def package_create(context, data_dict=None):
import ckan.new_authz as new_authz
from ckan.logic.auth.create import _check_group_auth
user = context['user']
if new_authz.auth_is_anon_user(context):
check1 = new_authz.check_config_permission('anon_create_dataset')
else:
# CKAN default options that grant any user rights to create datasets removed here.
check1 = new_authz.has_user_permission_for_some_org(user, 'create_dataset')
if not check1:
return {'success': False, 'msg': _('User %s not authorized to create packages') % user}
check2 = _check_group_auth(context,data_dict)
if not check2:
return {'success': False, 'msg': _('User %s not authorized to edit these groups') % user}
# If an organization is given are we able to add a dataset to it?
data_dict = data_dict or {}
org_id = data_dict.get('organization_id')
if org_id and not new_authz.has_user_permission_for_group_or_org(org_id, user, 'create_dataset'):
return {'success': False, 'msg': _('User %s not authorized to add dataset to this organization') % user}
# Note the default value True except when we're actually trying to create a new dataset...
if data_dict:
org_id = data_dict.get('owner_org')
if org_id and not new_authz.has_user_permission_for_group_or_org(org_id, user, 'create_dataset'):
return {'success': False, 'msg': _('User %s not authorized to add dataset to this organization') % user}
elif not org_id:
return {'success': False}
return {'success': True}
def package_membership_list_save(group_dicts, package, context):
allow_partial_update = context.get("allow_partial_update", False)
if group_dicts is None and allow_partial_update:
return
capacity = 'public'
model = context["model"]
session = context["session"]
pending = context.get('pending')
user = context.get('user')
members = session.query(model.Member) \
.filter(model.Member.table_id == package.id) \
.filter(model.Member.capacity != 'organization')
group_member = dict((member.group, member)
for member in
members)
groups = set()
for group_dict in group_dicts or []:
id = group_dict.get("id")
name = group_dict.get("name")
capacity = group_dict.get("capacity", "public")
if capacity == 'organization':
continue
if id:
group = session.query(model.Group).get(id)
else:
group = session.query(model.Group).filter_by(name=name).first()
groups.add(group)
## need to flush so we can get out the package id
model.Session.flush()
for group in groups - set(group_member.keys()):
if group:
member_obj = model.Member(table_id = package.id,
table_name = 'package',
group = group,
capacity = capacity,
group_id=group.id,
state = 'active')
session.add(member_obj)
for group in set(group_member.keys()) - groups:
member_obj = group_member[group]
if new_authz.has_user_permission_for_group_or_org(
member_obj.group_id, user, 'read'):
member_obj.capacity = capacity
member_obj.state = 'deleted'
session.add(member_obj)
for group in set(group_member.keys()) & groups:
member_obj = group_member[group]
if new_authz.has_user_permission_for_group_or_org(
member_obj.group_id, user, 'read'):
member_obj.capacity = capacity
member_obj.state = 'active'
session.add(member_obj)
def organization_update(context, data_dict):
""" This overrides CKAN's auth function to make sure that user has permission to use a specific parent organization. """
group = logic_auth.get_group_object(context, data_dict)
user = context['user']
# Check that user has admin permissions in selected parent organizations
if data_dict and data_dict.get('groups'):
admin_in_orgs = model.Session.query(model.Member).filter(model.Member.state == 'active').filter(model.Member.table_name == 'user') \
.filter(model.Member.capacity == 'admin').filter(model.Member.table_id == new_authz.get_user_id_for_username(user, allow_none=True))
for parent_org in data_dict['groups']:
if any(parent_org['name'] == admin_org.group.name for admin_org in admin_in_orgs):
break
else:
return {'success': False, 'msg': _('User %s is not administrator in the selected parent organization') % user}
if (data_dict and 'save' in data_dict and
data_dict.get('public_adminstration_organization', None) != group.extras.get('public_adminstration_organization', None)):
return {'success': False, 'msg': _('User %s is not allowed to change the public organization option') % user}
authorized = new_authz.has_user_permission_for_group_or_org(group.id, user, 'update')
if not authorized:
return {'success': False,
'msg': _('User %s not authorized to edit organization %s') %
(user, group.id)}
else:
return {'success': True}
def get_packages_for_this_group(group_):
# Ask SOLR for the list of packages for this org/group
q = {
'facet': 'false',
'rows': 0,
}
if group_.is_organization:
q['fq'] = 'owner_org:"{0}"'.format(group_.id)
else:
q['fq'] = 'groups:"{0}"'.format(group_.name)
