def package_create(next_auth, context, data_dict):
'''
:param next_auth:
:param context:
:param data_dict:
'''
user = context['auth_user_obj']
if data_dict and 'owner_org' in data_dict:
role = users_role_for_group_or_org(data_dict['owner_org'], user.name)
if role == 'member':
return {
'success': True
}
else:
# If there is no organisation, then this should return success if the user can
# create datasets for *some* organisation (see the ckan implementation), so
# either if anonymous packages are allowed or if we have member status in any
# organisation.
if has_user_permission_for_some_org(user.name, 'read'):
return {
'success': True
}
return next_auth(context, data_dict)
def package_create(context, data_dict=None):
user = context['user']
if authz.auth_is_anon_user(context):
check1 = all(authz.check_config_permission(p) for p in (
'anon_create_dataset',
'create_dataset_if_not_in_organization',
'create_unowned_dataset',
))
else:
check1 = all(authz.check_config_permission(p) for p in (
'create_dataset_if_not_in_organization',
'create_unowned_dataset',
)) or authz.has_user_permission_for_some_org(
user, 'create_dataset')
if not check1:
return {'success': False, 'msg': _('User %s not authorized to create packages') % user}
check2 = _check_group_auth(context,data_dict)
if not check2:
return {'success': False, 'msg': _('User %s not authorized to edit these groups') % user}
# If an organization is given are we able to add a dataset to it?
data_dict = data_dict or {}
org_id = data_dict.get('owner_org')
if org_id and not authz.has_user_permission_for_group_or_org(
org_id, user, 'create_dataset'):
return {'success': False, 'msg': _('User %s not authorized to add dataset to this organization') % user}
return {'success': True}
def package_create(context, data_dict=None):
user = context['user']
user_object = context.get('auth_user_obj')
#Sysadmin user has all the previliges
if user_object and user_object.sysadmin :
{'success': True}
#Do not authorize anonymous users
if authz.auth_is_anon_user(context):
return {'success': False, 'msg': _('User %s not authorized to create packages') % user}
#Check if the user has the editor or admin role in some org/suborg
check1 = all(authz.check_config_permission(p) for p in (
'create_dataset_if_not_in_organization',
'create_unowned_dataset',
)) or authz.has_user_permission_for_some_org(
user, 'create_dataset')
if not check1:
return {'success': False, 'msg': _('User %s not authorized to create packages') % user}
check2 = _check_group_auth(context,data_dict)
if not check2:
return {'success': False, 'msg': _('User %s not authorized to edit these groups') % user}
# If an organization is given are we able to add a dataset to it?
data_dict = data_dict or {}
org_id = data_dict.get('owner_org')
if org_id and not authz.has_user_permission_for_group_or_org(
org_id, user, 'create_dataset'):
return {'success': False, 'msg': _('User %s not authorized to add dataset to this organization') % user}
return {'success': True}
def package_create(context, data_dict=None):
user = context['user']
if authz.auth_is_anon_user(context):
check1 = all(authz.check_config_permission(p) for p in (
'anon_create_dataset',
'create_dataset_if_not_in_organization',
'create_unowned_dataset',
))
else:
check1 = all(authz.check_config_permission(p) for p in (
'create_dataset_if_not_in_organization',
'create_unowned_dataset',
)) or authz.has_user_permission_for_some_org(
user, 'create_dataset')
if not check1:
return {'success': False, 'msg': _('User %s not authorized to create packages') % user}
check2 = _check_group_auth(context,data_dict)
if not check2:
return {'success': False, 'msg': _('User %s not authorized to edit these groups') % user}
