def package_create(next_auth, context, data_dict): ''' :param next_auth: :param context: :param data_dict: ''' user = context['auth_user_obj'] if data_dict and 'owner_org' in data_dict: role = users_role_for_group_or_org(data_dict['owner_org'], user.name) if role == 'member': return { 'success': True } else: # If there is no organisation, then this should return success if the user can # create datasets for *some* organisation (see the ckan implementation), so # either if anonymous packages are allowed or if we have member status in any # organisation. if has_user_permission_for_some_org(user.name, 'read'): return { 'success': True } return next_auth(context, data_dict)
def package_create(context, data_dict=None): user = context['user'] if authz.auth_is_anon_user(context): check1 = all(authz.check_config_permission(p) for p in ( 'anon_create_dataset', 'create_dataset_if_not_in_organization', 'create_unowned_dataset', )) else: check1 = all(authz.check_config_permission(p) for p in ( 'create_dataset_if_not_in_organization', 'create_unowned_dataset', )) or authz.has_user_permission_for_some_org( user, 'create_dataset') if not check1: return {'success': False, 'msg': _('User %s not authorized to create packages') % user} check2 = _check_group_auth(context,data_dict) if not check2: return {'success': False, 'msg': _('User %s not authorized to edit these groups') % user} # If an organization is given are we able to add a dataset to it? data_dict = data_dict or {} org_id = data_dict.get('owner_org') if org_id and not authz.has_user_permission_for_group_or_org( org_id, user, 'create_dataset'): return {'success': False, 'msg': _('User %s not authorized to add dataset to this organization') % user} return {'success': True}
def package_create(context, data_dict=None): user = context['user'] user_object = context.get('auth_user_obj') #Sysadmin user has all the previliges if user_object and user_object.sysadmin : {'success': True} #Do not authorize anonymous users if authz.auth_is_anon_user(context): return {'success': False, 'msg': _('User %s not authorized to create packages') % user} #Check if the user has the editor or admin role in some org/suborg check1 = all(authz.check_config_permission(p) for p in ( 'create_dataset_if_not_in_organization', 'create_unowned_dataset', )) or authz.has_user_permission_for_some_org( user, 'create_dataset') if not check1: return {'success': False, 'msg': _('User %s not authorized to create packages') % user} check2 = _check_group_auth(context,data_dict) if not check2: return {'success': False, 'msg': _('User %s not authorized to edit these groups') % user} # If an organization is given are we able to add a dataset to it? data_dict = data_dict or {} org_id = data_dict.get('owner_org') if org_id and not authz.has_user_permission_for_group_or_org( org_id, user, 'create_dataset'): return {'success': False, 'msg': _('User %s not authorized to add dataset to this organization') % user} return {'success': True}
def package_create(context, data_dict=None): user = context['user'] if authz.auth_is_anon_user(context): check1 = all(authz.check_config_permission(p) for p in ( 'anon_create_dataset', 'create_dataset_if_not_in_organization', 'create_unowned_dataset', )) else: check1 = all(authz.check_config_permission(p) for p in ( 'create_dataset_if_not_in_organization', 'create_unowned_dataset', )) or authz.has_user_permission_for_some_org( user, 'create_dataset') if not check1: return {'success': False, 'msg': _('User %s not authorized to create packages') % user} check2 = _check_group_auth(context,data_dict) if not check2: return {'success': False, 'msg': _('User %s not authorized to edit these groups') % user} # If an organization is given are we able to add a dataset to it? data_dict = data_dict or {} org_id = data_dict.get('owner_org') if org_id and not authz.has_user_permission_for_group_or_org( org_id, user, 'create_dataset'): return {'success': False, 'msg': _('User %s not authorized to add dataset to this organization') % user} return {'success': True}
def related_update(context, data_dict): ''' Override default related_update so; - Users must be logged-in to create related items - User can update if they are able to create datasets for housed package ''' user = context['user'] check1 = all(authz.check_config_permission(p) for p in ( 'create_dataset_if_not_in_organization', 'create_unowned_dataset', )) or authz.has_user_permission_for_some_org( user, 'create_dataset') if user and check1: related = logic_auth.get_related_object(context, data_dict) if related.datasets: for package in related.datasets: pkg_dict = {'id': package.id} authorised = authz.is_authorized( 'package_update', context, pkg_dict).get('success') if authorised: return {'success': True} return {'success': False, 'msg': _('''You do not have permission to update this related item''')} return {'success': False, 'msg': _('''You must be logged in and have permission to create datasets to update a related item''')}