# Allow members of organizations to see private datasets.
if group_.is_organization:
is_group_member = (context.get('user') and
new_authz.has_user_permission_for_group_or_org(
group_.id, context.get('user'), 'read'))
if is_group_member:
context['ignore_capacity_check'] = True
if not context.get('for_view'):
q['rows'] = 1000 # Only the first 1000 datasets are returned
search_context = dict((k, v) for (k, v) in context.items() if k != 'schema')
search_results = logic.get_action('package_search')(search_context, q)
return search_results['count'], search_results['results']
def _pages_list(context, data_dict):
search = {}
if db.pages_table is None:
db.init_db(context['model'])
org_id = data_dict.get('org_id')
ordered = data_dict.get('order')
private = data_dict.get('private', True)
if ordered:
search['order'] = True
if not org_id:
search['group_id'] = None
try:
p.toolkit.check_access('ckanext_pages_update', context, data_dict)
if not private:
search['private'] = False
except p.toolkit.NotAuthorized:
search['private'] = False
else:
group = context['model'].Group.get(org_id)
user = context['user']
member = new_authz.has_user_permission_for_group_or_org(
group.id, user, 'read')
search['group_id'] = org_id
if not member:
search['private'] = False
out = db.Page.pages(**search)
return [{'title': pg.title,
'content': pg.content,
'name': pg.name,
'group_id': pg.group_id,
} for pg in out]
def is_owner(context, data_dict):
'''
This is used in "request edit rights" feature.
Checks if the user is admin or editor of the
package in question
:param context: context
:param data_dict: package data
:type data_dict: dictionary
:rtype: dictionary
'''
pkg = context.get('package', None)
roles = pkg.roles if pkg else Package.get(data_dict['id']).roles
user = context.get('user', False)
if user:
for role in roles:
ruser = User.get(role.user.id)
if user == ruser.name and role.role in ('admin', 'editor'):
return {'success': True}
# Check if the user has editor rights to this dataset through an organization
package = get_package_object(context, data_dict)
if new_authz.has_user_permission_for_group_or_org(package.owner_org, user, 'delete_dataset'):
return {'success': True}
return {'success': False}
def owner_org_validator(key, data, errors, context):
value = data.get(key)
if value is missing or value is None:
if not new_authz.check_config_permission('create_unowned_dataset'):
raise Invalid(_('A organization must be supplied'))
data.pop(key, None)
raise df.StopOnError
model = context['model']
user = context['user']
user = model.User.get(user)
if value == '' :
if not new_authz.check_config_permission('create_unowned_dataset'):
raise Invalid(_('A organization must be supplied'))
package = context.get('package')
# only sysadmins can remove datasets from org
if package and package.owner_org and not user.sysadmin:
raise Invalid(_('You cannot remove a dataset from an existing organization'))
return
group = model.Group.get(value)
if not group:
raise Invalid(_('Organization does not exist'))
group_id = group.id
if not(user.sysadmin or
new_authz.has_user_permission_for_group_or_org(
group_id, user.name, 'create_dataset')):
raise Invalid(_('You cannot add a dataset to this organization'))
data[key] = group_id
def package_update(context, data_dict):
user = context.get('user')
package = logic_auth.get_package_object(context, data_dict)
if package.owner_org:
# if there is an owner org then we must have update_dataset
# premission for that organization
check1 = new_authz.has_user_permission_for_group_or_org(
package.owner_org, user, 'update_dataset'
)
else:
# If dataset is not owned then we can edit if config permissions allow
if not new_authz.auth_is_anon_user(context):
check1 = new_authz.check_config_permission(
'create_dataset_if_not_in_organization')
else:
check1 = new_authz.check_config_permission('anon_create_dataset')
if not check1:
return {'success': False,
'msg': _('User %s not authorized to edit package %s') %
(str(user), package.id)}
else:
check2 = _check_group_auth(context, data_dict)
if not check2:
return {'success': False,
'msg': _('User %s not authorized to edit these groups') %
(str(user))}
return {'success': True}
def datahub_package_create(context, data_dict):
from ckan.logic.auth.create import _check_group_auth
if authz.is_sysadmin(context.get('user')):
return {'success': True}
user = context['user']
if not authz.auth_is_registered_user():
if '/new' in c.environ['PATH_INFO']:
h.redirect_to(CREATE_DATASET_HELP_PAGE)
else:
return {'success': False, 'msg': _('You must login to create a dataset')}
check1 = authz.check_config_permission('create_dataset_if_not_in_organization') \
or authz.check_config_permission('create_unowned_dataset')
#if not authorized and not a part of any org, redirect to help page on how to join one
if not check1 and not authz.has_user_permission_for_some_org(user, 'create_dataset'):
if '/new' in c.environ['PATH_INFO']:
h.redirect_to(CREATE_DATASET_HELP_PAGE)
else:
return {'success': False, 'msg': _('User %s not authorized to create packages') % user}
check2 = _check_group_auth(context,data_dict)
if not check2 and not check1:
return {'success': False, 'msg': _('User %s not authorized to edit these groups') % user}
# If an organization is given are we able to add a dataset to it?
data_dict = data_dict or {}
org_id = data_dict.get('organization_id')
if org_id and not authz.has_user_permission_for_group_or_org(
org_id, user, 'create_dataset'):
return {'success': False, 'msg': _('User %s not authorized to add dataset to this organization') % user}
return {'success': True}
def datahub_package_create(context, data_dict):
from ckan.logic.auth.create import _check_group_auth
if new_authz.is_sysadmin(context.get('user')):
return {'success': True}
user = context['user']
if not new_authz.auth_is_registered_user():
return {'success': False, 'msg': _('You must login to create a dataset')}
else:
check1 = new_authz.check_config_permission('create_dataset_if_not_in_organization') \
or new_authz.check_config_permission('create_unowned_dataset')
if not check1 and not new_authz.has_user_permission_for_some_org(user, 'create_dataset'):
h.redirect_to('/pages/requesting-an-organization')
if not check1:
return {'success': False, 'msg': _('User %s not authorized to create packages') % user}
check2 = _check_group_auth(context,data_dict)
if not check2:
return {'success': False, 'msg': _('User %s not authorized to edit these groups') % user}
# If an organization is given are we able to add a dataset to it?
data_dict = data_dict or {}
org_id = data_dict.get('organization_id')
if org_id and not new_authz.has_user_permission_for_group_or_org(
org_id, user, 'create_dataset'):
return {'success': False, 'msg': _('User %s not authorized to add dataset to this organization') % user}
return {'success': True}
def bulk_update_delete(context, data_dict):
org_id = data_dict.get("org_id")
user = context["user"]
authorized = new_authz.has_user_permission_for_group_or_org(org_id, user, "update")
if not authorized:
return {"success": False}
return {"success": True}
def hri_package_update(context, data_dict):
if is_harvester(context, data_dict):
return {'success': False, 'msg': _('Harvesters are not authorized to update packages')}
else:
user = context['model'].User.get(context['user'])
# Check that we have a logged in user.
if not user:
return {'success': False, 'msg': _('Not authorized to update datasets without a valid login')}
# Is the user an admin?
if user.sysadmin:
return {'success': True}
# Does the user have global update rights through WordPress?
if hri_auth('ckan_update_datasets'):