# If an organization is given are we able to add a dataset to it?
data_dict = data_dict or {}
org_id = data_dict.get('owner_org')
if org_id and not authz.has_user_permission_for_group_or_org(
org_id, user, 'create_dataset'):
return {'success': False, 'msg': _('User %s not authorized to add dataset to this organization') % user}
return {'success': True}
def related_update(context, data_dict):
'''
Override default related_update so;
- Users must be logged-in to create related items
- User can update if they are able to create datasets for housed package
'''
user = context['user']
check1 = all(authz.check_config_permission(p) for p in (
'create_dataset_if_not_in_organization',
'create_unowned_dataset',
)) or authz.has_user_permission_for_some_org(
user, 'create_dataset')
if user and check1:
related = logic_auth.get_related_object(context, data_dict)
if related.datasets:
for package in related.datasets:
pkg_dict = {'id': package.id}
authorised = authz.is_authorized(
'package_update',
context,
pkg_dict).get('success')
if authorised:
return {'success': True}
return {'success': False,
'msg': _('''You do not have permission
to update this related item''')}
return {'success': False,
'msg': _('''You must be logged in and have permission
to create datasets to update a related item''')}
def has_user_permission_for_some_org(context, data_dict):
user = context.get('user', '')
permission = data_dict.get('permission', '')
if authz.has_user_permission_for_some_org(user, permission):
return {'success': True}
else:
return {'success': False,
'msg': _('User {0} has no {1} permission for any organisation'.format(user, permission))}
def managing_users_package_update(context, data_dict):
user = context.get('user')
package = logic_auth.get_package_object(context, data_dict)
extras = dict([(key, value) for key, value in package.extras.items()])
if package.owner_org:
# if there is an owner org then we must have update_dataset
# permission for that organization
check1 = authz.has_user_permission_for_group_or_org(
package.owner_org, user, 'update_dataset')
#Managing users have to be specified for datasets within an organization
managing_users = extras.get('managing_users', '')
managing_users = managing_users.split(',')
check1 = check1 and context['auth_user_obj'].name in managing_users
else:
# If dataset is not owned then we can edit if config permissions allow
if authz.auth_is_anon_user(context):
check1 = all(
authz.check_config_permission(p) for p in (
'anon_create_dataset',
'create_dataset_if_not_in_organization',
'create_unowned_dataset',
))
else:
check1 = all(
authz.check_config_permission(p) for p in (
'create_dataset_if_not_in_organization',
'create_unowned_dataset',
)) or authz.has_user_permission_for_some_org(
user, 'create_dataset')
#Managing users have to be specified for datasets without owner
#Else only creator can edit the dataset
managing_users = extras.get('managing_users', '')
managing_users = managing_users.split(',')
check1 = check1 and context['auth_user_obj'].name in managing_users
if context['auth_user_obj'].id == package.creator_user_id:
#If user is the creator of the package, he can edit it regardless
check1 = True
if not check1:
return {
'success':
False,
'msg':
_('User %s not authorized to edit package %s') %
(str(user), package.id)
}
else:
check2 = _check_group_auth(context, data_dict)
if not check2:
return {
'success':
False,
'msg':
_('User %s not authorized to edit these groups') % (str(user))
}
return {'success': True}
def related_create(context, data_dict=None):
'''
Override default related_create so;
- Users must be logged-in to create related items
- Related item must be created for an associated dataset
- User must be able to create datasets (proves privilege)
Note: This function is used both to gain entry to the 'Create' form
and to validate the 'Create' form
'''
context_model = context['model']
user = context['user']
userobj = context_model.User.get(user)
check1 = all(
authz.check_config_permission(p) for p in (
'create_dataset_if_not_in_organization',
'create_unowned_dataset',
)) or authz.has_user_permission_for_some_org(user, 'create_dataset')
if userobj and check1:
if data_dict:
dataset_id = data_dict.get('dataset_id', None)
if dataset_id is None or dataset_id == '':
return {
'success':
False,
'msg':
_('''Related item must have
an associated dataset''')
}
# check authentication against package
pkg = context_model.Package.get(dataset_id)
if not pkg:
return {
'success': False,
'msg': _('No package found, cannot check auth.')
}
pkg_dict = {'id': dataset_id}
authorised = authz.is_authorized('package_update', context,
pkg_dict).get('success')
if not authorised:
return {
'success':
False,
'msg':
_('''Not authorised to add a related item
to this package.''')
