def package_create(context, data_dict=None):
user = context['user']
if authz.auth_is_anon_user(context):
check1 = all(authz.check_config_permission(p) for p in (
'anon_create_dataset',
'create_dataset_if_not_in_organization',
'create_unowned_dataset',
))
else:
check1 = all(authz.check_config_permission(p) for p in (
'create_dataset_if_not_in_organization',
'create_unowned_dataset',
)) or authz.has_user_permission_for_some_org(
user, 'create_dataset')
if not check1:
return {'success': False, 'msg': _('User %s not authorized to create packages') % user}
check2 = _check_group_auth(context,data_dict)
if not check2:
return {'success': False, 'msg': _('User %s not authorized to edit these groups') % user}
# If an organization is given are we able to add a dataset to it?
data_dict = data_dict or {}
org_id = data_dict.get('owner_org')
if org_id and not authz.has_user_permission_for_group_or_org(
org_id, user, 'create_dataset'):
return {'success': False, 'msg': _('User %s not authorized to add dataset to this organization') % user}
return {'success': True}
def package_create(context, data_dict=None):
user = context['user']
user_object = context.get('auth_user_obj')
#Sysadmin user has all the previliges
if user_object and user_object.sysadmin :
{'success': True}
#Do not authorize anonymous users
if authz.auth_is_anon_user(context):
return {'success': False, 'msg': _('User %s not authorized to create packages') % user}
#Check if the user has the editor or admin role in some org/suborg
check1 = all(authz.check_config_permission(p) for p in (
'create_dataset_if_not_in_organization',
'create_unowned_dataset',
)) or authz.has_user_permission_for_some_org(
user, 'create_dataset')
if not check1:
return {'success': False, 'msg': _('User %s not authorized to create packages') % user}
check2 = _check_group_auth(context,data_dict)
if not check2:
return {'success': False, 'msg': _('User %s not authorized to edit these groups') % user}
# If an organization is given are we able to add a dataset to it?
data_dict = data_dict or {}
org_id = data_dict.get('owner_org')
if org_id and not authz.has_user_permission_for_group_or_org(
org_id, user, 'create_dataset'):
return {'success': False, 'msg': _('User %s not authorized to add dataset to this organization') % user}
return {'success': True}
def package_create(context, data_dict=None):
user = context['user']
if authz.auth_is_anon_user(context):
check1 = all(authz.check_config_permission(p) for p in (
'anon_create_dataset',
'create_dataset_if_not_in_organization',
'create_unowned_dataset',
))
else:
check1 = all(authz.check_config_permission(p) for p in (
'create_dataset_if_not_in_organization',
'create_unowned_dataset',
)) or authz.has_user_permission_for_some_org(
user, 'create_dataset')
if not check1:
return {'success': False, 'msg': _('User %s not authorized to create packages') % user}
check2 = _check_group_auth(context,data_dict)
if not check2:
return {'success': False, 'msg': _('User %s not authorized to edit these groups') % user}
# If an organization is given are we able to add a dataset to it?
data_dict = data_dict or {}
org_id = data_dict.get('owner_org')
if org_id and not authz.has_user_permission_for_group_or_org(
org_id, user, 'create_dataset'):
return {'success': False, 'msg': _('User %s not authorized to add dataset to this organization') % user}
return {'success': True}
def file_upload(context: Context,
data_dict: Optional[DataDict] = None) -> AuthResult:
user = context['user']
if authz.auth_is_anon_user(context):
return {'success': False, 'msg': _(
'User %s not authorized to create packages') % user}
return {'success': True}
def dashboard(self, id=None, offset=0):
context = {
'model': model,
'session': model.Session,
'user': c.user,
'auth_user_obj': c.userobj,
'for_view': True
}
if authz.auth_is_anon_user(context):
h.flash_error(_('Not authorized to see this page'))
return h.redirect_to(controller='user', action='login')
data_dict = {'id': id, 'user_obj': c.userobj, 'offset': offset}
self._setup_template_variables(context, data_dict)
q = request.params.get('q', u'')
filter_type = request.params.get('type', u'')
filter_id = request.params.get('name', u'')
c.followee_list = get_action('followee_list')(context, {
'id': c.userobj.id,
'q': q
})
c.dashboard_activity_stream_context = self._get_dashboard_context(
filter_type, filter_id, q)
c.dashboard_activity_stream = h.dashboard_activity_stream(
c.userobj.id, filter_type, filter_id, offset)
