def action_save_form(users): # The permissions grid has been saved # which is a grid of checkboxes named user$role rpi = request.params.items() # The grid passes us a list of the users/roles that were displayed submitted = [a for (a, b) in rpi if (b == u'submitted')] # and also those which were checked checked = [a for (a, b) in rpi if (b == u'on')] # from which we can deduce true/false for each user/role # combination that was displayed in the form table_dict = {} for a in submitted: table_dict[a] = False for a in checked: table_dict[a] = True # now we'll split up the user$role strings to make a dictionary # from (user,role) to True/False, which tells us what we need to # do. new_user_role_dict = {} for (ur, val) in table_dict.items(): u, r = ur.split('$') new_user_role_dict[(u, r)] = val # we get the current user/role assignments # and make a dictionary of them current_uors = model.Session.query(model.SystemRole).all() current_users_roles = [(uor.user.name, uor.role) for uor in current_uors if uor.user] current_user_role_dict = {} for (u, r) in current_users_roles: current_user_role_dict[(u, r)] = True # and now we can loop through our dictionary of desired states # checking whether a change needs to be made, and if so making it # WORRY: Here it seems that we have to check whether someone is # already assigned a role, in order to avoid assigning it twice, # or attempting to delete it when it doesn't exist. Otherwise # problems occur. However this doesn't affect the index page, # which would seem to be prone to suffer the same effect. Why # the difference? for ((u, r), val) in new_user_role_dict.items(): if val: if not ((u, r) in current_user_role_dict): model.add_user_to_role(model.User.by_name(u), r, model.System()) else: if ((u, r) in current_user_role_dict): model.remove_user_from_role(model.User.by_name(u), r, model.System()) # finally commit the change to the database model.Session.commit() h.flash_success(_("Changes Saved"))
def test_pkg_create(self): action = model.Action.PACKAGE_CREATE assert self.authorizer.is_authorized(self.admin.name, action, model.System()) assert self.authorizer.is_authorized(self.notadmin.name, action, model.System()) assert not self.authorizer.is_authorized(u'blah', action, model.System()) assert not self.authorizer.is_authorized(u'visitor', action, model.System())
def action_add_form(users): # The user is attempting to set new roles for a named user new_user = request.params.get('new_user_name') # this is the list of roles whose boxes were ticked checked_roles = [ a for (a, b) in request.params.items() if (b == u'on') ] # this is the list of all the roles that were in the submitted # form submitted_roles = [ a for (a, b) in request.params.items() if (b == u'submitted') ] # from this we can make a dictionary of the desired states # i.e. true for the ticked boxes, false for the unticked desired_roles = {} for r in submitted_roles: desired_roles[r] = False for r in checked_roles: desired_roles[r] = True # again, in order to avoid either creating a role twice or # deleting one which is non-existent, we need to get the users' # current roles (if any) current_uors = model.Session.query(model.SystemRole).all() current_roles = [ uor.role for uor in current_uors if (uor.user and uor.user.name == new_user) ] user_object = model.User.by_name(new_user) if user_object is None: # The submitted user does not exist. Bail with flash # message h.flash_error(_('unknown user:') + str(new_user)) else: # Whenever our desired state is different from our # current state, change it. for (r, val) in desired_roles.items(): if val: if (r not in current_roles): model.add_user_to_role(user_object, r, model.System()) else: if (r in current_roles): model.remove_user_from_role( user_object, r, model.System()) h.flash_success(_("User Added")) # and finally commit all these changes to the database model.Session.commit()
