def get_user_dataset_num(userobj):
from ckan.lib.base import model
from ckan.lib.search import SearchError
from ckanext.bcgov.util.util import get_user_orgs
user_id = userobj.id
#If this is the sysadmin user then return don't filter any dataset
if userobj.sysadmin == True:
fq = ''
else :
#Include only datsset created by this user or those from the orgs that the user has the admin role.
fq = ' +(edc_state:("PUBLISHED" OR "PENDING ARCHIVE")'
user_orgs = ['"' + org.id + '"' for org in get_user_orgs(user_id, 'admin')]
user_orgs += ['"' + org.id + '"' for org in get_user_orgs(user_id, 'editor')]
if len(user_orgs) > 0:
fq += ' OR owner_org:(' + ' OR '.join(user_orgs) + ')'
fq += ')'
try:
# package search
context = {'model': model, 'session': model.Session,
'user': user_id}
data_dict = {
'q':'',
'fq':fq,
'facet':'false',
'rows':0,
'start':0,
}
query = toolkit.get_action('package_search')(context,data_dict)
count = query['count']
except SearchError, se:
log.error('Search error: %s', se)
count = 0
def record_is_viewable(pkg_dict, userobj):
'''
Checks if the user is authorized to view the dataset.
Public users can only see published or pending archive records and only if the metadata-visibility is public.
Government users who are not admins or editors can only see the published or pending archive records.
Editors and admins can see all the records of their organizations in addition to what government users can see.
'''
from ckanext.bcgov.util.util import get_user_orgs
#Sysadmin can view all records
if userobj and userobj.sysadmin == True :
return True
#Anonymous user (visitor) can only view published public records
published_state = ['PUBLISHED', 'PENDING ARCHIVE']
if pkg_dict['metadata_visibility'] == 'Public' and pkg_dict['edc_state'] in published_state:
return True
if userobj :
if pkg_dict['metadata_visibility'] == 'IDIR' and pkg_dict['edc_state'] in published_state:
return True
user_orgs = [org.id for org in get_user_orgs(userobj.id, 'editor') ]
user_orgs += [org.id for org in get_user_orgs(userobj.id, 'admin') ]
if pkg_dict['owner_org'] in user_orgs:
return True
return False
def before_search(self, search_params):
'''
Customizes package search and applies filters based on the dataset metadata-visibility
and user roles.
'''
#Change the default sort order when no query passed
if not search_params.get('q') and search_params.get('sort') in (None, 'rank'):
search_params['sort'] = 'record_publish_date desc, metadata_modified desc'
#Change the query filter depending on the user
if 'fq' in search_params:
fq = search_params['fq']
else:
fq = ''
#need to append solr param q.op to force an AND query
if 'q' in search_params:
q = search_params['q']
if q !='':
q = '{!lucene q.op=AND}' + q
search_params['q'] = q
else:
q = ''
try :
user_name = c.user or 'visitor'
# There are no restrictions for sysadmin
if c.userobj and c.userobj.sysadmin == True:
fq += ' '
else:
if user_name != 'visitor':
fq += ' +(edc_state:("PUBLISHED" OR "PENDING ARCHIVE")'
#IDIR users can also see private records of their organizations
user_id = c.userobj.id
#Get the list of orgs that the user is an admin or editor of
user_orgs = ['"' + org.id + '"' for org in get_user_orgs(user_id, 'admin')]
user_orgs += ['"' + org.id + '"' for org in get_user_orgs(user_id, 'editor')]
if user_orgs != []:
fq += ' OR ' + 'owner_org:(' + ' OR '.join(user_orgs) + ')'
fq += ')'
#Public user can only view public and published records
else:
fq += ' +(edc_state:("PUBLISHED" OR "PENDING ARCHIVE") AND metadata_visibility:("Public"))'
except Exception:
if 'fq' in search_params:
fq = search_params['fq']
else:
fq = ''
fq += ' +edc_state:("PUBLISHED" OR "PENDING ARCHIVE") +metadata_visibility:("Public")'
search_params['fq'] = fq
return search_params
def before_search(self, search_params):
"""
Customizes package search and applies filters based on the dataset metadata-visibility
and user roles.
