Source code for ckanext.kata.auth_functions

import ckan.new_authz as new_authz
from ckan.logic.auth import get_package_object, update
from ckan.model import User, Package
import ckanext.kata.settings as settings
from pylons.i18n import _
import logging

log = logging.getLogger(__name__)


[docs]def is_owner(context, data_dict): ''' This is used in "request edit rights" feature. Checks if the user is admin or editor of the package in question :param context: context :param data_dict: package data :type data_dict: dictionary :rtype: dictionary ''' pkg = context.get('package', None) roles = pkg.roles if pkg else Package.get(data_dict['id']).roles user = context.get('user', False) if user: for role in roles: ruser = User.get(role.user.id) if user == ruser.name and role.role in ('admin', 'editor'): return {'success': True} else: return {'success': False} return {'success': False}
[docs]def edit_resource(context, data_dict): ''' Check if a user is allowed edit a resource. :param context: context :param data_dict: data dictionary :rype: dictionary ''' auth_dict = update.resource_update(context, data_dict) if data_dict['resource_type'] == settings.RESOURCE_TYPE_DATASET: return {'success': False, 'msg': _('Resource %s not editable') % (data_dict['id'])} else: return auth_dict
[docs]def package_delete(context, data_dict): ''' Modified check from CKAN, whether the user has a permission to delete the package. In addition to privileges given by CKAN's authorisation, also the package owner has full privileges in Kata. :param context: context :type context: dictionary :param data_dict: package data :type data_dict: dictionary :rtype: dictionary with 'success': True|False ''' user = context['user'] package = get_package_object(context, data_dict) if is_owner(context, data_dict)['success'] == True: return {'success': True} else: authorized = new_authz.has_user_permission_for_group_or_org(package.owner_org, user, 'delete_dataset') if not authorized: return {'success': False, 'msg': _('User %s not authorized to delete package %s') % (str(user),package.id)} else: return {'success': True} return {'success': False}