return {'success': True}
# Finally check if the user has update rights through the dataset's organization.
# Modified version of /ckan/logic/auth/update.py:package_update from core to suit our needs.
package = get_package_object(context, data_dict)
if package.owner_org:
import ckan.new_authz as new_authz
check1 = new_authz.has_user_permission_for_group_or_org(
package.owner_org, user.name, 'update_dataset'
)
if check1:
return {'success': True}
return {'success': False,
'msg': _('User %s not authorized to edit package %s') %
(str(user), package.id)}
def package_create(context, data_dict=None):
user = context['user']
user_roles = user_custom_roles(context, data_dict)
if 'datovy-kurator' in user_roles:
return {'success': True}
if new_authz.auth_is_anon_user(context):
check1 = all(new_authz.check_config_permission(p) for p in (
'anon_create_dataset',
'create_dataset_if_not_in_organization',
'create_unowned_dataset',
))
else:
check1 = all(new_authz.check_config_permission(p) for p in (
'create_dataset_if_not_in_organization',
'create_unowned_dataset',
)) or new_authz.has_user_permission_for_some_org(
user, 'create_dataset')
if not check1:
return {'success': False, 'msg': _('User %s not authorized to create packages') % user}
check2 = _check_group_auth(context,data_dict)
if not check2:
return {'success': False, 'msg': _('User %s not authorized to edit these groups') % user}
# If an organization is given are we able to add a dataset to it?
data_dict = data_dict or {}
org_id = data_dict.get('owner_org')
if org_id and not new_authz.has_user_permission_for_group_or_org(
org_id, user, 'create_dataset'):
return {'success': False, 'msg': _('User %s not authorized to add dataset to this organization') % user}
return {'success': True}
def organization_update(context, data_dict):
group = get_group_object(context, data_dict)
user = context["user"]
authorized = new_authz.has_user_permission_for_group_or_org(group.id, user, "update")
if not authorized:
return {"success": False, "msg": _("User %s not authorized to edit organization %s") % (user, group.id)}
else:
return {"success": True}
def bulk_update_delete(context, data_dict):
org_id = data_dict.get('org_id')
user = context['user']
authorized = new_authz.has_user_permission_for_group_or_org(
org_id, user, 'update')
if not authorized:
return {'success': False}
return {'success': True}
def group_edit_permissions(context, data_dict):
user = context['user']
group = get_group_object(context, data_dict)
if not new_authz.has_user_permission_for_group_or_org(group.id, user, 'update'):
return {'success': False, 'msg': _('User %s not authorized to edit permissions of group %s') % (str(user),group.id)}
else:
return {'success': True}
def package_delete(context, data_dict):
user = context['user']
package = get_package_object(context, data_dict)
authorized = new_authz.has_user_permission_for_group_or_org(package.owner_org, user, 'delete_dataset')
if not authorized:
return {'success': False, 'msg': _('User %s not authorized to delete package %s') % (user, package.id)}
else:
return {'success': True}
def organization_update(context, data_dict):
group = get_group_object(context, data_dict)
user = context['user']
authorized = new_authz.has_user_permission_for_group_or_org(
group.id, user, 'update')
if not authorized:
return {'success': False, 'msg': _('User %s not authorized to edit organization %s') % (user, group.id)}
else:
return {'success': True}
def group_delete(context, data_dict):
group = get_group_object(context, data_dict)
user = context["user"]
if not new_authz.check_config_permission("user_delete_groups"):