"""
# Change the default sort order
if search_params.get("sort") in (None, "rank"):
search_params["sort"] = "record_publish_date desc, metadata_modified desc"
# Change the query filter depending on the user
if "fq" in search_params:
fq = search_params["fq"]
else:
fq = ""
# need to append solr param q.op to force an AND query
if "q" in search_params:
q = search_params["q"]
if q != "":
q = "{!lucene q.op=AND}" + q
search_params["q"] = q
else:
q = ""
try:
user_name = c.user or "visitor"
# There are no restrictions for sysadmin
if c.userobj and c.userobj.sysadmin == True:
fq += " "
else:
if user_name != "visitor":
fq += ' +(edc_state:("PUBLISHED" OR "PENDING ARCHIVE")'
# IDIR users can also see private records of their organizations
user_id = c.userobj.id
# Get the list of orgs that the user is an admin or editor of
user_orgs = ['"' + org.id + '"' for org in get_user_orgs(user_id, "admin")]
user_orgs += ['"' + org.id + '"' for org in get_user_orgs(user_id, "editor")]
if user_orgs != []:
fq += " OR " + "owner_org:(" + " OR ".join(user_orgs) + ")"
fq += ")"
# Public user can only view public and published records
else:
fq += ' +(edc_state:("PUBLISHED" OR "PENDING ARCHIVE") AND metadata_visibility:("Public"))'
except Exception:
if "fq" in search_params:
fq = search_params["fq"]
else:
fq = ""
fq += ' +edc_state:("PUBLISHED" OR "PENDING ARCHIVE") +metadata_visibility:("Public")'
search_params["fq"] = fq
return search_params
def dashboard_unpublished(self):
user_id = c.userobj.id
fq = ' +edc_state:("DRAFT" OR "PENDING PUBLISH" OR "REJECTED")'
#Get the list of organizations that this user is the admin
if not c.userobj.sysadmin :
user_orgs = ['"' + org.id + '"' for org in get_user_orgs(user_id, 'admin')]
user_orgs += ['"' + org.id + '"' for org in get_user_orgs(user_id, 'editor')]
if len(user_orgs) > 0 :
fq += ' +owner_org:(' + ' OR '.join(user_orgs) + ')'
self._user_datasets('dashboard_unpublished', c.userobj.id, fq)
return render('user/dashboard_unpublished.html')
def read(self, id=None):
user_id = c.userobj.id
if c.userobj and c.userobj.sysadmin == True:
fq = ''
else :
fq = ' +(edc_state:("PUBLISHED" OR "PENDING ARCHIVE")'
user_orgs = ['"' + org.id + '"' for org in get_user_orgs(user_id, 'admin')]
user_orgs += ['"' + org.id + '"' for org in get_user_orgs(user_id, 'editor')]
if len(user_orgs) > 0:
fq += ' OR owner_org:(' + ' OR '.join(user_orgs) + ')'
fq += ')'
self._user_datasets('read',id, fq)
return render('user/read.html')
def record_is_viewable(pkg_dict, userobj):
'''
Checks if the user is authorized to view the dataset.
Public users can only see published or pending archive records and only if the metadata-visibility is public.
Government users who are not admins or editors can only see the published or pending archive records.
Editors and admins can see all the records of their organizations in addition to what government users can see.
'''
from ckanext.bcgov.util.util import get_user_orgs
#Sysadmin can view all records
if userobj and userobj.sysadmin == True :
return True
#Anonymous user (visitor) can only view published public records
published_state = ['PUBLISHED', 'PENDING ARCHIVE']
# CITZEDC-832
# Checking in `extras` for custom schema fields
metadata_visibility = ''
edc_state = ''
owner_org = ''
if 'metadata_visibility' in pkg_dict:
metadata_visibility = pkg_dict['metadata_visibility']
else:
metadata_visibility = get_package_extras_by_key('metadata_visibility', pkg_dict)
if 'edc_state' in pkg_dict:
edc_state = pkg_dict['edc_state']
else:
edc_state = get_package_extras_by_key('edc_state', pkg_dict)
if 'owner_org' in pkg_dict:
owner_org = pkg_dict['owner_org']
else:
owner_org = get_package_extras_by_key('owner_org', pkg_dict)
if metadata_visibility == 'Public' and edc_state in published_state:
return True
if userobj :
if metadata_visibility == 'IDIR' and edc_state in published_state:
return True
user_orgs = [org.id for org in get_user_orgs(userobj.id, 'editor') ]
user_orgs += [org.id for org in get_user_orgs(userobj.id, 'admin') ]
if owner_org in user_orgs:
return True
return False
