Python _groups_intersect Beispiele

Beispiel #1

Datei: create.py Projekt: arkka/ckan

def package_relationship_create(context, data_dict):
    """
    Permission for users to create a new package relationship requires that the
    user share a group with both packages.
    """
    model = context['model']
    user = context['user']

    id = data_dict.get('id', '')
    id2 = data_dict.get('id2', '')

    pkg1 = model.Package.get(id)
    pkg2 = model.Package.get(id2)

    if not pkg1 or not pkg2:
        return {'success': False, 'msg': _('Two package IDs are required')}

    pkg1grps = pkg1.get_groups('organization')
    pkg2grps = pkg2.get_groups('organization')

    usergrps = model.User.get(user).get_groups('organization')
    authorized = _groups_intersect(usergrps, pkg1grps) and _groups_intersect(
        usergrps, pkg2grps)
    if not authorized:
        return {
            'success': False,
            'msg':
            _('User %s not authorized to edit these packages') % str(user)
        }
    else:
        return {'success': True}

Beispiel #2

Datei: create.py Projekt: jmwenda/ckan

def package_relationship_create(context, data_dict):
    """
    Permission for users to create a new package relationship requires that the
    user share a group with both packages.
    """
    model = context['model']
    user = context['user']

    id = data_dict.get('id', '')
    id2 = data_dict.get('id2', '')

    pkg1 = model.Package.get(id)
    pkg2 = model.Package.get(id2)

    if not pkg1 or not pkg2:
        return {'success': False, 'msg': _('Two package IDs are required')}

    pkg1grps = pkg1.get_groups('organization')
    pkg2grps = pkg2.get_groups('organization')

    usergrps = model.User.get( user ).get_groups('organization')
    authorized = _groups_intersect( usergrps, pkg1grps ) and _groups_intersect( usergrps, pkg2grps )
    if not authorized:
        return {'success': False, 'msg': _('User %s not authorized to edit these packages') % str(user)}
    else:
        return {'success': True}

Beispiel #3

Datei: authorize.py Projekt: metaodi/ckanext-dgu

def dgu_group_update(context, data_dict):
    """
    Group edit permission.  Checks that a valid user is supplied and that the user is
    a member of the group with a capacity of admin.
    """
    model = context['model']
    user = context.get('user','')
    group = get_group_object(context, data_dict)

    if not user:
        return {'success': False, 'msg': _('Only members of this group are authorized to edit this group')}

    # Sys admins should be allowed to update groups
    if Authorizer().is_sysadmin(unicode(user)):
        return { 'success': True }

    # Only allow package update if the user and package groups intersect
    user_obj = model.User.get( user )
    if not user_obj:
        return { 'success' : False, 'msg': _('Could not find user %s') % str(user) }

    parent_groups = list(publib.go_up_tree(group))

    # Check if user is an admin of a parent group, and if so allow them to edit.
    if _groups_intersect( user_obj.get_groups('publisher', 'admin'), parent_groups ):
        return {'success': True}

    # Check admin of just this group
    if _groups_intersect( user_obj.get_groups('publisher', 'admin'), [group] ):
        return {'success': True}

    return { 'success': False, 'msg': _('User %s not authorized to edit this group') % str(user) }

Beispiel #4

Datei: create.py Projekt: allanglen/ckan

def package_relationship_create(context, data_dict):
    """
    Permission for users to create a new package relationship requires that the
    user share a group with both packages.
    """
    model = context["model"]
    user = context["user"]

    id = data_dict.get("id", "")
    id2 = data_dict.get("id2", "")

    pkg1 = model.Package.get(id)
    pkg2 = model.Package.get(id2)

    if not pkg1 or not pkg2:
        return {"success": False, "msg": _("Two package IDs are required")}

    pkg1grps = pkg1.get_groups("publisher")
    pkg2grps = pkg2.get_groups("publisher")

    usergrps = model.User.get(user).get_groups("publisher")
    authorized = _groups_intersect(usergrps, pkg1grps) and _groups_intersect(usergrps, pkg2grps)
    if not authorized:
        return {"success": False, "msg": _("User %s not authorized to edit these packages") % str(user)}
    else:
        return {"success": True}

