def before_view(self, pkg_dict):
remote_addr = request.environ.get(u'HTTP_X_FORWARDED_FOR', u'')
remote_addr = remote_addr if remote_addr else c.remote_addr
if check_if_whitelisted(remote_addr) or check_if_whitelisted(c.remote_addr):
return pkg_dict
if not record_is_viewable(pkg_dict, c.userobj):
base.abort(401, _('Unauthorized to read package %s') % pkg_dict.get("title"))
return pkg_dict
def resource_read(self, id, resource_id):
'''
First calls ckan's default resource read to get the resource and package data.
Then it checks if the resource can be viewed by the user
'''
result = super(SurreyPackageController, self).resource_read(id, resource_id)
if not record_is_viewable(c.pkg_dict, c.userobj):
base.abort(401, _('Unauthorized to read package %s') % id)
if not resource_is_viewable(c.pkg_dict, c.userobj):
base.abort(401, _('Unauthorized to read resource %s') % c.pkg_dict['name'])
return result
def before_view(self, pkg_dict):
remote_addr = request.environ.get(u'HTTP_X_FORWARDED_FOR', u'')
remote_addr = remote_addr if remote_addr else c.remote_addr
if check_if_whitelisted(remote_addr) or check_if_whitelisted(
c.remote_addr):
return pkg_dict
if not record_is_viewable(pkg_dict, c.userobj):
base.abort(
401,
_('Unauthorized to read package %s') % pkg_dict.get("title"))
return pkg_dict
def read(self, id):
'''
First calls ckan's default read to get package data.
Then it checks if the package can be viewed by the user
'''
# the ofi object is now in the global vars for this view, to use it in templates, call `c.ofi`
result = super(SurreyPackageController, self).read(id)
log.debug('Called read method')
# Check if user can view this record
if not record_is_viewable(c.pkg_dict, c.userobj):
base.abort(401, _('Unauthorized to read package %s') % id)
return result
def resource_download(self, id, resource_id, filename=None):
context = {'model': model, 'session': model.Session,
'user': c.user or c.author, 'auth_user_obj': c.userobj}
try:
pkg = get_action('package_show')(context, {'id': id})
except NotFound:
abort(404, _('Resource not found'))
except NotAuthorized:
abort(401, _('Unauthorized to read resource %s') % id)
if not record_is_viewable(pkg, c.userobj):
base.abort(401, _('Unauthorized to read package %s') % id)
if not resource_is_viewable(pkg, c.userobj):
base.abort(401, _('Unauthorized to read resource %s') % pkg['name'])
result = super(SurreyPackageController, self).resource_download(id, resource_id, filename)
return result
def restricted_package_show(self):
'''
Returns record's data with the given id only if the user is allowed to view the record.
'''
# FIXME: use IAuth plugin for authorization check and
# use IPackageController to fill in extra values
# then remove this method
help_str = "Shows the package info with the given id. Param : id"
pkg_id = request.params.get('id', '')
return_dict = {"help": help_str}
try:
context = {'model': model, 'session': model.Session, 'user': c.user, 'auth_user_obj': c.userobj}
pkg = get_action('package_show')(context, {'id': pkg_id})
from ckanext.surrey.util.util import record_is_viewable, resource_is_viewable
if not record_is_viewable(pkg, c.userobj):
return_dict['success'] = False
return_dict['error'] = {'__type': 'Authorization Error', 'message': _('Access denied')}
return self._finish(403, return_dict, content_type='json')
if not resource_is_viewable(pkg, c.userobj):
pkg['resources'] = None
return_dict[
'msg'] = "Access to these resources are restricted. Please submit an FOI request via http://www.surrey.ca/city-government/3062.aspx or contact [email protected]."
return_dict['success'] = True
return_dict['result'] = pkg
except NotFound as e:
return_dict['error'] = {'__type': 'Not Found Error',
'message': _('Not found')}
if hasattr(e, 'extra_msg'):
return_dict['error']['message'] += ': %s' % e.extra_msg
return_dict['success'] = False
return self._finish(404, return_dict, content_type='json')
except ValidationError as e:
error_dict = e.error_dict
error_dict['__type'] = 'Validation Error'
return_dict['error'] = error_dict
return_dict['success'] = False
# CS nasty_string ignore
log.error('Validation error: %r' % str(e.error_dict))
return self._finish(200, return_dict, content_type='json')
return self._finish_ok(return_dict)