def setup_class(self): super(TestDeletedDecoyWhenAdmin, self).setup_class() try: self.orig_pkg_dict = { "name": u"quarterly_epidemiological_commentary", "title": "Quarterly Epidemiological Commentary", "version": None, "url": None, "author": None, "author_email": None, "maintainer": None, "maintainer_email": None, "notes": "Epidemiological analyses of Mandatory surveillance data on MRSA bacteraemia and C. difficile infection covering at least nine quarters\r\nSource agency: Health Protection Agency\r\nDesignation: Official Statistics not designated as National Statistics\r\nLanguage: English\r\nAlternative title: Quarterly Epi Commentary", "license_id": "uk-ogl", "tags": ["conditions-and-diseases", "health", "health-and-social-care", "health-of-the-population", "nhs-trust-hcai-pct-mrsa-mrsa-bacteraemia-c-difficile-c-diff-clostridium-difficile-healthcare-associa", "well-being-and-care"], "groups": ['health-protection-agency'], "extras": { "geographic_coverage": "100000: England", "geographic_granularity": "Other", "external_reference": "ONSHUB", "temporal_coverage-from": "", "temporal_granularity": "", "date_updated": "", "precision": "", "geographic_granularity": "", "temporal_coverage_to": "", "temporal_coverage_from": "", "taxonomy_url": "", "import_source": "ONS-ons_data_7_days_to_2010-06-23", "date_released": "2010-06-18", "temporal_coverage-to": "", "update_frequency": "quarterly", "national_statistic": "no", "categories": "Health and Social Care" }, "resources": [] } self.deleted_decoy_pkg_dict = { "name": u"quarterly_epidemiological_commentary_-_none", "title": "Quarterly Epidemiological Commentary", "groups": ['health-protection-agency'], } CreateTestData.create_arbitrary([self.orig_pkg_dict]) CreateTestData.create_arbitrary([self.deleted_decoy_pkg_dict], extra_user_names=[u'testsysadmin']) # make a sysadmin user rev = model.repo.new_revision() testsysadmin = model.User.by_name(u'testsysadmin') model.add_user_to_role(testsysadmin, model.Role.ADMIN, model.System()) # delete decoy decoy_pkg = model.Package.by_name(self.deleted_decoy_pkg_dict['name']) assert decoy_pkg decoy_pkg.delete() model.repo.commit_and_remove() # same data is imported, but should find record and add department importer_ = importer.OnsImporter(sample_filepath(9), self.testclient) self.pkg_dict = [pkg_dict for pkg_dict in importer_.pkg_dict()][0] except: # ensure that mock_drupal is destroyed MockDrupalCase.teardown_class() model.repo.rebuild_db() raise
def setup_class(self): try: search.clear() setup_test_search_index() super(OnsLoaderBase, self).setup_class() # make annafan a sysadmin to allow package creation rev = model.repo.new_revision() user = model.User.by_name(u'annafan') model.add_user_to_role(user, model.Role.ADMIN, model.System()) model.repo.commit_and_remove() publist = [g.name for g in model.Session.query(model.Group).all()] # create test publishers rev = model.repo.new_revision() for name, title in publishers.items(): if not name in publist: model.Session.add(model.Group(name=unicode(name), title=title, type='publisher')) model.repo.commit_and_remove() except Exception, e: # ensure that mock_drupal is destroyed print e MockDrupalCase.teardown_class() #model.repo.rebuild_db() raise
def am_authorized(c, action, domain_object=None): ''' Deprecated. Please use check_access instead''' from ckan.authz import Authorizer if domain_object is None: from ckan import model domain_object = model.System() return Authorizer.am_authorized(c, action, domain_object)
def _create_sysadmin(): model.repo.new_revision() sysadmin_user = model.User(name='sysadmin') model.Session.add(sysadmin_user) model.add_user_to_role(sysadmin_user, model.Role.ADMIN, model.System()) model.repo.commit_and_remove() return 'sysadmin'
def setup_class(self): # for the authorization editing tests we set up test data so: # three users, madeup-sysadmin , madeup-administrator, and madeup-another # one authzgroup # two packages test6 and test6a, m-a is admin on both model.repo.init_db() model.repo.new_revision() self.sysadmin = 'madeup-sysadmin' sysadmin_user = model.User(name=unicode(self.sysadmin)) self.admin = 'madeup-administrator' admin_user = model.User(name=unicode(self.admin)) self.another = u'madeup-another' another_user = model.User(name=unicode(self.another)) self.authzgroup = u'madeup-authzgroup' authzgroup = model.AuthorizationGroup(name=unicode(self.authzgroup)) for obj in sysadmin_user, admin_user, another_user, authzgroup: model.Session.add(obj) model.add_user_to_role(sysadmin_user, model.Role.ADMIN, model.System()) model.repo.new_revision() self.pkgname = u'test6' self.pkgname2 = u'test6a' pkg = model.Package(name=self.pkgname) pkg2 = model.Package(name=self.pkgname2) model.Session.add(pkg) model.Session.add(pkg2) admin_user = model.User.by_name(unicode(self.admin)) assert admin_user model.setup_default_user_roles(pkg, admins=[admin_user]) model.setup_default_user_roles(pkg2, admins=[admin_user]) model.repo.commit_and_remove()