Beispiel #5

def dgu_package_update(context, data_dict):
    model = context['model']
    user = context.get('user')
    user_obj = model.User.get(user)
    package = get_package_object(context, data_dict)

    if Authorizer().is_sysadmin(user_obj):
        return {'success': True}

    # Only sysadmins can edit UKLP packages.
    # Note: the harvest user *is* a sysadmin
    # Note: if changing this, check the code and comments in
    #       ckanext/forms/dataset_form.py:DatasetForm.form_to_db_schema_options()
    if package.extras.get('UKLP', '') == 'True':
        return {
            'success':
            False,
            'msg':
            _('User %s not authorized to edit packages in these groups') %
            str(user)
        }

    if not user_obj or \
       not _groups_intersect( user_obj.get_groups('publisher'), package.get_groups('publisher') ):
        return {
            'success':
            False,
            'msg':
            _('User %s not authorized to edit packages of this publisher') %
            str(user)
        }

    return {'success': True}

Beispiel #6

def related_delete(context, data_dict):
    model = context['model']
    user = context['user']
    if not user:
        return {
            'success': False,
            'msg': _('Only the owner can delete a related item')
        }

    if Authorizer().is_sysadmin(unicode(user)):
        return {'success': True}

    related = get_related_object(context, data_dict)
    userobj = model.User.get(user)

    if related.datasets:
        package = related.datasets[0]
        if _groups_intersect(userobj.get_groups('organization'),
                             package.get_groups('organization')):
            return {'success': True}

    if not userobj or userobj.id != related.owner_id:
        return {
            'success': False,
            'msg': _('Only the owner can delete a related item')
        }

    return {'success': True}

Beispiel #7

Datei: get.py Projekt: mateitrusca/ckan

def resource_show(context, data_dict):
    """ Resource show permission checks the user group if the package state is deleted """
    model = context['model']
    user = context.get('user')
    resource = get_resource_object(context, data_dict)
    package = resource.resource_group.package

    if package.state == 'deleted':
        userobj = model.User.get(user)
        if not userobj:
            return {
                'success':
                False,
                'msg':
                _('User %s not authorized to read resource %s') %
                (str(user), package.id)
            }
        if not _groups_intersect(userobj.get_groups('organization'),
                                 package.get_groups('organization')):
            return {
                'success':
                False,
                'msg':
                _('User %s not authorized to read package %s') %
                (str(user), package.id)
            }

    pkg_dict = {'id': package.id}
    return package_show(context, pkg_dict)

Beispiel #8

Datei: authorize.py Projekt: OpenDataAarhus/odaa_ckan

def dgu_package_create(context, data_dict):
    model = context['model']
    user = context.get('user')
    user_obj = model.User.get( user )

    if not user_obj:
        return {'success': False}

    if Authorizer().is_sysadmin(user_obj):
        return {'success': True}

    user_publishers = user_obj.get_groups('publisher')

    if not data_dict:
        # i.e. not asking in relation to a particular package. We only let
        # publishers do this
        return {'success': bool(user_publishers)}

    if not user_obj:
        return {'success': False, 
                'msg': _('User %s not authorized to edit packages of this publisher') % str(user)}

    user_publisher_names = [pub.name for pub in user_publishers]
    if data_dict['groups'] and isinstance(data_dict['groups'][0], dict):
        package_group_names = [pub['name'] for pub in data_dict['groups']]
    else:
        # Just get the group name in the rest interface
        package_group_names = data_dict['groups']

    if not _groups_intersect(user_publisher_names, package_group_names):
        return {'success': False, 
                'msg': _('User %s not authorized to edit packages of this publisher') % str(user)}

    return {'success': True}

Beispiel #9

Datei: update.py Projekt: arkka/ckan

def resource_update(context, data_dict):
    """
    Update resource permission checks the user is in a group that the resource's
    package is also a member of.
    """
    model = context['model']
    user = context.get('user')
    resource = get_resource_object(context, data_dict)
    userobj = model.User.get(user)

    if Authorizer().is_sysadmin(unicode(user)):
        return {'success': True}

    if not userobj:
        return {
            'success':
            False,
            'msg':
            _('User %s not authorized to edit resources in this package') %
            str(user)
        }