def has_user_permission_for_some_org(context, data_dict): user = context.get('user', '') permission = data_dict.get('permission', '') if authz.has_user_permission_for_some_org(user, permission): return {'success': True} else: return {'success': False, 'msg': _('User {0} has no {1} permission for any organisation'.format(user, permission))}
def managing_users_package_update(context, data_dict): user = context.get('user') package = logic_auth.get_package_object(context, data_dict) extras = dict([(key, value) for key, value in package.extras.items()]) if package.owner_org: # if there is an owner org then we must have update_dataset # permission for that organization check1 = authz.has_user_permission_for_group_or_org( package.owner_org, user, 'update_dataset') #Managing users have to be specified for datasets within an organization managing_users = extras.get('managing_users', '') managing_users = managing_users.split(',') check1 = check1 and context['auth_user_obj'].name in managing_users else: # If dataset is not owned then we can edit if config permissions allow if authz.auth_is_anon_user(context): check1 = all( authz.check_config_permission(p) for p in ( 'anon_create_dataset', 'create_dataset_if_not_in_organization', 'create_unowned_dataset', )) else: check1 = all( authz.check_config_permission(p) for p in ( 'create_dataset_if_not_in_organization', 'create_unowned_dataset', )) or authz.has_user_permission_for_some_org( user, 'create_dataset') #Managing users have to be specified for datasets without owner #Else only creator can edit the dataset managing_users = extras.get('managing_users', '') managing_users = managing_users.split(',') check1 = check1 and context['auth_user_obj'].name in managing_users if context['auth_user_obj'].id == package.creator_user_id: #If user is the creator of the package, he can edit it regardless check1 = True if not check1: return { 'success': False, 'msg': _('User %s not authorized to edit package %s') % (str(user), package.id) } else: check2 = _check_group_auth(context, data_dict) if not check2: return { 'success': False, 'msg': _('User %s not authorized to edit these groups') % (str(user)) } return {'success': True}
def related_create(context, data_dict=None): ''' Override default related_create so; - Users must be logged-in to create related items - Related item must be created for an associated dataset - User must be able to create datasets (proves privilege) Note: This function is used both to gain entry to the 'Create' form and to validate the 'Create' form ''' context_model = context['model'] user = context['user'] userobj = context_model.User.get(user) check1 = all( authz.check_config_permission(p) for p in ( 'create_dataset_if_not_in_organization', 'create_unowned_dataset', )) or authz.has_user_permission_for_some_org(user, 'create_dataset') if userobj and check1: if data_dict: dataset_id = data_dict.get('dataset_id', None) if dataset_id is None or dataset_id == '': return { 'success': False, 'msg': _('''Related item must have an associated dataset''') } # check authentication against package pkg = context_model.Package.get(dataset_id) if not pkg: return { 'success': False, 'msg': _('No package found, cannot check auth.') } pkg_dict = {'id': dataset_id} authorised = authz.is_authorized('package_update', context, pkg_dict).get('success') if not authorised: return { 'success': False, 'msg': _('''Not authorised to add a related item to this package.''') } return {'success': True} return { 'success': False, 'msg': _('You must be logged in to add a related item') }
