Example #1
0
def package_create(context, data_dict=None):
    user = context['user']

    user_object = context.get('auth_user_obj')

    #Sysadmin user has all the previliges 
    if user_object and user_object.sysadmin :
        {'success': True}

    #Do not authorize anonymous users
    if authz.auth_is_anon_user(context):
        return {'success': False, 'msg': _('User %s not authorized to create packages') % user}
    
    #Check if the user has the editor or admin role in some org/suborg
    check1 = all(authz.check_config_permission(p) for p in (
        'create_dataset_if_not_in_organization',
        'create_unowned_dataset',
        )) or authz.has_user_permission_for_some_org(
        user, 'create_dataset')

    if not check1:
        return {'success': False, 'msg': _('User %s not authorized to create packages') % user}

    check2 = _check_group_auth(context,data_dict)
    if not check2:
        return {'success': False, 'msg': _('User %s not authorized to edit these groups') % user}

    # If an organization is given are we able to add a dataset to it?
    data_dict = data_dict or {}
    org_id = data_dict.get('owner_org')
    if org_id and not authz.has_user_permission_for_group_or_org(
            org_id, user, 'create_dataset'):
        return {'success': False, 'msg': _('User %s not authorized to add dataset to this organization') % user}

    return {'success': True}
Example #2
0
def package_create(context, data_dict=None):
    user = context['user']

    if authz.auth_is_anon_user(context):
        check1 = all(authz.check_config_permission(p) for p in (
            'anon_create_dataset',
            'create_dataset_if_not_in_organization',
            'create_unowned_dataset',
            ))
    else:
        check1 = all(authz.check_config_permission(p) for p in (
            'create_dataset_if_not_in_organization',
            'create_unowned_dataset',
            )) or authz.has_user_permission_for_some_org(
            user, 'create_dataset')

    if not check1:
        return {'success': False, 'msg': _('User %s not authorized to create packages') % user}

    check2 = _check_group_auth(context,data_dict)
    if not check2:
        return {'success': False, 'msg': _('User %s not authorized to edit these groups') % user}

    # If an organization is given are we able to add a dataset to it?
    data_dict = data_dict or {}
    org_id = data_dict.get('owner_org')
    if org_id and not authz.has_user_permission_for_group_or_org(
            org_id, user, 'create_dataset'):
        return {'success': False, 'msg': _('User %s not authorized to add dataset to this organization') % user}
    return {'success': True}
Example #3
0
def package_create(context, data_dict=None):
    '''
    Modified from CKAN's original check. Any logged in user can add
    a dataset to any organisation.
    Packages owner check is done when adding a resource.

    :param context: context
    :param data_dict: data_dict
    :return: dictionary with 'success': True|False
    '''

    user = context['user']

    # Needed in metadata supplements
    if context.get('package', False):
        return is_owner(context, context.get('package').get('id'))

    # If an organization is given are we able to add a dataset to it?
    data_dict = data_dict or {}
    org_id = data_dict.get('owner_org', False)
    if org_id and not kata_has_user_permission_for_org(
            org_id, user, 'create_dataset'):
        return {'success': False, 'msg': _('User %s not authorized to add a dataset') % user}
    elif org_id and kata_has_user_permission_for_org(org_id, user, 'create_dataset'):
        return {'success': True}

    # Below is copy-pasted from CKAN auth.create.package_create
    # to allow dataset creation without explicit organization permissions.

    if authz.auth_is_anon_user(context):
        check1 = all(authz.check_config_permission(p) for p in (
            'anon_create_dataset',
            'create_dataset_if_not_in_organization',
            'create_unowned_dataset',
        ))
    else:
        check1 = True  # Registered users may create datasets

    if not check1:
        return {'success': False, 'msg': _('User %s not authorized to create packages') % user}

    check2 = _check_group_auth(context, data_dict)
    if not check2:
        return {'success': False, 'msg': _('User %s not authorized to edit these groups') % user}

