def related_update(context, data_dict):
model = context['model']
user = context['user']
if not user:
return {'success': False,
'msg': _('Only the owner can update a related item')}
related = logic_auth.get_related_object(context, data_dict)
userobj = model.User.get(user)
if related.datasets:
package = related.datasets[0]
pkg_dict = {'id': package.id}
authorized = _auth_update.package_update(context, pkg_dict).get('success')
if authorized:
return {'success': True}
if not userobj or userobj.id != related.owner_id:
return {'success': False,
'msg': _('Only the owner can update a related item')}
# Only sysadmins can change the featured field.
if ('featured' in data_dict and data_dict['featured'] != related.featured):
return {'success': False,
'msg': _('You must be a sysadmin to change a related item\'s '
'featured field.')}
return {'success': True}
def related_delete(context, data_dict):
model = context['model']
user = context['user']
if not user:
return {
'success': False,
'msg': _('Only the owner can delete a related item')
}
related = get_related_object(context, data_dict)
userobj = model.User.get(user)
if related.datasets:
package = related.datasets[0]
pkg_dict = {'id': package.id}
authorized = package_delete(context, pkg_dict).get('success')
if authorized:
return {'success': True}
if not userobj or userobj.id != related.owner_id:
return {
'success': False,
'msg': _('Only the owner can delete a related item')
}
return {'success': True}
def related_update(context, data_dict):
model = context['model']
user = context['user']
if not user:
return {
'success': False,
'msg': _('Only the owner can update a related item')
}
related = logic_auth.get_related_object(context, data_dict)
userobj = model.User.get(user)
if not userobj or userobj.id != related.owner_id:
return {
'success': False,
'msg': _('Only the owner can update a related item')
}
# Only sysadmins can change the featured field.
if ('featured' in data_dict and data_dict['featured'] != related.featured):
return {
'success':
False,
'msg':
_('You must be a sysadmin to change a related item\'s '
'featured field.')
}
return {'success': True}
def related_update(context, data_dict):
'''
Override default related_update so;
- Users must be logged-in to create related items
- User can update if they are able to create datasets for housed package
'''
user = context['user']
check1 = all(authz.check_config_permission(p) for p in (
'create_dataset_if_not_in_organization',
'create_unowned_dataset',
)) or authz.has_user_permission_for_some_org(
user, 'create_dataset')
if user and check1:
related = logic_auth.get_related_object(context, data_dict)
if related.datasets:
for package in related.datasets:
pkg_dict = {'id': package.id}
authorised = authz.is_authorized(
'package_update',
context,
pkg_dict).get('success')
if authorised:
return {'success': True}
return {'success': False,
'msg': _('''You do not have permission
to update this related item''')}
return {'success': False,
'msg': _('''You must be logged in and have permission
to create datasets to update a related item''')}
def related_delete(context, data_dict):
model = context['model']
user = context['user']
if not user:
return {
'success': False,
'msg': _('Only the owner can delete a related item')
}
if Authorizer().is_sysadmin(unicode(user)):
return {'success': True}
related = get_related_object(context, data_dict)
userobj = model.User.get(user)
if related.datasets:
package = related.datasets[0]
if _groups_intersect(userobj.get_groups('organization'),
package.get_groups('organization')):
return {'success': True}
if not userobj or userobj.id != related.owner_id:
return {
'success': False,
'msg': _('Only the owner can delete a related item')
}
return {'success': True}
def test_get_related_object_with_id(self):
user_name = helpers.call_action('get_site_user')['name']
related = helpers.call_action('related_create',
context={'user': user_name},
title='test related', type='app')
context = {'model': core_model}
obj = logic_auth.get_related_object(context, {'id': related['id']})
assert obj.id == related['id']
assert context['related'] == obj
def related_update(context, data_dict):
model = context['model']
user = context['user']
if not user:
return {'success': False, 'msg': _('Only the owner can update a related item')}
related = get_related_object(context, data_dict)
userobj = model.User.get( user )
if not userobj or userobj.id != related.owner_id:
return {'success': False, 'msg': _('Only the owner can update a related item')}
return {'success': True}
def test_get_related_object_with_id(self):
user_name = helpers.call_action('get_site_user')['name']
related = helpers.call_action('related_create',
context={'user': user_name},
title='test related',
type='app')
context = {'model': core_model}
obj = logic_auth.get_related_object(context, {'id': related['id']})
assert obj.id == related['id']
assert context['related'] == obj
def related_update(context, data_dict):
model = context["model"]
user = context["user"]
if not user:
return {"success": False, "msg": _("Only the owner can update a related item")}
related = get_related_object(context, data_dict)
userobj = model.User.get(user)
if not userobj or userobj.id != related.owner_id:
return {"success": False, "msg": _("Only the owner can update a related item")}
# Only sysadmins can change the featured field.
if "featured" in data_dict and data_dict["featured"] != related.featured:
return {"success": False, "msg": _("You must be a sysadmin to change a related item's " "featured field.")}
return {"success": True}
def related_update(context, data_dict):
model = context['model']
user = context['user']
if not user:
return {'success': False, 'msg': _('Only the owner can update a related item')}
related = get_related_object(context, data_dict)
userobj = model.User.get( user )
if not userobj or userobj.id != related.owner_id:
return {'success': False, 'msg': _('Only the owner can update a related item')}
# Only sysadmins can change the featured field.
if ('featured' in data_dict and data_dict['featured'] != related.featured):
return {'success': False,
'msg': _('You must be a sysadmin to change a related item\'s '
'featured field.')}
return {'success': True}
def related_delete(context, data_dict):
model = context['model']
user = context['user']
if not user:
return {'success': False, 'msg': _('Only the owner can delete a related item')}
related = get_related_object(context, data_dict)
userobj = model.User.get( user )
if related.datasets:
package = related.datasets[0]
pkg_dict = { 'id': package.id }
authorized = package_delete(context, pkg_dict).get('success')
if authorized:
return {'success': True}
if not userobj or userobj.id != related.owner_id:
return {'success': False, 'msg': _('Only the owner can delete a related item')}
return {'success': True}
def related_delete(context, data_dict):
model = context['model']
user = context['user']
if not user:
return {'success': False, 'msg': _('Only the owner can delete a related item')}
if Authorizer().is_sysadmin(unicode(user)):
return {'success': True}
related = get_related_object(context, data_dict)
userobj = model.User.get( user )
if related.datasets:
package = related.datasets[0]
if _groups_intersect( userobj.get_groups('organization'), package.get_groups('organization') ):
return {'success': True}
if not userobj or userobj.id != related.owner_id:
return {'success': False, 'msg': _('Only the owner can delete a related item')}
return {'success': True}
def related_delete(context, data_dict):
model = context["model"]
user = context["user"]
if not user:
return {"success": False, "msg": _("Only the owner can delete a related item")}
related = get_related_object(context, data_dict)
userobj = model.User.get(user)
if related.datasets:
package = related.datasets[0]
pkg_dict = {"id": package.id}
authorized = package_delete(context, pkg_dict).get("success")
if authorized:
return {"success": True}
if not userobj or userobj.id != related.owner_id:
return {"success": False, "msg": _("Only the owner can delete a related item")}
return {"success": True}