# Mark the user's new activities as old whenever they view their
# dashboard page.
get_action('dashboard_mark_activities_old')(context, {})
return render('user/dashboard.html')
def file_upload(context, data_dict=None):
user = context['user']
if authz.auth_is_anon_user(context):
return {
'success': False,
'msg': _('User %s not authorized to create packages') % user
}
return {'success': True}
def managing_users_package_update(context, data_dict):
user = context.get('user')
package = logic_auth.get_package_object(context, data_dict)
extras = dict([(key, value) for key, value in package.extras.items()])
if package.owner_org:
# if there is an owner org then we must have update_dataset
# permission for that organization
check1 = authz.has_user_permission_for_group_or_org(
package.owner_org, user, 'update_dataset')
#Managing users have to be specified for datasets within an organization
managing_users = extras.get('managing_users', '')
managing_users = managing_users.split(',')
check1 = check1 and context['auth_user_obj'].name in managing_users
else:
# If dataset is not owned then we can edit if config permissions allow
if authz.auth_is_anon_user(context):
check1 = all(
authz.check_config_permission(p) for p in (
'anon_create_dataset',
'create_dataset_if_not_in_organization',
'create_unowned_dataset',
))
else:
check1 = all(
authz.check_config_permission(p) for p in (
'create_dataset_if_not_in_organization',
'create_unowned_dataset',
)) or authz.has_user_permission_for_some_org(
user, 'create_dataset')
#Managing users have to be specified for datasets without owner
#Else only creator can edit the dataset
managing_users = extras.get('managing_users', '')
managing_users = managing_users.split(',')
check1 = check1 and context['auth_user_obj'].name in managing_users
if context['auth_user_obj'].id == package.creator_user_id:
#If user is the creator of the package, he can edit it regardless
check1 = True
if not check1:
return {
'success':
False,
'msg':
_('User %s not authorized to edit package %s') %
(str(user), package.id)
}
else:
check2 = _check_group_auth(context, data_dict)
if not check2:
return {
'success':
False,
'msg':
_('User %s not authorized to edit these groups') % (str(user))
}
return {'success': True}
def package_update(context, data_dict):
model = context['model']
user = context.get('user')
package = logic_auth.get_package_object(context, data_dict)
if package.owner_org:
# if there is an owner org then we must have update_dataset
# permission for that organization
check1 = authz.has_user_permission_for_group_or_org(
package.owner_org, user, 'update_dataset')
else:
# If dataset is not owned then we can edit if config permissions allow
if authz.auth_is_anon_user(context):
check1 = all(
authz.check_config_permission(p) for p in (
'anon_create_dataset',
'create_dataset_if_not_in_organization',
'create_unowned_dataset',
))
else:
check1 = all(
authz.check_config_permission(p) for p in (
'create_dataset_if_not_in_organization',
'create_unowned_dataset',
)) or authz.has_user_permission_for_some_org(
user, 'create_dataset')
if not check1:
success = False
if authz.check_config_permission('allow_dataset_collaborators'):
# if org-level auth failed, check dataset-level auth
# (ie if user is a collaborator)
user_obj = model.User.get(user)
if user_obj:
success = authz.user_is_collaborator_on_dataset(
user_obj.id, package.id, ['admin', 'editor'])
if not success:
return {
'success':
False,
'msg':
_('User %s not authorized to edit package %s') %
(str(user), package.id)
}
else:
check2 = _check_group_auth(context, data_dict)
if not check2:
return {
'success':
False,
'msg':
_('User %s not authorized to edit these groups') % (str(user))
}
return {'success': True}
def package_create(context, data_dict=None):
'''
Modified from CKAN's original check. Any logged in user can add
a dataset to any organisation.