    if not _groups_intersect(
            userobj.get_groups('organization'),
            resource.resource_group.package.get_groups('organization')):
        return {
            'success':
            False,
            'msg':
            _('User %s not authorized to edit resources in this package') %
            str(user)
        }

    return {'success': True}

Beispiel #10

Datei: get.py Projekt: gitter-badger/ckan

def package_show(context, data_dict):
    """ Package show permission checks the user group if the state is deleted """
    model = context['model']
    package = get_package_object(context, data_dict)

    if package.state == 'deleted':
        if 'ignore_auth' in context and context['ignore_auth']:
            return {'success': True}

        user = context.get('user')

        if not user:
            return {'success': False, 'msg': _('User not authorized to read package %s') % (package.id)}

        userobj = model.User.get( user )

        if Authorizer().is_sysadmin(unicode(user)):
            return {'success': True}

        if not userobj:
            return {'success': False, 'msg': _('User %s not authorized to read package %s') % (str(user),package.id)}

        if not _groups_intersect( userobj.get_groups('publisher'), package.get_groups('publisher') ):
            return {'success': False, 'msg': _('User %s not authorized to read package %s') % (str(user),package.id)}

    return {'success': True}

Beispiel #11

Datei: create.py Projekt: jmwenda/ckan

def group_create(context, data_dict=None):
    """
    Group create permission.  If a group is provided, within which we want to create a group
    then we check that the user is within that group.  If not then we just say Yes for now
    although there may be some approval issues elsewhere.
    """
    model = context['model']
    user  = context['user']

    if not model.User.get(user):
        return {'success': False, 'msg': _('User is not authorized to create groups') }

    if Authorizer.is_sysadmin(user):
        return {'success': True}

    try:
        # If the user is doing this within another group then we need to make sure that
        # the user has permissions for this group.
        group = get_group_object( context )
    except logic.NotFound:
        return { 'success' : True }

    userobj = model.User.get( user )
    if not userobj:
        return {'success': False, 'msg': _('User %s not authorized to create groups') % str(user)}

    authorized = _groups_intersect( userobj.get_groups('organization'), [group] )
    if not authorized:
        return {'success': False, 'msg': _('User %s not authorized to create groups') % str(user)}
    else:
        return {'success': True}

Beispiel #12

Datei: update.py Projekt: AltisCorp/ckan

def group_update(context, data_dict):
    """
    Group edit permission.  Checks that a valid user is supplied and that the user is
    a member of the group currently with any capacity.
    """
    model = context['model']
    user = context.get('user','')
    group = get_group_object(context, data_dict)

    if not user:
        return {'success': False, 'msg': _('Only members of this group are authorized to edit this group')}

    # Sys admins should be allowed to update groups
    if Authorizer().is_sysadmin(unicode(user)):
        return { 'success': True }

    # Only allow package update if the user and package groups intersect
    userobj = model.User.get( user )
    if not userobj:
        return { 'success' : False, 'msg': _('Could not find user %s') % str(user) }

    # Only admins of this group should be able to update this group
    if not _groups_intersect( userobj.get_groups( 'organization', 'admin' ), [group] ):
        return { 'success': False, 'msg': _('User %s not authorized to edit this group') % str(user) }

    return { 'success': True }

Beispiel #13

Datei: get.py Projekt: mateitrusca/ckan

def package_show(context, data_dict):
    from pylons.controllers.util import abort
    """ Package show permission checks the user group if the state is deleted """
    model = context['model']
    package = get_package_object(context, data_dict)
    user = context.get('user')
    ignore_auth = context.get('ignore_auth', False)
    if Authorizer().is_sysadmin(unicode(user)):
        return {'success': True}

    userobj = model.User.get(user) if user else None

    if ignore_auth:
        return {'success': True}

    if package.state == 'deleted':
        if not user or not userobj:
            return {
                'success': False,
                'msg':
                _('User not authorized to read package %s') % (package.id)
            }

        if not _groups_intersect(userobj.get_groups(), package.get_groups()):
            return {
                'success':
                False,
                'msg':
                _('User %s not authorized to read package %s') %
                (str(user), package.id)
            }

    # If package is in a private group then we require:
    #   1. Logged in user
    #   2. User in the group
    groups = package.get_groups(capacity='private')
    if groups:
        if userobj and _groups_intersect(userobj.get_groups(), groups):
            return {'success': True}