def roles_user_list(context, data_dict): ''' Returns the roles of the given user :returns: roles :rtype: dictionary ''' if (check_access('roles_user_list', context, data_dict) == True): user_name = data_dict.get('user_name') log.info('Looking up roles for user %r ...', user_name) try: user = model.User.get(user_name) roles = {'System': [], 'Group': [], 'Package': []} for role in [u'admin', u'editor', u'reader']: if (authz.user_has_role(user, role, model.System())): roles['System'].append(role) if (authz.user_has_role(user, role, model.Package())): roles['Package'].append(role) if (authz.user_has_role(user, role, model.Group())): roles['Group'].append(role) result = roles return {'success': True, 'result': result} except: return {'success': False, 'msg': traceback.print_exc()} else: return {'success': False, 'msg': 'authentication failed'}
def setup(self): # need to do this for every test since we mess with System rights CreateTestData.create() model.repo.new_revision() model.Session.add(model.User(name=u'testadmin')) model.Session.add(model.User(name=u'testsysadmin')) model.Session.add(model.User(name=u'notadmin')) model.repo.commit_and_remove() pkg = model.Package.by_name(u'annakarenina') admin = model.User.by_name(u'testadmin') sysadmin = model.User.by_name(u'testsysadmin') model.add_user_to_role(admin, model.Role.ADMIN, pkg) model.add_user_to_role(sysadmin, model.Role.ADMIN, model.System()) model.repo.commit_and_remove() self.pkg = model.Package.by_name(u'annakarenina') self.admin = model.User.by_name(u'testadmin') self.sysadmin = model.User.by_name(u'testsysadmin') self.notadmin = model.User.by_name(u'notadmin') self.package_fillers = { 'title': 'test title', 'notes': 'test notes', 'license_id': 'mit-license', }
def setup_class(cls): setup_test_search_index() assert_solr_schema_is_the_dgu_variant() CreateTestData.create_user('sysadmin') model.add_user_to_role(model.User.by_name(u'sysadmin'), model.Role.ADMIN, model.System()) model.repo.commit_and_remove()
def test_register_whilst_logged_in(self): '''Start registration form as user B then in another window login as user A, and then try and then submit form for user B. #1799.''' # create user A password = u'letmein' CreateTestData.create_user(name=u'user_a__', password=password) userA = model.User.by_name(u'user_a__') # make him a sysadmin, to ensure he is allowed to create a user model.add_user_to_role(userA, model.Role.ADMIN, model.System()) model.repo.commit_and_remove() userA = model.User.by_name(u'user_a__') # start to register user B offset = url_for(controller='user', action='register') res = self.app.get(offset) fvA = res.forms['user-edit'] fvA['name'] = 'user_b_' fvA['fullname'] = 'User B' fvA['email'] = '*****@*****.**' fvA['password1'] = password fvA['password2'] = password # login user A offset = url_for(controller='user', action='login') res = self.app.get(offset) fvB = res.forms['login'] fvB['login'] = '******' fvB['password'] = str(password) res = fvB.submit() while res.status == 302: res = res.follow() assert_equal(res.status, 200) # finish registration of user B res = fvA.submit('save') assert_equal(res.status, 200) assert 'user_a__</a> is currently logged in' in res.body, res.body assert 'User "user_b_" is now registered but you are still logged in as "user_a__" from before'.replace( '"', '"') in res.body, res.body assert 'logout' in res.body, res.body # logout and login as user B res = self.app.get('/user/_logout') res2 = res.follow() while res2.status == 302: res2 = res2.follow() assert 'You have logged out successfully.' in res2, res2 offset = url_for(controller='user', action='login') res = self.app.get(offset) fv = res.forms['login'] fv['login'] = '******' fv['password'] = str(password) res = fv.submit() while res.status == 302: res = res.follow() assert_equal(res.status, 200) assert 'User B is now logged in' in res.body, res.body
def create_roles(cls, roles): '''This is just a basic version for CKAN 1.7.1 - the full version will be in CKAN 1.8.''' for subj, role, obj in roles: assert role, obj == ('admin', 'system') subj = model.User.by_name(unicode(subj)) model.add_user_to_role(subj, model.Role.ADMIN, model.System()) model.repo.commit_and_remove()
def test_02_authorization(self): from ckan.model.authz import Action import ckan.model as model import ckan.authz as authz john = model.User(name=u'john') model.Session.add(john) is_authorized = authz.Authorizer.is_authorized(john.name, Action.UPLOAD_ACTION, model.System()) assert is_authorized