Packages owner check is done when adding a resource.
:param context: context
:param data_dict: data_dict
:return: dictionary with 'success': True|False
'''
user = context['user']
# Needed in metadata supplements
if context.get('package', False):
return is_owner(context, context.get('package').get('id'))
# If an organization is given are we able to add a dataset to it?
data_dict = data_dict or {}
org_id = data_dict.get('owner_org', False)
if org_id and not kata_has_user_permission_for_org(
org_id, user, 'create_dataset'):
return {'success': False, 'msg': _('User %s not authorized to add a dataset') % user}
elif org_id and kata_has_user_permission_for_org(org_id, user, 'create_dataset'):
return {'success': True}
# Below is copy-pasted from CKAN auth.create.package_create
# to allow dataset creation without explicit organization permissions.
if authz.auth_is_anon_user(context):
check1 = all(authz.check_config_permission(p) for p in (
'anon_create_dataset',
'create_dataset_if_not_in_organization',
'create_unowned_dataset',
))
else:
check1 = True # Registered users may create datasets
if not check1:
return {'success': False, 'msg': _('User %s not authorized to create packages') % user}
check2 = _check_group_auth(context, data_dict)
if not check2:
return {'success': False, 'msg': _('User %s not authorized to edit these groups') % user}
# If an organization is given are we able to add a dataset to it?
data_dict = data_dict or {}
org_id = data_dict.get('owner_org')
if org_id and not authz.has_user_permission_for_group_or_org(
org_id, user, 'create_dataset'):
return {'success': False, 'msg': _('User %s not authorized to add dataset to this organization') % user}
return {'success': True}
def api_token_revoke(context: Context, data_dict: DataDict) -> AuthResult:
"""Delete token.
"""
if authz.auth_is_anon_user(context):
return {u'success': False}
model = context[u'model']
token = model.ApiToken.get(data_dict[u'jti'])
# Do not make distinction between absent keys and keys not owned
# by user in order to prevent accidential key discovery.
if token is None or token.owner and token.owner.name != context[u'user']:
return {u'success': False}
return {u'success': True}
def managing_users_package_update(context, data_dict):
user = context.get('user')
package = logic_auth.get_package_object(context, data_dict)
extras = dict([(key, value) for key, value in package.extras.items()])
if package.owner_org:
# if there is an owner org then we must have update_dataset
# permission for that organization
check1 = authz.has_user_permission_for_group_or_org(
package.owner_org, user, 'update_dataset'
)
#Managing users have to be specified for datasets within an organization
managing_users = extras.get('managing_users', '')
managing_users = managing_users.split(',')
check1 = check1 and context['auth_user_obj'].name in managing_users
else:
# If dataset is not owned then we can edit if config permissions allow
if authz.auth_is_anon_user(context):
check1 = all(authz.check_config_permission(p) for p in (
'anon_create_dataset',
'create_dataset_if_not_in_organization',
'create_unowned_dataset',
))
else:
check1 = all(authz.check_config_permission(p) for p in (
'create_dataset_if_not_in_organization',
'create_unowned_dataset',
)) or authz.has_user_permission_for_some_org(
user, 'create_dataset')
#Managing users have to be specified for datasets without owner
#Else only creator can edit the dataset
managing_users = extras.get('managing_users', '')
managing_users = managing_users.split(',')
check1 = check1 and context['auth_user_obj'].name in managing_users
if context['auth_user_obj'].id == package.creator_user_id:
#If user is the creator of the package, he can edit it regardless
check1 = True
if not check1:
return {'success': False,
'msg': _('User %s not authorized to edit package %s') %
(str(user), package.id)}
else:
check2 = _check_group_auth(context, data_dict)
if not check2:
return {'success': False,
'msg': _('User %s not authorized to edit these groups') %
(str(user))}
return {'success': True}
def package_create(context, data_dict=None):
user = context['user']
user_object = context.get('auth_user_obj')
#Sysadmin user has all the previliges
if user_object and user_object.sysadmin:
{'success': True}
#Do not authorize anonymous users
if authz.auth_is_anon_user(context):
return {
'success': False,
'msg': _('User %s not authorized to create packages') % user
}
#Check if the user has the editor or admin role in some org/suborg
check1 = all(
authz.check_config_permission(p) for p in (
'create_dataset_if_not_in_organization',
'create_unowned_dataset',
)) or authz.has_user_permission_for_some_org(user, 'create_dataset')
if not check1:
return {
'success': False,
'msg': _('User %s not authorized to create packages') % user
}
check2 = _check_group_auth(context, data_dict)
if not check2:
return {
'success': False,
'msg': _('User %s not authorized to edit these groups') % user
}
# If an organization is given are we able to add a dataset to it?
data_dict = data_dict or {}
org_id = data_dict.get('owner_org')
if org_id and not authz.has_user_permission_for_group_or_org(
org_id, user, 'create_dataset'):
return {
'success':
False,
'msg':
_('User %s not authorized to add dataset to this organization') %
user
}
return {'success': True}
def localimp_show_files(context, data_dict):
"""
Creates a nested dictionary that represents the folder structure of rootdir
"""
if authz.auth_is_anon_user(context):
tk.abort(401, _('Unauthorized to list files'))
else:
user_name = context.get('user')
rootdir = os.path.join(os.path.expanduser('~' + user_name))
lst_paths = []
for path, subdirs, files in os.walk(rootdir):
for name in files:
lst_paths.append(os.path.join(path, name).split(rootdir)[1])
return lst_paths
def package_update(context, data_dict):
user = context.get('user')
package = logic_auth.get_package_object(context, data_dict)
if package.owner_org:
# if there is an owner org then we must have update_dataset
# permission for that organization
check1 = authz.has_user_permission_for_group_or_org(
package.owner_org, user, 'update_dataset')
else:
# If dataset is not owned then we can edit if config permissions allow
if authz.auth_is_anon_user(context):
check1 = all(
authz.check_config_permission(p) for p in (
'anon_create_dataset',
'create_dataset_if_not_in_organization',
'create_unowned_dataset',
))
else:
check1 = all(
authz.check_config_permission(p) for p in (
'create_dataset_if_not_in_organization',
'create_unowned_dataset',
)) or authz.has_user_permission_for_some_org(
user, 'create_dataset')
if not check1:
return {
'success':
False,
'msg':
_('User %s not authorized to edit package %s') %
(str(user), package.id)
}
else:
check2 = _check_group_auth(context, data_dict)
if not check2:
return {
'success':
False,
'msg':
_('User %s not authorized to edit these groups') % (str(user))
}
if authz.config.get('ckan.gov_theme.is_back'):
return {'success': True}
else:
return {'success': False}
def localimp_ls(context, data_dict):
"""
Creates a nested dictionary that represents the folder structure of rootdir
"""
if authz.auth_is_anon_user(context):
tk.abort(401, _('Unauthorized to list files'))
else:
user_name = context.get('user')
rootdir = os.path.join(os.path.expanduser('~' + user_name))
dir = {}
rootdir = rootdir.rstrip(os.sep)
start = rootdir.rfind(os.sep) + 1
for path, dirs, files in os.walk(rootdir):
folders = path[start:].split(os.sep)
subdir = dict.fromkeys(files)
parent = reduce(dict.get, folders[:-1], dir)
parent[folders[-1]] = subdir
return dir
def tds_proxy(self, service, res_id_1, res_id_2, res_id_3, **kwargs):
"""
Provides a wms Service for netcdf files by redirecting the user to the
thredds server
"""
context = {'model': model, 'session': model.Session,
'user': c.user, 'auth_user_obj': c.userobj}
res_id = res_id_1 + res_id_2 + res_id_3
try:
rsc = tk.get_action('resource_show')(context, {'id': res_id})
except (tk.ObjectNotFound, tk.NotAuthorized):
tk.abort(404, _('Resource not found'))
if "wms" in service:
p_query = request.query_string
if 'extra' in kwargs:
p_path = os.path.join('http://localhost:8080/thredds',service,'ckanserver','resources',res_id[0:3], res_id[3:6], res_id[6:], kwargs.get('extra'))
else:
p_path = os.path.join('http://localhost:8080/thredds',service,'ckanserver','resources',res_id[0:3], res_id[3:6], res_id[6:])
r = requests.get(p_path, params=p_query)