        # We want to abort with a 404 here instea
        #return {'success': False, 'msg': _('User %s not authorized to read package %s') % (str(user),package.id)}
        abort(404)

    return {'success': True}

Beispiel #14

Datei: authorize.py Projekt: metaodi/ckanext-dgu

def dgu_package_update(context, data_dict):
    model = context['model']
    user = context.get('user')
    user_obj = model.User.get( user )
    package = get_package_object(context, data_dict)

    if Authorizer().is_sysadmin(user_obj):
        return {'success': True}

    fail = {'success': False,
            'msg': _('User %s not authorized to edit packages in these groups') % str(user)}

    # Only sysadmins can edit UKLP packages.
    # Note: the harvest user *is* a sysadmin
    # Note: if changing this, check the code and comments in
    #       ckanext/forms/dataset_form.py:DatasetForm.form_to_db_schema_options()
    if package.extras.get('UKLP', '') == 'True':
        return fail

    # Only sysadmins can edit ONS packages.
    # Note: the dgu user *is* a sysadmin
    if package.extras.get('external_reference') == 'ONSHUB':
        return fail

    # To be able to edit this dataset the user is allowed if
    # (they are an 'editor' for this publisher) OR
    # (an admin for this publisher OR parent publishers).
    if not user_obj:
        return fail

    package_group = package.get_groups('publisher')
    parent_groups = list(publib.go_up_tree(package_group[0])) if package_group else []

    # Check admin of this or parent groups.
    if _groups_intersect( user_obj.get_groups('publisher', 'admin'), parent_groups ):
        return {'success': True}

    # Check admin or editor of just this group
    if _groups_intersect( user_obj.get_groups('publisher'), package_group ):
        return {'success': True}

    return fail

Beispiel #15

Datei: authorize.py Projekt: metaodi/ckanext-dgu

def dgu_package_create(context, data_dict):
    model = context['model']
    user = context.get('user')
    user_obj = model.User.get( user )

    if not user_obj:
        return {'success': False}

    if Authorizer().is_sysadmin(user_obj):
        return {'success': True}

    user_publishers = user_obj.get_groups('publisher')

    if not data_dict:
        # i.e. not asking in relation to a particular package. We only let
        # publishers do this
        return {'success': bool(user_publishers)}

    if not user_obj:
        return {'success': False,
                'msg': _('User %s not authorized to edit packages of this publisher') % str(user)}

    # For users who are admins of groups, we should also include all of their child groups
    # in the list of user_publishers
    as_admin = user_obj.get_groups('publisher', 'admin')
    for g in as_admin:
        user_publishers.extend(list(publib.go_down_tree(g)))

    user_publisher_names = [pub.name for pub in set(user_publishers)]

    if data_dict['groups'] and isinstance(data_dict['groups'][0], dict):
        package_group_names = [pub['name'] for pub in data_dict['groups']]
    elif data_dict['groups'] and isinstance(data_dict['groups'], list):
        # data_dict['groups'] is already a list of names at this point so we
        # should just assign it.
        package_group_names = data_dict['groups']
    else:
        # In the case where we have received a single string in the data_dict['groups']
        # we should wrap it in a list to make sure the intersection check works
        package_group_names = [data_dict['groups']] if data_dict['groups'] else []


    # If the user has a group (is a publisher), but there is no package
    # group name, then we need to continue to allow validation to cause the
    # failure.
    if user_publishers and package_group_names == [u' ']:
        return {'success': True}

    if not _groups_intersect(user_publisher_names, package_group_names):
        return {'success': False,
                'msg': _('User %s not authorized to edit packages of this publisher') % str(user)}

    return {'success': True}

Beispiel #16

Datei: get.py Projekt: arkka/ckan

def group_show(context, data_dict):
    """ Group show permission checks the user group if the state is deleted """
    model = context['model']
    user = context.get('user')
    group = get_group_object(context, data_dict)
    userobj = model.User.get( user )

    if group.state == 'deleted':
        if not user or \
           not _groups_intersect( userobj.get_groups('organization'), group.get_groups('organization') ):
            return {'success': False, 'msg': _('User %s not authorized to show group %s') % (str(user),group.id)}

    return {'success': True}

Beispiel #17

Datei: authorize.py Projekt: metaodi/ckanext-dgu

def dgu_dataset_delete(context, data_dict):
    """
    Determines whether a dataset's state can be set to "deleted".

