def metadata_record_create(context, data_dict): return { 'success': check_privs(context, require_contributor=True, require_organization=(data_dict or {}).get('owner_org')) }
def metadata_collection_create(context, data_dict): return { 'success': check_privs(context, require_curator=True, require_organization=(data_dict or {}).get('organization_id')) }
def metadata_collection_workflow_state_transition(context, data_dict): if 'id' in (data_dict or {}): model = context['model'] session = context['session'] metadata_collection_id = model.Group.get(data_dict['id']).id organization_id = session.query(model.GroupExtra.value).filter_by(group_id=metadata_collection_id, key='organization_id').scalar() else: organization_id = None return {'success': check_privs(context, require_curator=True, require_organization=organization_id)}
def metadata_record_workflow_annotation_create(context, data_dict): organization_id = context['model'].Package.get( data_dict['id']).owner_org if 'id' in (data_dict or {}) else None return { 'success': check_privs(context, require_contributor=True, require_organization=organization_id) }
def role_validator(validator, role_name, instance, schema): """ "role" keyword validator function: checks that instance is the email of a user with the named role, and that the role is applicable to the metadata record being validated. """ if validator.is_type(instance, 'string'): metadata_record_id = validator.object_id organization_id = ckan_model.Package.get(metadata_record_id).owner_org users = ckan_model.User.by_email(instance) user = users[0] if users else None if not user: yield jsonschema.ValidationError( _("User not found for email %s") % instance) return check_context = {'user': user.name, 'model': ckan_model} if role_name == config.get('ckan.metadata.admin_role'): valid = check_privs(check_context, require_admin=True) elif role_name == config.get('ckan.metadata.curator_role'): valid = check_privs(check_context, require_curator=True, require_organization=organization_id) elif role_name == config.get('ckan.metadata.harvester_role'): valid = check_privs(check_context, require_harvester=True, require_organization=organization_id) elif role_name == config.get('ckan.metadata.contributor_role'): valid = check_privs(check_context, require_contributor=True, require_organization=organization_id) else: yield jsonschema.ValidationError( _("Role %s is not supported by this keyword") % role_name) return if not valid: yield jsonschema.ValidationError( _("User %s does not have the %s role within the applicable organizational context" ) % (instance, role_name))
def metadata_record_index_update(context, data_dict): organization_id = context['model'].Package.get(data_dict['id']).owner_org if 'id' in (data_dict or {}) else None return {'success': check_privs(context, require_curator=True, require_organization=organization_id)}
def metadata_record_workflow_state_override(context, data_dict): return {'success': check_privs(context, require_admin=True)}
def metadata_json_attr_map_update(context, data_dict): return {'success': check_privs(context, require_admin=True)}
def workflow_annotation_update(context, data_dict): return {'success': check_privs(context, require_admin=True)}
def organization_update(context, data_dict): return {'success': check_privs(context, require_admin=True)}
def infrastructure_update(context, data_dict): return {'success': check_privs(context, require_admin=True)}
def metadata_schema_update(context, data_dict): return {'success': check_privs(context, require_admin=True)}
def metadata_record_workflow_state_transition(context, data_dict): organization_id = context['model'].Package.get(data_dict['id']).owner_org if 'id' in (data_dict or {}) else None return {'success': check_privs(context, require_harvester=True, require_organization=organization_id)}
def metadata_standard_index_create(context, data_dict): return {'success': check_privs(context, require_admin=True)}
def workflow_transition_create(context, data_dict): return {'success': check_privs(context, require_admin=True)}
def workflow_state_delete(context, data_dict): return {'success': check_privs(context, require_admin=True)}