def _create_test_data(cls): CreateTestData.create() # Remove visitor and logged in roles roles = [] q = model.Session.query(model.UserObjectRole).\ filter(model.UserObjectRole.user==model.User.by_name(u"visitor")) roles.extend(q.all()) q = model.Session.query(model.UserObjectRole).\ filter(model.UserObjectRole.user==model.User.by_name(u"logged_in")) roles.extend(q.all()) for role in roles: model.Session.delete(role) rev = model.repo.new_revision() model.Session.add_all([ model.User(name=u'pkggroupadmin'), model.User(name=u'site_reader'), model.User(name=u'outcast'), model.Package(name=cls.ENTITY_NAME), model.Package(name=u'deleted'), model.Group(name=cls.ENTITY_NAME), model.Group(name=u'deleted'), model.Tag(name=cls.ENTITY_NAME), model.RoleAction(role=cls.TRUSTED_ROLE, context=u'', action=model.Action.SITE_READ), model.RoleAction(role=cls.TRUSTED_ROLE, context=u'', action=model.Action.READ), ]) model.repo.commit_and_remove() # testsysadmin is sysadmin # annafan is package admin for annakarenina rev = model.repo.new_revision() site_reader = model.User.by_name(u'site_reader') pkggroupadmin = model.User.by_name(u'pkggroupadmin') pkg = model.Package.by_name(cls.ENTITY_NAME) group = model.Group.by_name(cls.ENTITY_NAME) tag = model.Tag.by_name(cls.ENTITY_NAME) pkg.add_tag(tag) model.add_user_to_role(site_reader, cls.TRUSTED_ROLE, model.System()) model.add_user_to_role(site_reader, cls.TRUSTED_ROLE, pkg) model.add_user_to_role(site_reader, cls.TRUSTED_ROLE, group) model.add_user_to_role(pkggroupadmin, model.Role.ADMIN, pkg) model.add_user_to_role(pkggroupadmin, model.Role.ADMIN, group) model.Package.by_name(u'deleted').delete() model.Group.by_name(u'deleted').delete() model.repo.commit_and_remove() cls.testsysadmin = model.User.by_name(u'testsysadmin') cls.pkggroupadmin = model.User.by_name(u'pkggroupadmin') cls.site_reader = model.User.by_name(u'site_reader') cls.outcast = model.User.by_name(u'outcast')
def set_roles(self, user_name, drupal_roles): '''Sets CKAN user roles based on the drupal roles. Restricted to sysadmin. Publishing roles initially imported during migration from Drupal. Example drupal_roles: ['package admin', 'publisher admin', 'authenticated user', 'publishing user'] where sysadmin roles are: 3 'administrator' - total control 11 'package admin' - admin of datasets 'publisher admin' - admin of publishers other roles: 'publishing user' - anyone who has registered - includes spammers ''' from ckan import model from ckan.authz import Authorizer needs_commit = False user = model.User.by_name(user_name) # Sysadmin or not log.debug('User roles in Drupal: %r', drupal_roles) should_be_sysadmin = bool( set(('administrator', 'package admin', 'publisher admin')) & set(drupal_roles)) is_sysadmin = Authorizer().is_sysadmin(user) if should_be_sysadmin and not is_sysadmin: # Make user a sysadmin model.add_user_to_role(user, model.Role.ADMIN, model.System()) log.info('User made a sysadmin: %s', user_name) needs_commit = True elif not should_be_sysadmin and is_sysadmin: # Stop user being a sysadmin model.remove_user_from_role(user, model.Role.ADMIN, model.System()) log.info('User now not a sysadmin: %s', user_name) needs_commit = True if needs_commit: model.repo.commit_and_remove()
def list(self, args): q = model.Session.query(model.UserObjectRole) q = self._filter_query(q, args) if q.count() == 0: print 'No results' else: print '%i results' % q.count() for uor in q: if uor.name: obj = getattr(uor, uor.name) else: obj = model.System() self.print_row(uor.user if uor.user else uor.authorized_group, uor.role, obj)
def remove(self): import ckan.model as model if len(self.args) < 2: print 'Need name of the user to be made sysadmin.' return username = self.args[1] user = model.User.by_name(unicode(username)) if not user: print 'Error: user "%s" not found!' % username return model.remove_user_from_role(user, model.Role.ADMIN, model.System()) model.repo.commit_and_remove()
def setup_class(cls): # setup test data including testsysadmin user CreateTestData.create() # Creating a couple of authorization groups, which are enough to break # some things just by their existence for ag_name in [u'anauthzgroup', u'anotherauthzgroup']: ag=model.AuthorizationGroup.by_name(ag_name) if not ag: #may already exist, if not create ag=model.AuthorizationGroup(name=ag_name) model.Session.add(ag) model.Session.commit() #they are especially dangerous if they have a role on the System ag = model.AuthorizationGroup.by_name(u'anauthzgroup') model.add_authorization_group_to_role(ag, u'editor', model.System()) model.Session.commit()