    Currently only sysadmin users can do this, apart from UKLP.
    """
    model = context['model']
    user = context.get('user')
    if not user:
        return {'success': False}
    user_obj = model.User.get(user)
    package = get_package_object(context, data_dict)

    if Authorizer().is_sysadmin(user_obj):
        return {'success': True}

    if package.extras.get('UKLP', '') != 'True':
        return {'success': False}

    # To be able to delete this dataset the user is allowed if
    # (they are an 'editor' for this publisher) OR
    # (an admin for this publisher OR parent publishers).
    if not user_obj:
        return {'success': False}

    package_group = package.get_groups('publisher')
    parent_groups = list(publib.go_up_tree(package_group[0])) if package_group else []

    # Check admin of this or parent groups.
    if _groups_intersect( user_obj.get_groups('publisher', 'admin'), parent_groups ):
        return {'success': True}

    # Check admin or editor of just this group
    if _groups_intersect( user_obj.get_groups('publisher'), package_group ):
        return {'success': True}

    return {'success': False}

Beispiel #18

def package_delete(context, data_dict):
    """
    Delete a package permission. User must be in at least one group that that
    package is also in.
    """
    model = context['model']
    user = context['user']
    package = get_package_object(context, data_dict)
    userobj = model.User.get( user )

    if not userobj or \
       not _groups_intersect( userobj.get_groups('organization'), package.get_groups('organization') ):
        return {'success': False,
                'msg': _('User %s not authorized to delete packages in these group') % str(user)}
    return {'success': True}

Beispiel #19

Datei: get.py Projekt: Big-Data/ckan

def package_show(context, data_dict):
    from pylons.controllers.util import abort

    """ Package show permission checks the user group if the state is deleted """
    model = context['model']
    package = get_package_object(context, data_dict)
    user = context.get('user')
    ignore_auth = context.get('ignore_auth',False)
    if Authorizer().is_sysadmin(unicode(user)):
        return {'success': True}

    userobj = model.User.get( user ) if user else None

    if ignore_auth:
        return {'success': True}

    if package.state == 'deleted':
        if not user or not userobj:
            return {'success': False, 'msg': _('User not authorized to read package %s') % (package.id)}

        if not _groups_intersect( userobj.get_groups(), package.get_groups() ):
            return {'success': False, 'msg': _('User %s not authorized to read package %s') % (str(user),package.id)}

    # If package is in a private group then we require:
    #   1. Logged in user
    #   2. User in the group
    groups = package.get_groups(capacity='private')
    if groups:
        if userobj and _groups_intersect( userobj.get_groups(), groups ):
            return {'success': True}

        # We want to abort with a 404 here instea
        #return {'success': False, 'msg': _('User %s not authorized to read package %s') % (str(user),package.id)}
        abort(404)

    return {'success': True}

Beispiel #20

Datei: update.py Projekt: AltisCorp/ckan

def package_update(context, data_dict):
    model = context['model']
    user = context.get('user')
    package = get_package_object(context, data_dict)

    if Authorizer().is_sysadmin(unicode(user)):
        return { 'success': True }

    userobj = model.User.get( user )
    if not userobj or \
       not _groups_intersect( userobj.get_groups('organization'), package.get_groups('organization') ):
        return {'success': False,
                'msg': _('User %s not authorized to edit packages in these groups') % str(user)}

    return {'success': True}

Beispiel #21

Datei: get.py Projekt: Big-Data/ckan

def resource_show(context, data_dict):
    """ Resource show permission checks the user group if the package state is deleted """
    model = context['model']
    user = context.get('user')
    resource = get_resource_object(context, data_dict)
    package = resource.resource_group.package

    if package.state == 'deleted':
        userobj = model.User.get( user )
        if not userobj:
            return {'success': False, 'msg': _('User %s not authorized to read resource %s') % (str(user),package.id)}
        if not _groups_intersect( userobj.get_groups('organization'), package.get_groups('organization') ):
            return {'success': False, 'msg': _('User %s not authorized to read package %s') % (str(user),package.id)}

    pkg_dict = {'id': package.id}
    return package_show(context, pkg_dict)