def package_update(context, data_dict): model = context['model'] user = context.get('user') package = logic_auth.get_package_object(context, data_dict) if package.owner_org: # if there is an owner org then we must have update_dataset # permission for that organization check1 = authz.has_user_permission_for_group_or_org( package.owner_org, user, 'update_dataset') else: # If dataset is not owned then we can edit if config permissions allow if authz.auth_is_anon_user(context): check1 = all( authz.check_config_permission(p) for p in ( 'anon_create_dataset', 'create_dataset_if_not_in_organization', 'create_unowned_dataset', )) else: check1 = all( authz.check_config_permission(p) for p in ( 'create_dataset_if_not_in_organization', 'create_unowned_dataset', )) or authz.has_user_permission_for_some_org( user, 'create_dataset') if not check1: success = False if authz.check_config_permission('allow_dataset_collaborators'): # if org-level auth failed, check dataset-level auth # (ie if user is a collaborator) user_obj = model.User.get(user) if user_obj: success = authz.user_is_collaborator_on_dataset( user_obj.id, package.id, ['admin', 'editor']) if not success: return { 'success': False, 'msg': _('User %s not authorized to edit package %s') % (str(user), package.id) } else: check2 = _check_group_auth(context, data_dict) if not check2: return { 'success': False, 'msg': _('User %s not authorized to edit these groups') % (str(user)) } return {'success': True}
def managing_users_package_update(context, data_dict): user = context.get('user') package = logic_auth.get_package_object(context, data_dict) extras = dict([(key, value) for key, value in package.extras.items()]) if package.owner_org: # if there is an owner org then we must have update_dataset # permission for that organization check1 = authz.has_user_permission_for_group_or_org( package.owner_org, user, 'update_dataset' ) #Managing users have to be specified for datasets within an organization managing_users = extras.get('managing_users', '') managing_users = managing_users.split(',') check1 = check1 and context['auth_user_obj'].name in managing_users else: # If dataset is not owned then we can edit if config permissions allow if authz.auth_is_anon_user(context): check1 = all(authz.check_config_permission(p) for p in ( 'anon_create_dataset', 'create_dataset_if_not_in_organization', 'create_unowned_dataset', )) else: check1 = all(authz.check_config_permission(p) for p in ( 'create_dataset_if_not_in_organization', 'create_unowned_dataset', )) or authz.has_user_permission_for_some_org( user, 'create_dataset') #Managing users have to be specified for datasets without owner #Else only creator can edit the dataset managing_users = extras.get('managing_users', '') managing_users = managing_users.split(',') check1 = check1 and context['auth_user_obj'].name in managing_users if context['auth_user_obj'].id == package.creator_user_id: #If user is the creator of the package, he can edit it regardless check1 = True if not check1: return {'success': False, 'msg': _('User %s not authorized to edit package %s') % (str(user), package.id)} else: check2 = _check_group_auth(context, data_dict) if not check2: return {'success': False, 'msg': _('User %s not authorized to edit these groups') % (str(user))} return {'success': True}
def package_create(context, data_dict=None): user = context['user'] user_object = context.get('auth_user_obj') #Sysadmin user has all the previliges if user_object and user_object.sysadmin: {'success': True} #Do not authorize anonymous users if authz.auth_is_anon_user(context): return { 'success': False, 'msg': _('User %s not authorized to create packages') % user } #Check if the user has the editor or admin role in some org/suborg check1 = all( authz.check_config_permission(p) for p in ( 'create_dataset_if_not_in_organization', 'create_unowned_dataset', )) or authz.has_user_permission_for_some_org(user, 'create_dataset') if not check1: return { 'success': False, 'msg': _('User %s not authorized to create packages') % user } check2 = _check_group_auth(context, data_dict) if not check2: return { 'success': False, 'msg': _('User %s not authorized to edit these groups') % user } # If an organization is given are we able to add a dataset to it? data_dict = data_dict or {} org_id = data_dict.get('owner_org') if org_id and not authz.has_user_permission_for_group_or_org( org_id, user, 'create_dataset'): return { 'success': False, 'msg': _('User %s not authorized to add dataset to this organization') % user } return {'success': True}
def package_create(context, data_dict): user = context['auth_user_obj'] if data_dict and 'owner_org' in data_dict: role = users_role_for_group_or_org(data_dict['owner_org'], user.name) if role == 'member': return {'success': True} else: # If there is no organization, then this should return success if the user can create datasets for *some* # organisation (see the ckan implementation), so either if anonymous packages are allowed or if we have # member status in any organization. if has_user_permission_for_some_org(user.name, 'read'): return {'success': True} fallback = get_default_auth('create', 'package_create') return fallback(context, data_dict)