    # If an organization is given are we able to add a dataset to it?
    data_dict = data_dict or {}
    org_id = data_dict.get('owner_org')
    if org_id and not authz.has_user_permission_for_group_or_org(
            org_id, user, 'create_dataset'):
        return {'success': False, 'msg': _('User %s not authorized to add dataset to this organization') % user}
    return {'success': True}
def managing_users_package_update(context, data_dict):
    user = context.get('user')
    package = logic_auth.get_package_object(context, data_dict)
    extras = dict([(key, value) for key, value in package.extras.items()])

    if package.owner_org:
        # if there is an owner org then we must have update_dataset
        # permission for that organization
        check1 = authz.has_user_permission_for_group_or_org(
            package.owner_org, user, 'update_dataset'
        )
        #Managing users have to be specified for datasets within an organization
        managing_users = extras.get('managing_users', '')
        managing_users = managing_users.split(',')
        check1 = check1 and context['auth_user_obj'].name in managing_users
    else:
        # If dataset is not owned then we can edit if config permissions allow
        if authz.auth_is_anon_user(context):
            check1 = all(authz.check_config_permission(p) for p in (
                'anon_create_dataset',
                'create_dataset_if_not_in_organization',
                'create_unowned_dataset',
                ))
        else:
            check1 = all(authz.check_config_permission(p) for p in (
                'create_dataset_if_not_in_organization',
                'create_unowned_dataset',
                )) or authz.has_user_permission_for_some_org(
                user, 'create_dataset')
            #Managing users have to be specified for datasets without owner
            #Else only creator can edit the dataset
            managing_users = extras.get('managing_users', '')
            managing_users = managing_users.split(',')
            check1 = check1 and context['auth_user_obj'].name in managing_users

    
    if context['auth_user_obj'].id == package.creator_user_id:
        #If user is the creator of the package, he can edit it regardless
        check1 = True
    if not check1:
        return {'success': False,
                'msg': _('User %s not authorized to edit package %s') %
                        (str(user), package.id)}
    else:
        check2 = _check_group_auth(context, data_dict)
        if not check2:
            return {'success': False,
                    'msg': _('User %s not authorized to edit these groups') %
                            (str(user))}

    return {'success': True}
Example #5
0
def localimp_show_files(context, data_dict):
    """
    Creates a nested dictionary that represents the folder structure of rootdir
    """
    if authz.auth_is_anon_user(context):
        tk.abort(401, _('Unauthorized to list files'))
    else:
        user_name = context.get('user')
        rootdir = os.path.join(os.path.expanduser('~' + user_name))
        lst_paths = []
        for path, subdirs, files in os.walk(rootdir):
            for name in files:
                lst_paths.append(os.path.join(path, name).split(rootdir)[1])

        return lst_paths 
Example #6
0
def localimp_ls(context, data_dict):
    """
    Creates a nested dictionary that represents the folder structure of rootdir
    """
    if authz.auth_is_anon_user(context):
        tk.abort(401, _('Unauthorized to list files'))
    else:
        user_name = context.get('user')
        rootdir = os.path.join(os.path.expanduser('~' + user_name))
        dir = {}
        rootdir = rootdir.rstrip(os.sep)
        start = rootdir.rfind(os.sep) + 1
        for path, dirs, files in os.walk(rootdir):
            folders = path[start:].split(os.sep)
            subdir = dict.fromkeys(files)
            parent = reduce(dict.get, folders[:-1], dir)
            parent[folders[-1]] = subdir
        return dir
Example #7
0
def package_update(context, data_dict):
    user = context.get('user')
    package = logic_auth.get_package_object(context, data_dict)

    if package.owner_org:
        # if there is an owner org then we must have update_dataset
        # permission for that organization
        check1 = authz.has_user_permission_for_group_or_org(
            package.owner_org, user, 'update_dataset'
        )
    else:
        # If dataset is not owned then we can edit if config permissions allow
        if authz.auth_is_anon_user(context):
            check1 = all(authz.check_config_permission(p) for p in (
                'anon_create_dataset',
                'create_dataset_if_not_in_organization',
                'create_unowned_dataset',
                ))
        else:
            check1 = all(authz.check_config_permission(p) for p in (
                'create_dataset_if_not_in_organization',
                'create_unowned_dataset',
                )) or authz.has_user_permission_for_some_org(
                user, 'create_dataset')
    if not check1:
        return {'success': False,
                'msg': _('User %s not authorized to edit package %s') %
                        (str(user), package.id)}
    else:
        check2 = _check_group_auth(context, data_dict)
        if not check2:
            return {'success': False,
                    'msg': _('User %s not authorized to edit these groups') %
                            (str(user))}

    return {'success': True}
Example #8
0
def file_upload(context, data_dict=None):
    user = context['user']
    if authz.auth_is_anon_user(context):
        return {'success': False, 'msg': _('User %s not authorized to create packages') % user}
    return {'success': True}
Example #9
0
def restrict_anon(context):
    if authz.auth_is_anon_user(context):
        return {'success': False}
    else:
        return {'success': True}