Beispiel #22

Datei: update.py Projekt: allanglen/ckan

def resource_update(context, data_dict):
    """
    Update resource permission checks the user is in a group that the resource's 
    package is also a member of.
    """
    model = context['model']
    user = context.get('user')
    resource = get_resource_object(context, data_dict)
    userobj = model.User.get( user )
    
    if not userobj:
        return {'success': False, 'msg': _('User %s not authorized to edit resources in this package') % str(user)}        
        
    if not _groups_intersect( userobj.get_groups('publisher'), resource.resource_group.package.get_groups('publisher') ):
        return {'success': False, 'msg': _('User %s not authorized to edit resources in this package') % str(user)}

    return {'success': True}

Beispiel #23

Datei: create.py Projekt: Open-Source-GIS/ckan

def related_create(context, data_dict=None):
    model = context['model']
    user = context['user']
    userobj = model.User.get(user)

    if not userobj:
        return {'success': False, 'msg': _('You must be logged in to add a related item')}

    if 'dataset_id' in data_dict:
        # If this is to be associated with a dataset then we need to make sure that
        # the user doing so is a member of that group
        dataset = model.Package.get(data_dict['dataset_id'])
        if dataset and not _groups_intersect( userobj.get_groups(),
                                              dataset.get_groups() ):
            return {'success': False,
                    'msg': _('You do not have permission to create an item')}

    return {'success': True }

Beispiel #24

def dgu_package_create(context, data_dict):
    model = context['model']
    user = context.get('user')
    user_obj = model.User.get(user)

    if not user_obj:
        return {'success': False}

    if Authorizer().is_sysadmin(user_obj):
        return {'success': True}

    user_publishers = user_obj.get_groups('publisher')

    if not data_dict:
        # i.e. not asking in relation to a particular package. We only let
        # publishers do this
        return {'success': bool(user_publishers)}

    if not user_obj:
        return {
            'success':
            False,
            'msg':
            _('User %s not authorized to edit packages of this publisher') %
            str(user)
        }

    user_publisher_names = [pub.name for pub in user_publishers]
    if data_dict['groups'] and isinstance(data_dict['groups'][0], dict):
        package_group_names = [pub['name'] for pub in data_dict['groups']]
    else:
        # Just get the group name in the rest interface
        package_group_names = data_dict['groups']

    if not _groups_intersect(user_publisher_names, package_group_names):
        return {
            'success':
            False,
            'msg':
            _('User %s not authorized to edit packages of this publisher') %
            str(user)
        }

    return {'success': True}

Beispiel #25

Datei: update.py Projekt: arkka/ckan

def package_update(context, data_dict):
    model = context['model']
    user = context.get('user')
    package = get_package_object(context, data_dict)

    if Authorizer().is_sysadmin(unicode(user)):
        return {'success': True}

    userobj = model.User.get(user)
    if not userobj or \
       not _groups_intersect( userobj.get_groups('organization'), package.get_groups('organization') ):
        return {
            'success':
            False,
            'msg':
            _('User %s not authorized to edit packages in these groups') %
            str(user)
        }

    return {'success': True}

Beispiel #26

def group_delete(context, data_dict):
    """
    Group delete permission.  Checks that the user specified is within the group to be deleted
    and also have 'admin' capacity.
    """
    model = context['model']
    user = context['user']

    if not user:
        return {'success': False, 'msg': _('Only members of this group are authorized to delete this group')}

    group = get_group_object(context, data_dict)
    userobj = model.User.get( user )
    if not userobj:
        return {'success': False, 'msg': _('Only members of this group are authorized to delete this group')}

    authorized = _groups_intersect( userobj.get_groups('organization', 'admin'), [group] )
    if not authorized:
        return {'success': False, 'msg': _('User %s not authorized to delete group %s') % (str(user),group.id)}
    else:
        return {'success': True}