return r
elif authz.auth_is_anon_user(context):
tk.abort(401, _('Unauthorized to read resource %s') % res_id)
else:
p_query = request.query_string
if 'extra' in kwargs:
p_path = os.path.join('http://localhost:8080/thredds',service,'ckanserver','resources',res_id[0:3], res_id[3:6], res_id[6:], kwargs.get('extra'))
else:
p_path = os.path.join('http://localhost:8080/thredds',service,'ckanserver','resources',res_id[0:3], res_id[3:6], res_id[6:])
r = requests.get(p_path, params=p_query)
return r
def tds_proxy(self, service, catalog, res_id_1, res_id_2, res_id_3, **kwargs):
"""
Provides a wms Service for netcdf files by redirecting the user to the
thredds server
"""
context = {'model': model, 'session': model.Session,
'user': c.user, 'auth_user_obj': c.userobj}
res_id = res_id_1 + res_id_2 + res_id_3.split('.')[0]
try:
rsc = tk.get_action('resource_show')(context, {'id': res_id})
except (tk.ObjectNotFound, tk.NotAuthorized):
tk.abort(404, _('Resource not found'))
if "wms" or "dodsC" in service:
p_query = request.query_string
if 'extra' in kwargs:
p_path = os.path.join('/tds_internal', service, catalog, res_id_1, res_id_2, res_id_3, kwargs.get('extra'))
else:
p_path = os.path.join('/tds_internal', service, catalog, res_id_1, res_id_2, res_id_3)
response.headers['X-Accel-Redirect'] = "{0}?{1}".format(p_path,p_query)
return response
elif authz.auth_is_anon_user(context):
tk.abort(401, _('Unauthorized to read resource %s') % res_id)
else:
p_query = request.query_string
if 'extra' in kwargs:
p_path = os.path.join('/tds_internal', service, catalog, res_id_1, res_id_2, res_id_3, kwargs.get('extra'))
else:
p_path = os.path.join('/tds_internal', service, catalog,res_id_1, res_id_2, res_id_3)
response.headers['X-Accel-Redirect'] = "{0}?{1}".format(p_path,p_query)
return response
def package_update(context, data_dict):
user = context.get('user')
package = logic_auth.get_package_object(context, data_dict)
if package.owner_org:
# if there is an owner org then we must have update_dataset
# permission for that organization
check1 = authz.has_user_permission_for_group_or_org(
package.owner_org, user, 'update_dataset'
)
else:
# If dataset is not owned then we can edit if config permissions allow
if authz.auth_is_anon_user(context):
check1 = all(authz.check_config_permission(p) for p in (
'anon_create_dataset',
'create_dataset_if_not_in_organization',
'create_unowned_dataset',
))
else:
check1 = all(authz.check_config_permission(p) for p in (
'create_dataset_if_not_in_organization',
'create_unowned_dataset',
)) or authz.has_user_permission_for_some_org(
user, 'create_dataset')
if not check1:
return {'success': False,
'msg': _('User %s not authorized to edit package %s') %
(str(user), package.id)}
else:
check2 = _check_group_auth(context, data_dict)
if not check2:
return {'success': False,
'msg': _('User %s not authorized to edit these groups') %
(str(user))}
return {'success': True}
def restrict_anon(context):
if authz.auth_is_anon_user(context):
return {'success': False}
else:
return {'success': True}
def package_update(context, data_dict):
user = context.get('user')
package = logic_auth.get_package_object(context, data_dict)
if package.owner_org:
# if there is an owner org then we must have update_dataset
# permission for that organization
check1 = authz.has_user_permission_for_group_or_org(
package.owner_org, user, 'update_dataset')
else:
# If dataset is not owned then we can edit if config permissions allow
if authz.auth_is_anon_user(context):
check1 = all(
authz.check_config_permission(p) for p in (