return {"success": False, "msg": _("User %s not authorized to delete groups") % user}
authorized = new_authz.has_user_permission_for_group_or_org(group.id, user, "delete")
if not authorized:
return {"success": False, "msg": _("User %s not authorized to delete group %s") % (user, group.id)}
else:
return {"success": True}
def _group_or_org_member_delete(context, data_dict):
group = get_group_object(context, data_dict)
user = context['user']
authorized = new_authz.has_user_permission_for_group_or_org(
group.id, user, 'delete_member')
if not authorized:
return {'success': False, 'msg': _('User %s not authorized to delete organization %s members') % (str(user),group.id)}
else:
return {'success': True}
return {'success': True}
def group_show(context, data_dict):
user = context.get('user')
group = get_group_object(context, data_dict)
if group.state == 'active':
return {'success': True}
authorized = new_authz.has_user_permission_for_group_or_org(
group.id, user, 'read')
if authorized:
return {'success': True}
else:
return {'success': False, 'msg': _('User %s not authorized to read group %s') % (user, group.id)}
def group_edit_permissions(context, data_dict):
user = context["user"]
group = get_group_object(context, data_dict)
if not new_authz.has_user_permission_for_group_or_org(group.id, user, "update"):
return {
"success": False,
"msg": _("User %s not authorized to edit permissions of group %s") % (str(user), group.id),
}
else:
return {"success": True}
def organization_delete(context, data_dict):
group = get_group_object(context, data_dict)
user = context['user']
if not new_authz.check_config_permission('user_delete_organizations'):
return {'success': False,
'msg': _('User %s not authorized to delete organizations') % user}
authorized = new_authz.has_user_permission_for_group_or_org(
group.id, user, 'delete')
if not authorized:
return {'success': False, 'msg': _('User %s not authorized to delete organization %s') % (user ,group.id)}
else:
return {'success': True}
def _pages_list(context, data_dict):
search = {}
if db.pages_table is None:
db.init_db(context['model'])
org_id = data_dict.get('org_id')
ordered = data_dict.get('order')
order_publish_date = data_dict.get('order_publish_date')
page_type = data_dict.get('page_type')
private = data_dict.get('private', True)
if ordered:
search['order'] = True
if page_type:
search['page_type'] = page_type
if order_publish_date:
search['order_publish_date'] = True
if not org_id:
search['group_id'] = None
try:
p.toolkit.check_access('ckanext_pages_update', context, data_dict)
if not private:
search['private'] = False
except p.toolkit.NotAuthorized:
search['private'] = False
else:
group = context['model'].Group.get(org_id)
user = context['user']
member = new_authz.has_user_permission_for_group_or_org(
group.id, user, 'read')
search['group_id'] = org_id
if not member:
search['private'] = False
out = db.Page.pages(**search)
out_list = []
for pg in out:
parser = HTMLFirstImage()
parser.feed(pg.content)
img = parser.first_image
pg_row = {'title': pg.title,
'content': pg.content,
'name': pg.name,
'publish_date': pg.publish_date.isoformat() if pg.publish_date else None,
'group_id': pg.group_id,
'page_type': pg.page_type,
'lang': pg.lang
}
if img:
pg_row['image'] = img
extras = pg.extras
if extras:
pg_row.update(json.loads(pg.extras))
out_list.append(pg_row)
return out_list
def publish_dataset(context, data_dict):
"""
This method got to check whether user has access to publish dataset based on his role.
"""
model = context['model']
user = context.get('user','')
print "User Logged: ",user
#Change the group to be coming from global setting...