def package_update(context, data_dict): user = context.get('user') package = logic_auth.get_package_object(context, data_dict) if package.owner_org: # if there is an owner org then we must have update_dataset # permission for that organization check1 = authz.has_user_permission_for_group_or_org( package.owner_org, user, 'update_dataset') else: # If dataset is not owned then we can edit if config permissions allow if authz.auth_is_anon_user(context): check1 = all( authz.check_config_permission(p) for p in ( 'anon_create_dataset', 'create_dataset_if_not_in_organization', 'create_unowned_dataset', )) else: check1 = all( authz.check_config_permission(p) for p in ( 'create_dataset_if_not_in_organization', 'create_unowned_dataset', )) or authz.has_user_permission_for_some_org( user, 'create_dataset') if not check1: return { 'success': False, 'msg': _('User %s not authorized to edit package %s') % (str(user), package.id) } else: check2 = _check_group_auth(context, data_dict) if not check2: return { 'success': False, 'msg': _('User %s not authorized to edit these groups') % (str(user)) } if authz.config.get('ckan.gov_theme.is_back'): return {'success': True} else: return {'success': False}
def review_datasets(context, data_dict): if not authz.is_sysadmin(context.get( 'user')) and not authz.has_user_permission_for_some_org( context.get('user'), 'create_dataset'): return {'success': False, 'msg': toolkit._('Not authorized')} try: datasets = qdes_logic_helpers.qdes_get_list_of_datasets_not_reviewed() return [ get_action('package_show')(context, { 'id': dataset.id, }) for dataset in datasets ] except Exception as e: log.error(str(e)) return []
def package_update(context, data_dict): user = context.get('user') package = logic_auth.get_package_object(context, data_dict) if package.owner_org: # if there is an owner org then we must have update_dataset # permission for that organization check1 = authz.has_user_permission_for_group_or_org( package.owner_org, user, 'update_dataset' ) else: # If dataset is not owned then we can edit if config permissions allow if authz.auth_is_anon_user(context): check1 = all(authz.check_config_permission(p) for p in ( 'anon_create_dataset', 'create_dataset_if_not_in_organization', 'create_unowned_dataset', )) else: check1 = all(authz.check_config_permission(p) for p in ( 'create_dataset_if_not_in_organization', 'create_unowned_dataset', )) or authz.has_user_permission_for_some_org( user, 'create_dataset') if not check1: return {'success': False, 'msg': _('User %s not authorized to edit package %s') % (str(user), package.id)} else: check2 = _check_group_auth(context, data_dict) if not check2: return {'success': False, 'msg': _('User %s not authorized to edit these groups') % (str(user))} return {'success': True}
def package_update(context, data_dict): user = context.get('user') package = logic_auth.get_package_object(context, data_dict) if package.owner_org: # if there is an owner org then we must have update_dataset # permission for that organization check1 = authz.has_user_permission_for_group_or_org( package.owner_org, user, 'update_dataset') else: # If dataset is not owned then we can edit if config permissions allow if authz.auth_is_anon_user(context): check1 = all( authz.check_config_permission(p) for p in ( 'anon_create_dataset', 'create_dataset_if_not_in_organization', 'create_unowned_dataset', )) else: check1 = all( authz.check_config_permission(p) for p in ( 'create_dataset_if_not_in_organization', 'create_unowned_dataset', )) or authz.has_user_permission_for_some_org( user, 'create_dataset') if not check1: return { 'success': False, 'msg': _('User %s not authorized to edit package %s') % (str(user), package.id) } else: check2 = _check_group_auth(context, data_dict) if not check2: return { 'success': False, 'msg': _('User %s not authorized to edit these groups') % (str(user)) } if package.private is not None and package.private is False and data_dict is not None and data_dict.get( 'private', '') == 'True': return { 'success': False, 'msg': 'Public datasets cannot be set private again' } elif package.private is not None and package.private is True and data_dict is not None and data_dict.get( 'private', '') == 'False': subset_uniqueness = helpers.check_subset_uniqueness(package.id) if len(subset_uniqueness) > 0: return { 'success': False, 'msg': 'Dataset cannot be set public as it contains a subset, which was already published' } return {'success': True}