, CommunityRoles
-from invenio_communities.proxies import current_communities, current_roles
+from invenio_communities.proxies import current_roles
 from invenio_records_permissions.generators import Generator
 from invenio_search.engine import dsl
 from oarepo_workflows.errors import MissingWorkflowError
@@ -46,15 +46,14 @@ def needs(self, **kwargs):
             needs |= set(
                 self.permission_generator.needs(
                     data={"parent": {"communities": {"default": str(community.id)}}},
-                    community_metadata=community,   # optimization
+                    community_metadata=community,  # optimization
                     **kwargs,
                 )
             )
         return list(needs)
 
 
 class CommunityWorkflowPermission(WorkflowPermission):
-
     def _get_workflow_id(self, record=None, **kwargs):
         # todo - check the record branch too? idk makes more sense to not use the default community's workflow, there is a deeper problem if there's no workflow on the record
         try:
@@ -101,7 +100,7 @@ def _get_record_communities(self, record=None, **kwargs):
             return [str(record.parent.communities.default.id)]
         except (AttributeError, TypeError) as e:
             try:
-                return [str(record['parent']['communities']['default'])]
+                return [str(record["parent"]["communities"]["default"])]
             except KeyError:
                 raise MissingDefaultCommunityError(
                     f"Default community missing on record {record}."
@@ -143,12 +142,18 @@ def roles(self, **kwargs):
 
     def needs(self, record=None, data=None, **kwargs):
         """Set of Needs granting permission."""
+        _needs = set()
+
+        if record and isinstance(record, Community):
+            for role in self.roles(**kwargs):
+                _needs.add(CommunityRoleNeed(str(record.id), role))
+            return _needs
+
         if record:
             community_ids = self._get_record_communities(record)
         else:
             community_ids = self._get_data_communities(data)
 
-        _needs = set()
         for c in community_ids:
             for role in self.roles(**kwargs):
                 _needs.add(CommunityRoleNeed(c, role))
@@ -171,7 +176,6 @@ def query_filter(self, identity=None, **kwargs):
 
 
 class CommunityRole(CommunityRoleMixin, OARepoCommunityRoles):
-
     def __init__(self, role):
         self._role = role
         super().__init__()
@@ -186,7 +190,6 @@ def query_filter_field(self):
 class DefaultCommunityRole(
     DefaultCommunityRoleMixin, RecipientGeneratorMixin, OARepoCommunityRoles
 ):
-
     def __init__(self, role):
         self._role = role
         super().__init__()
@@ -206,7 +209,6 @@ def query_filter_field(self):
 
 
 class TargetCommunityRole(DefaultCommunityRole):
-
     def _get_data_communities(self, data=None, **kwargs):
         try:
             community_id = data["payload"]["community"]
@@ -222,16 +224,15 @@ def reference_receivers(self, **kwargs):
 
 
 class CommunityMembers(CommunityRoleMixin, OARepoCommunityRoles):
-
     def roles(self, **kwargs):
         """Roles."""
         return [r.name for r in current_roles]
 
     def query_filter_field(self):
         return "parent.communities.ids"
 
-class DefaultCommunityMembers(DefaultCommunityRoleMixin, OARepoCommunityRoles):
 
+class DefaultCommunityMembers(DefaultCommunityRoleMixin, OARepoCommunityRoles):
     def roles(self, **kwargs):
         """Roles."""
         return [r.name for r in current_roles]

setup.cfg

@@ -1,6 +1,6 @@
 [metadata]
 name = oarepo-communities
-version = 5.1.3
+version = 5.1.4
 description =
 authors = Ronald Krist <[email protected]>
 readme = README.md