Beispiel #27

Datei: delete.py Projekt: AltisCorp/ckan

def related_delete(context, data_dict):
    model = context['model']
    user = context['user']
    if not user:
        return {'success': False, 'msg': _('Only the owner can delete a related item')}

    if Authorizer().is_sysadmin(unicode(user)):
        return {'success': True}

    related = get_related_object(context, data_dict)
    userobj = model.User.get( user )

    if related.datasets:
        package = related.datasets[0]
        if _groups_intersect( userobj.get_groups('organization'), package.get_groups('organization') ):
            return {'success': True}

    if not userobj or userobj.id != related.owner_id:
        return {'success': False, 'msg': _('Only the owner can delete a related item')}

    return {'success': True}

Beispiel #28

Datei: create.py Projekt: arkka/ckan

def group_create(context, data_dict=None):
    """
    Group create permission.  If a group is provided, within which we want to create a group
    then we check that the user is within that group.  If not then we just say Yes for now
    although there may be some approval issues elsewhere.
    """
    model = context['model']
    user = context['user']

    if not user:
        return {
            'success': False,
            'msg': _('User is not authorized to create groups')
        }

    if Authorizer.is_sysadmin(user):
        return {'success': True}

    try:
        # If the user is doing this within another group then we need to make sure that
        # the user has permissions for this group.
        group = get_group_object(context)
    except logic.NotFound:
        return {'success': True}

    userobj = model.User.get(user)
    if not userobj:
        return {
            'success': False,
            'msg': _('User %s not authorized to create groups') % str(user)
        }

    authorized = _groups_intersect(userobj.get_groups('organization'), [group])
    if not authorized:
        return {
            'success': False,
            'msg': _('User %s not authorized to create groups') % str(user)
        }
    else:
        return {'success': True}

Beispiel #29

def dgu_group_update(context, data_dict):
    """
    Group edit permission.  Checks that a valid user is supplied and that the user is
    a member of the group currently with any capacity.
    """
    model = context['model']
    user = context.get('user', '')
    group = get_group_object(context, data_dict)

    if not user:
        return {
            'success':
            False,
            'msg':
            _('Only members of this group are authorized to edit this group')
        }

    # Sys admins should be allowed to update groups
    if Authorizer().is_sysadmin(unicode(user)):
        return {'success': True}

    # Only allow package update if the user and package groups intersect
    user_obj = model.User.get(user)
    if not user_obj:
        return {
            'success': False,
            'msg': _('Could not find user %s') % str(user)
        }

    # Only admins of this group should be able to update this group
    if not _groups_intersect(user_obj.get_groups('publisher', 'admin'),
                             [group]):
        return {
            'success': False,
            'msg': _('User %s not authorized to edit this group') % str(user)
        }

    return {'success': True}

Beispiel #30

Datei: authorize.py Projekt: OpenDataAarhus/odaa_ckan

def dgu_package_update(context, data_dict):
    model = context['model']
    user = context.get('user')
    user_obj = model.User.get( user )
    package = get_package_object(context, data_dict)

    if Authorizer().is_sysadmin(user_obj):
        return {'success': True}
    
    # Only sysadmins can edit UKLP packages.
    # Note: the harvest user *is* a sysadmin
    # Note: if changing this, check the code and comments in
    #       ckanext/forms/dataset_form.py:DatasetForm.form_to_db_schema_options()
    if package.extras.get('UKLP', '') == 'True':
        return {'success': False,
                'msg': _('User %s not authorized to edit packages in these groups') % str(user)}

    if not user_obj or \
       not _groups_intersect( user_obj.get_groups('publisher'), package.get_groups('publisher') ):
        return {'success': False, 
                'msg': _('User %s not authorized to edit packages of this publisher') % str(user)}

    return {'success': True}

Beispiel #31

def related_create(context, data_dict=None):
    model = context['model']
    user = context['user']
    userobj = model.User.get(user)

    if not userobj:
        return {
            'success': False,
            'msg': _('You must be logged in to add a related item')
        }

    if 'dataset_id' in data_dict:
        # If this is to be associated with a dataset then we need to make sure that
        # the user doing so is a member of that group
        dataset = model.Package.get(data_dict['dataset_id'])
        if dataset and not _groups_intersect(userobj.get_groups(),
                                             dataset.get_groups()):
            return {
                'success': False,
                'msg': _('You do not have permission to create an item')
            }

    return {'success': True}