}
return {'success': True}
return {
'success': False,
'msg': _('You must be logged in to add a related item')
}
def package_update(context, data_dict):
model = context['model']
user = context.get('user')
package = logic_auth.get_package_object(context, data_dict)
if package.owner_org:
# if there is an owner org then we must have update_dataset
# permission for that organization
check1 = authz.has_user_permission_for_group_or_org(
package.owner_org, user, 'update_dataset')
else:
# If dataset is not owned then we can edit if config permissions allow
if authz.auth_is_anon_user(context):
check1 = all(
authz.check_config_permission(p) for p in (
'anon_create_dataset',
'create_dataset_if_not_in_organization',
'create_unowned_dataset',
))
else:
check1 = all(
authz.check_config_permission(p) for p in (
'create_dataset_if_not_in_organization',
'create_unowned_dataset',
)) or authz.has_user_permission_for_some_org(
user, 'create_dataset')
if not check1:
success = False
if authz.check_config_permission('allow_dataset_collaborators'):
# if org-level auth failed, check dataset-level auth
# (ie if user is a collaborator)
user_obj = model.User.get(user)
if user_obj:
success = authz.user_is_collaborator_on_dataset(
user_obj.id, package.id, ['admin', 'editor'])
if not success:
return {
'success':
False,
'msg':
_('User %s not authorized to edit package %s') %
(str(user), package.id)
}
else:
check2 = _check_group_auth(context, data_dict)
if not check2:
return {
'success':
False,
'msg':
_('User %s not authorized to edit these groups') % (str(user))
}
return {'success': True}
def managing_users_package_update(context, data_dict):
user = context.get('user')
package = logic_auth.get_package_object(context, data_dict)
extras = dict([(key, value) for key, value in package.extras.items()])
if package.owner_org:
# if there is an owner org then we must have update_dataset
# permission for that organization
check1 = authz.has_user_permission_for_group_or_org(
package.owner_org, user, 'update_dataset'
)
#Managing users have to be specified for datasets within an organization
managing_users = extras.get('managing_users', '')
managing_users = managing_users.split(',')
check1 = check1 and context['auth_user_obj'].name in managing_users
else:
# If dataset is not owned then we can edit if config permissions allow
if authz.auth_is_anon_user(context):
check1 = all(authz.check_config_permission(p) for p in (
'anon_create_dataset',
'create_dataset_if_not_in_organization',
'create_unowned_dataset',
))
else:
check1 = all(authz.check_config_permission(p) for p in (
'create_dataset_if_not_in_organization',
'create_unowned_dataset',
)) or authz.has_user_permission_for_some_org(
user, 'create_dataset')
#Managing users have to be specified for datasets without owner
#Else only creator can edit the dataset
managing_users = extras.get('managing_users', '')
managing_users = managing_users.split(',')
check1 = check1 and context['auth_user_obj'].name in managing_users
if context['auth_user_obj'].id == package.creator_user_id:
#If user is the creator of the package, he can edit it regardless
check1 = True
if not check1:
return {'success': False,
'msg': _('User %s not authorized to edit package %s') %
(str(user), package.id)}
else:
check2 = _check_group_auth(context, data_dict)
if not check2:
return {'success': False,
'msg': _('User %s not authorized to edit these groups') %
(str(user))}
return {'success': True}
def package_create(context, data_dict=None):
user = context['user']
user_object = context.get('auth_user_obj')
#Sysadmin user has all the previliges
if user_object and user_object.sysadmin:
{'success': True}
#Do not authorize anonymous users
if authz.auth_is_anon_user(context):
return {
'success': False,
'msg': _('User %s not authorized to create packages') % user
}
#Check if the user has the editor or admin role in some org/suborg
check1 = all(
authz.check_config_permission(p) for p in (
'create_dataset_if_not_in_organization',
'create_unowned_dataset',
)) or authz.has_user_permission_for_some_org(user, 'create_dataset')
if not check1:
return {
'success': False,
'msg': _('User %s not authorized to create packages') % user
}
check2 = _check_group_auth(context, data_dict)
if not check2:
return {
'success': False,
'msg': _('User %s not authorized to edit these groups') % user
}
# If an organization is given are we able to add a dataset to it?
data_dict = data_dict or {}
org_id = data_dict.get('owner_org')
if org_id and not authz.has_user_permission_for_group_or_org(
org_id, user, 'create_dataset'):
return {
'success':
False,
'msg':
_('User %s not authorized to add dataset to this organization') %
user
}
return {'success': True}
def package_create(context, data_dict):
user = context['auth_user_obj']
if data_dict and 'owner_org' in data_dict:
role = users_role_for_group_or_org(data_dict['owner_org'], user.name)
if role == 'member':
return {'success': True}
else:
# If there is no organization, then this should return success if the user can create datasets for *some*
# organisation (see the ckan implementation), so either if anonymous packages are allowed or if we have
# member status in any organization.
if has_user_permission_for_some_org(user.name, 'read'):
return {'success': True}
fallback = get_default_auth('create', 'package_create')
return fallback(context, data_dict)
def package_update(context, data_dict):
user = context.get('user')
package = logic_auth.get_package_object(context, data_dict)
if package.owner_org:
# if there is an owner org then we must have update_dataset
# permission for that organization
check1 = authz.has_user_permission_for_group_or_org(
package.owner_org, user, 'update_dataset')
else:
# If dataset is not owned then we can edit if config permissions allow
if authz.auth_is_anon_user(context):
check1 = all(
authz.check_config_permission(p) for p in (
'anon_create_dataset',
'create_dataset_if_not_in_organization',
'create_unowned_dataset',
))
else:
check1 = all(
authz.check_config_permission(p) for p in (
'create_dataset_if_not_in_organization',
'create_unowned_dataset',
)) or authz.has_user_permission_for_some_org(
user, 'create_dataset')
if not check1:
return {
'success':
False,
'msg':
_('User %s not authorized to edit package %s') %
(str(user), package.id)
}
else:
check2 = _check_group_auth(context, data_dict)
if not check2:
return {
'success':
False,
'msg':
_('User %s not authorized to edit these groups') % (str(user))
}
if authz.config.get('ckan.gov_theme.is_back'):
return {'success': True}
else:
return {'success': False}
def review_datasets(context, data_dict):
if not authz.is_sysadmin(context.get(
'user')) and not authz.has_user_permission_for_some_org(
context.get('user'), 'create_dataset'):
return {'success': False, 'msg': toolkit._('Not authorized')}
try:
datasets = qdes_logic_helpers.qdes_get_list_of_datasets_not_reviewed()
return [
get_action('package_show')(context, {
'id': dataset.id,
}) for dataset in datasets
]
except Exception as e:
log.error(str(e))
return []
def package_update(context, data_dict):
user = context.get('user')
package = logic_auth.get_package_object(context, data_dict)
if package.owner_org:
# if there is an owner org then we must have update_dataset
# permission for that organization
check1 = authz.has_user_permission_for_group_or_org(
package.owner_org, user, 'update_dataset'
)
else:
# If dataset is not owned then we can edit if config permissions allow
if authz.auth_is_anon_user(context):
check1 = all(authz.check_config_permission(p) for p in (
'anon_create_dataset',
'create_dataset_if_not_in_organization',
'create_unowned_dataset',
))
else:
check1 = all(authz.check_config_permission(p) for p in (
'create_dataset_if_not_in_organization',
'create_unowned_dataset',
)) or authz.has_user_permission_for_some_org(
user, 'create_dataset')
if not check1:
return {'success': False,
'msg': _('User %s not authorized to edit package %s') %
(str(user), package.id)}
else:
check2 = _check_group_auth(context, data_dict)
if not check2:
return {'success': False,
'msg': _('User %s not authorized to edit these groups') %
(str(user))}
return {'success': True}
def package_update(context, data_dict):
user = context.get('user')
package = logic_auth.get_package_object(context, data_dict)
if package.owner_org:
# if there is an owner org then we must have update_dataset
# permission for that organization
check1 = authz.has_user_permission_for_group_or_org(
package.owner_org, user, 'update_dataset')
else:
# If dataset is not owned then we can edit if config permissions allow
if authz.auth_is_anon_user(context):
check1 = all(
authz.check_config_permission(p) for p in (
'anon_create_dataset',
'create_dataset_if_not_in_organization',
'create_unowned_dataset',
))
else:
check1 = all(
authz.check_config_permission(p) for p in (
'create_dataset_if_not_in_organization',
'create_unowned_dataset',
)) or authz.has_user_permission_for_some_org(
user, 'create_dataset')
if not check1:
return {
'success':
False,
'msg':
_('User %s not authorized to edit package %s') %
(str(user), package.id)
}
else:
check2 = _check_group_auth(context, data_dict)
if not check2:
return {
'success':
False,
'msg':
_('User %s not authorized to edit these groups') % (str(user))
}
if package.private is not None and package.private is False and data_dict is not None and data_dict.get(
'private', '') == 'True':
return {
'success': False,
'msg': 'Public datasets cannot be set private again'
}
elif package.private is not None and package.private is True and data_dict is not None and data_dict.get(
'private', '') == 'False':
subset_uniqueness = helpers.check_subset_uniqueness(package.id)
if len(subset_uniqueness) > 0:
return {
'success':
False,
'msg':
'Dataset cannot be set public as it contains a subset, which was already published'
}
return {'success': True}