check1 = new_authz.has_user_permission_for_group_or_org(helpers.get_default_group(), user, 'publish_dataset')
if not check1:
return {'success': False, 'msg': _('User %s not authorized to publish dataset') % (str(user))}
return {'success': True}
def package_show(context, data_dict):
user = context.get('user')
user_obj = context.get('auth_user_obj')
package = logic_auth.get_package_object(context, data_dict)
# datasets can be read by its creator
if package and user_obj and package.creator_user_id == user_obj.id:
return {'success': True}
# Not active packages can only be seen by its owners
if package.state == 'active':
# anyone can see a public package
if not package.private:
return {'success': True}
# if the user has rights to read in the organization or in the group
if package.owner_org:
authorized = new_authz.has_user_permission_for_group_or_org(
package.owner_org, user, 'read')
else:
authorized = False
# if the user is not authorized yet, we should check if the
# user is in the allowed_users object
if not authorized:
# Init the model
db.init_db(context['model'])
# Branch not executed if the database return an empty list
if db.AllowedUser.get(package_id=package.id, user_name=user):
authorized = True
if not authorized:
# Show a flash message with the URL to acquire the dataset
# This message only can be shown when the user tries to access the dataset via its URL (/dataset/...)
# The message cannot be displayed in other pages that uses the package_show function such as
# the user profile page
if hasattr(package, 'extras') and 'acquire_url' in package.extras and request.path.startswith('/dataset/')\
and package.extras['acquire_url'] != '':
helpers.flash_notice(_('This private dataset can be acquired. To do so, please click ' +
'<a target="_blank" href="%s">here</a>') % package.extras['acquire_url'],
allow_html=True)
return {'success': False, 'msg': _('User %s not authorized to read package %s') % (user, package.id)}
else:
return {'success': True}
else:
return {'success': False, 'msg': _('User %s not authorized to read package %s') % (user, package.id)}
def _check_group_auth(context, data_dict):
'''Has this user got update permission for all of the given groups?
If there is a package in the context then ignore that package's groups.
(owner_org is checked elsewhere.)
:returns: False if not allowed to update one (or more) of the given groups.
True otherwise. i.e. True is the default. A blank data_dict
mentions no groups, so it returns True.
'''
# FIXME This code is shared amoung other logic.auth files and should be
# somewhere better
if not data_dict:
return True
model = context['model']
user = context['user']
pkg = context.get("package")
api_version = context.get('api_version') or '1'
group_blobs = data_dict.get('groups', [])
groups = set()
for group_blob in group_blobs:
# group_blob might be a dict or a group_ref
if isinstance(group_blob, dict):
if api_version == '1':
id = group_blob.get('name')
else:
id = group_blob.get('id')
if not id:
continue
else:
id = group_blob
grp = model.Group.get(id)
if grp is None:
raise logic.NotFound(_('Group was not found.'))
groups.add(grp)
if pkg:
pkg_groups = pkg.get_groups()
groups = groups - set(pkg_groups)
for group in groups:
if not new_authz.has_user_permission_for_group_or_org(group.id, user, 'update'):
return False
return True
def package_update(context, data_dict):
user = context.get('user')
package = get_package_object(context, data_dict)
if package.owner_org:
check1 = new_authz.has_user_permission_for_group_or_org(package.owner_org, user, 'update_dataset')
else:
check1 = new_authz.check_config_permission('create_dataset_if_not_in_organization')
if not check1:
return {'success': False, 'msg': _('User %s not authorized to edit package %s') % (str(user), package.id)}
else:
check2 = _check_group_auth(context,data_dict)
if not check2:
return {'success': False, 'msg': _('User %s not authorized to edit these groups') % str(user)}
return {'success': True}
def package_show(context, data_dict):
user = context.get("user")
package = get_package_object(context, data_dict)
# draft state indicates package is still in the creation process
# so we need to check we have creation rights.
if package.state.startswith("draft"):
auth = new_authz.is_authorized("package_update", context, data_dict)
authorized = auth.get("success")
else:
# anyone can see a public package
if not package.private and package.state == "active":
return {"success": True}
authorized = new_authz.has_user_permission_for_group_or_org(package.owner_org, user, "read")
if not authorized:
return {"success": False, "msg": _("User %s not authorized to read package %s") % (user, package.id)}
else:
return {"success": True}
def member_list(context, data_dict):
'''
Limits group/organization member listing to editors and administrators
of the organization.