'anon_create_dataset',
'create_dataset_if_not_in_organization',
'create_unowned_dataset',
))
else:
check1 = all(
authz.check_config_permission(p) for p in (
'create_dataset_if_not_in_organization',
'create_unowned_dataset',
)) or authz.has_user_permission_for_some_org(
user, 'create_dataset')
if not check1:
return {
'success':
False,
'msg':
_('User %s not authorized to edit package %s') %
(str(user), package.id)
}
else:
check2 = _check_group_auth(context, data_dict)
if not check2:
return {
'success':
False,
'msg':
_('User %s not authorized to edit these groups') % (str(user))
}
if package.private is not None and package.private is False and data_dict is not None and data_dict.get(
'private', '') == 'True':
return {
'success': False,
'msg': 'Public datasets cannot be set private again'
}
elif package.private is not None and package.private is True and data_dict is not None and data_dict.get(
'private', '') == 'False':
subset_uniqueness = helpers.check_subset_uniqueness(package.id)
if len(subset_uniqueness) > 0:
return {
'success':
False,
'msg':
'Dataset cannot be set public as it contains a subset, which was already published'
}
return {'success': True}
def restrict_anon(context):
if authz.auth_is_anon_user(context):
return {'success': False}
else:
return {'success': True}
def create_access_request(context, data_dict):
# any logged in user could make an access request
return {'success': not auth_is_anon_user(context)}
def file_upload(context, data_dict=None):
user = context['user']
if authz.auth_is_anon_user(context):
return {'success': False, 'msg': _('User %s not authorized to create packages') % user}
return {'success': True}
def package_create(context, data_dict=None):
'''
Modified from CKAN's original check. Any logged in user can add
a dataset to any organisation.
Packages owner check is done when adding a resource.
:param context: context
:param data_dict: data_dict
:return: dictionary with 'success': True|False
'''
user = context['user']
# Needed in metadata supplements
if context.get('package', False):
return is_owner(context, context.get('package').get('id'))
# If an organization is given are we able to add a dataset to it?
data_dict = data_dict or {}
org_id = data_dict.get('owner_org', False)
if org_id and not kata_has_user_permission_for_org(org_id, user,
'create_dataset'):
return {
'success': False,
'msg': _('User %s not authorized to add a dataset') % user
}
elif org_id and kata_has_user_permission_for_org(org_id, user,
'create_dataset'):
return {'success': True}
# Below is copy-pasted from CKAN auth.create.package_create
# to allow dataset creation without explicit organization permissions.
if authz.auth_is_anon_user(context):
check1 = all(
authz.check_config_permission(p) for p in (
'anon_create_dataset',
'create_dataset_if_not_in_organization',
'create_unowned_dataset',
))
else:
check1 = True # Registered users may create datasets
if not check1:
return {
'success': False,
'msg': _('User %s not authorized to create packages') % user
}
check2 = _check_group_auth(context, data_dict)
if not check2:
return {
'success': False,
'msg': _('User %s not authorized to edit these groups') % user
}
# If an organization is given are we able to add a dataset to it?
data_dict = data_dict or {}
org_id = data_dict.get('owner_org')
if org_id and not authz.has_user_permission_for_group_or_org(
org_id, user, 'create_dataset'):
return {
'success':
False,
'msg':
_('User %s not authorized to add dataset to this organization') %
user
}
return {'success': True}