Example #1
0
def package_update(context, data_dict=None):
    retvalue = True
    if data_dict and 'groups' in data_dict:
        temp_groups = data_dict['groups']
        del data_dict['groups']
        #check original package_create auth 
        log.info('Removed groups from data_dict: ' + str(data_dict))
        retvalue = update.package_update(context, data_dict)
        data_dict['groups'] = temp_groups
    else:
        retvalue = update.package_update(context, data_dict)

    return retvalue
Example #2
0
def package_update(context, data_dict=None):
    retvalue = True
    if data_dict and 'groups' in data_dict:
        temp_groups = data_dict['groups']
        del data_dict['groups']
        #check original package_create auth
        log.info('Removed groups from data_dict: ' + str(data_dict))
        retvalue = update.package_update(context, data_dict)
        data_dict['groups'] = temp_groups
    else:
        retvalue = update.package_update(context, data_dict)

    return retvalue
Example #3
0
File: auth.py Project: haphut/ytp
def related_update(context, data_dict):
    model = context['model']
    user = context['user']
    if not user:
        return {'success': False,
                'msg': _('Only the owner can update a related item')}

    related = logic_auth.get_related_object(context, data_dict)
    userobj = model.User.get(user)

    if related.datasets:
        package = related.datasets[0]
        pkg_dict = {'id': package.id}
        authorized = _auth_update.package_update(context, pkg_dict).get('success')
        if authorized:
            return {'success': True}

    if not userobj or userobj.id != related.owner_id:
        return {'success': False,
                'msg': _('Only the owner can update a related item')}

    # Only sysadmins can change the featured field.
    if ('featured' in data_dict and data_dict['featured'] != related.featured):
        return {'success': False,
                'msg': _('You must be a sysadmin to change a related item\'s '
                         'featured field.')}

    return {'success': True}
Example #4
0
def package_update(context, data_dict):
    """Overrides CKAN auth function to support personal datasets setting in organizations"""

    result = _auth_update.package_update(context, data_dict)

    if result['success']:
        user = logic_auth.get_user_object(context, {'id': context.get('user')})
        package = logic_auth.get_package_object(context, data_dict)

        # Showcases don't have organizations
        if package.type != "showcase":
            org = logic_auth.get_group_object(context,
                                              {'id': package.owner_org})

            personal_datasets = 'personal_datasets' in org.extras.get(
                'features', [])
            if personal_datasets and package.creator_user_id != user.id:
                result = {
                    'success':
                    False,
                    'msg':
                    _('Cannot modify dataset because of organization policy')
                }

    return result
Example #5
0
def package_delete(context, data_dict):
    # Defer authorization for package_delete to package_update, as deletions
    # are essentially changing the state field
    if authz.config.get('ckan.gov_theme.is_back'):
        return _auth_update.package_update(context, data_dict)
    else:
        return {'success': False}
Example #6
0
def package_update(context, data_dict):
    package = logic_auth.get_package_object(context, data_dict)
    workflow, _ = workflow_helpers.get_workflow_from_package(package)
    stage = workflow_helpers.get_stage_from_package(package)

    if stage != workflow.finish:
        return auth_update.package_update(context, data_dict)
    return _success(False, 'Cannot edit published dataset')
Example #7
0
def package_update(context, data_dict):

    check = update_core.package_update(context, data_dict)

    if not check['success']:
        return check

    authorized_orgs = p.toolkit.get_action('organization_list_for_user')(context, {})
    if not len(authorized_orgs):
        return {'success': False, 'msg': 'You need to belong to an authorized publisher to update a dataset'}
    return {'success': True}
Example #8
0
def package_update(context, data_dict):

    check = update_core.package_update(context, data_dict)

    if not check['success']:
        return check

    authorized_orgs = p.toolkit.get_action('organization_list_for_user')(
        context, {})
    if not len(authorized_orgs):
        return {
            'success':
            False,
            'msg':
            'You need to belong to an authorized publisher to update a dataset'
        }
    return {'success': True}
Example #9
0
def package_update(context, data_dict):
    """Overrides CKAN auth function to support personal datasets setting in organizations"""

    result = _auth_update.package_update(context, data_dict)

    if result['success']:
        user = logic_auth.get_user_object(context, {'id': context.get('user')})
        package = logic_auth.get_package_object(context, data_dict)

        # Showcases don't have organizations
        if package.type != "showcase":
            org = logic_auth.get_group_object(context, {'id': package.owner_org})

            personal_datasets = 'personal_datasets' in org.extras.get('features', [])
            if personal_datasets and package.creator_user_id != user.id:
                result = {
                    'success': False,
                    'msg': _('Cannot modify dataset because of organization policy')
                }

    return result
Example #10
0
def package_update(context, data_dict):

    # Get dataset
    dataset_id = None
    if data_dict:
        dataset_id = data_dict['id']
    if context.get('package'):
        dataset_id = context['package'].id
    dataset = toolkit.get_action('package_show')(context, {'id': dataset_id})

    # Deposited dataset
    if dataset['type'] == 'deposited-dataset':
        curation = helpers.get_deposited_dataset_user_curation_status(
            dataset, toolkit.c.userobj.id)
        if 'edit' in curation['actions']:
            return {'success': True}
        return {
            'success': False,
            'msg': 'Not authorized to edit deposited dataset'
        }

    # Regular dataset
    return auth_update_core.package_update(context, data_dict)
Example #11
0
def related_update(context, data_dict):
    model = context['model']
    user = context['user']
    if not user:
        return {
            'success': False,
            'msg': _('Only the owner can update a related item')
        }

    related = logic_auth.get_related_object(context, data_dict)
    userobj = model.User.get(user)

    if related.datasets:
        package = related.datasets[0]
        pkg_dict = {'id': package.id}
        authorized = _auth_update.package_update(context,
                                                 pkg_dict).get('success')
        if authorized:
            return {'success': True}

    if not userobj or userobj.id != related.owner_id:
        return {
            'success': False,
            'msg': _('Only the owner can update a related item')
        }

    # Only sysadmins can change the featured field.
    if ('featured' in data_dict and data_dict['featured'] != related.featured):
        return {
            'success':
            False,
            'msg':
            _('You must be a sysadmin to change a related item\'s '
              'featured field.')
        }

    return {'success': True}
Example #12
0
def package_delete(context, data_dict):
    # Defer authorization for package_delete to package_update, as deletions
    # are essentially changing the state field
    return _auth_update.package_update(context, data_dict)
Example #13
0
File: delete.py Project: 1sha1/ckan
def package_delete(context, data_dict):
    # Defer auhtorization for package_delete to package_update, as deletions
    # are essentially changing the state field
    return _auth_update.package_update(context, data_dict)
Example #14
0
def package_activity_list(context, data_dict):
    if toolkit.asbool(data_dict.get('get_curation_activities')):
        # Check if the user can see the curation activity,
        # for now we check if the user can edit the dataset
        return auth_update_core.package_update(context, data_dict)
    return {'success': True}