:param context:
:param data_dict:
:return:
'''
user_name = context.get('user')
organization_id = data_dict.get('id')
if new_authz.has_user_permission_for_group_or_org(organization_id, user_name, 'editor'):
return {'success': True}
else:
return {'success': False}
def package_membership_list_save(group_dicts, package, context):
allow_partial_update = context.get("allow_partial_update", False)
if group_dicts is None and allow_partial_update:
return
capacity = 'public'
model = context["model"]
session = context["session"]
user = context.get('user')
members = session.query(model.Member) \
.filter(model.Member.table_id == package.id) \
.filter(model.Member.capacity != 'organization')
group_member = dict((member.group, member)
for member in
members)
groups = set()
for group_dict in group_dicts or []:
id = group_dict.get("id")
name = group_dict.get("name")
capacity = group_dict.get("capacity", "public")
if capacity == 'organization':
continue
if id:
group = session.query(model.Group).get(id)
else:
group = session.query(model.Group).filter_by(name=name).first()
if group:
groups.add(group)
## need to flush so we can get out the package id
model.Session.flush()
# Remove any groups we are no longer in
for group in set(group_member.keys()) - groups:
member_obj = group_member[group]
if member_obj and member_obj.state == 'deleted':
continue
if new_authz.has_user_permission_for_group_or_org(
member_obj.group_id, user, 'read'):
member_obj.capacity = capacity
member_obj.state = 'deleted'
session.add(member_obj)
# Add any new groups
for group in groups:
member_obj = group_member.get(group)
if member_obj and member_obj.state == 'active':
continue
if new_authz.has_user_permission_for_group_or_org(
group.id, user, 'read'):
member_obj = group_member.get(group)
if member_obj:
member_obj.capacity = capacity
member_obj.state = 'active'
else:
member_obj = model.Member(table_id=package.id,
table_name='package',
group=group,
capacity=capacity,
group_id=group.id,
state = 'active')
session.add(member_obj)
def group_dictize(group, context):
result_dict = d.table_dictize(group, context)
result_dict['display_name'] = group.display_name
result_dict['extras'] = extras_dict_dictize(group._extras, context)
include_datasets = context.get('include_datasets', True)
q = {
'facet': 'false',
'rows': 0,
}
if group.is_organization:
q['fq'] = 'owner_org:"{0}"'.format(group.id)
else:
q['fq'] = 'groups:"{0}"'.format(group.name)
is_group_member = (context.get('user')
and new_authz.has_user_permission_for_group_or_org(
group.id, context.get('user'), 'read'))
if is_group_member:
context['ignore_capacity_check'] = True
if include_datasets:
q['rows'] = 1000 # Only the first 1000 datasets are returned
context_ = dict((k, v) for (k, v) in context.items() if k != 'schema')
search_results = logic.get_action('package_search')(context_, q)
if include_datasets:
result_dict['packages'] = search_results['results']
result_dict['package_count'] = search_results['count']
context['with_capacity'] = True
result_dict['tags'] = tag_list_dictize(
_get_members(context, group, 'tags'), context)
result_dict['groups'] = group_list_dictize(
_get_members(context, group, 'groups'), context)
result_dict['users'] = user_list_dictize(
_get_members(context, group, 'users'), context)
context['with_capacity'] = False
if context.get('for_view'):
if result_dict['is_organization']:
plugin = plugins.IOrganizationController
else:
plugin = plugins.IGroupController
for item in plugins.PluginImplementations(plugin):
result_dict = item.before_view(result_dict)
image_url = result_dict.get('image_url')
result_dict['image_display_url'] = image_url
if image_url and not image_url.startswith('http'):
#munge here should not have an effect only doing it incase
#of potential vulnerability of dodgy api input
image_url = munge.munge_filename(image_url)
result_dict['image_display_url'] = h.url_for_static(
'uploads/group/%s' % result_dict.get('image_url'), qualified=True)
return result_dict