def authorize(method, bucket, key, user, ofs): """ Check authz for the user with a given bucket/key combo within a particular ofs implementation. """ if not method in ['POST', 'GET', 'PUT', 'DELETE']: abort(400) if method != 'GET': # do not allow overwriting if ofs.exists(bucket, key): abort(409) # now check user stuff username = user.name if user else '' is_authorized = authz.Authorizer.is_authorized(username, 'file-upload', model.System()) if not is_authorized: h.flash_error('Not authorized to upload files.') abort(401)
def setup_class(self): search.clear() setup_test_search_index() super(OnsLoaderBase, self).setup_class() # make annafan a sysadmin to allow package creation rev = model.repo.new_revision() user = model.User.by_name(u'annafan') model.add_user_to_role(user, model.Role.ADMIN, model.System()) model.repo.commit_and_remove() # create test publishers rev = model.repo.new_revision() for name, title in publishers.items(): model.Session.add( model.Group(name=unicode(name), title=title, type='publisher')) model.repo.commit_and_remove()
def setup(self): model.repo.init_db() CreateTestData.create() self.package_name = u'formsapi' self.package_name_alt = u'formsapialt' self.package_name_alt2 = u'formsapialt2' self.apikey_header_name = config.get('apikey_header_name', 'X-CKAN-API-Key') self.user = self.get_user_by_name(u'tester') if not self.user: self.user = self.create_user(name=u'tester') self.user = self.get_user_by_name(u'tester') model.add_user_to_role(self.user, model.Role.ADMIN, model.System()) model.repo.commit_and_remove() self.extra_environ = {self.apikey_header_name: str(self.user.apikey)} self.create_package(name=self.package_name)
def setup_class(self): # for the authorization editing tests we set up test data so: # three users, sysadmin , administrator, and another # one authzgroup, one group, one package # and administrator is admin on all three # one extra authzgroup, authzgroup2, with no permissions to start with model.repo.init_db() model.repo.new_revision() self.sysadmin = 'sysadmin' sysadmin_user = model.User(name=unicode(self.sysadmin)) self.admin = 'administrator' admin_user = model.User(name=unicode(self.admin)) self.another = 'another' another_user = model.User(name=unicode(self.another)) self.authzgroup = 'authzgroup' authzgroup = model.AuthorizationGroup(name=unicode(self.authzgroup)) self.group = 'group' group = model.Group(name=unicode(self.group)) self.authzgroup2 = 'authzgroup2' authzgroup2 = model.AuthorizationGroup(name=unicode(self.authzgroup2)) for obj in sysadmin_user, admin_user, another_user, authzgroup, group, authzgroup2: model.Session.add(obj) model.add_user_to_role(sysadmin_user, model.Role.ADMIN, model.System()) model.repo.commit_and_remove() model.repo.new_revision() self.pkg = u'dataset' pkg = model.Package(name=self.pkg) model.Session.add(pkg) admin_user = model.User.by_name(unicode(self.admin)) assert admin_user # setup all three authorization objects to have logged in and visitor as editors, and the admin as admin model.setup_user_roles(pkg, ['editor'], ['editor'], [admin_user]) model.setup_user_roles(authzgroup, ['editor'], ['editor'], [admin_user]) model.setup_user_roles(group, ['editor'], ['editor'], [admin_user]) model.repo.commit_and_remove()
def setup_class(self): CreateTestData.create() model.repo.new_revision() model.Session.add(model.Package(name=u'testpkg')) model.Session.add(model.Package(name=u'testpkg2')) model.Session.add(model.Package(name=u'private_pkg')) model.Session.add(model.User(name=u'testadmin')) # Cannot setup testsysadmin user as it is alreade done in # the default test data. #model.Session.add(model.User(name=u'testsysadmin')) model.Session.add(model.User(name=u'notadmin')) model.Session.add(model.Group(name=u'testgroup')) model.Session.add(model.Group(name=u'testgroup2')) model.repo.commit_and_remove() model.repo.new_revision() pkg = model.Package.by_name(u'testpkg') pkg2 = model.Package.by_name(u'testpkg2') private_pkg = model.Package.by_name(u'private_pkg') pkg.add_relationship(u'depends_on', pkg2) pkg.add_relationship(u'depends_on', private_pkg) model.repo.commit_and_remove() pkg = model.Package.by_name(u'testpkg') grp = model.Group.by_name(u'testgroup') admin = model.User.by_name(u'testadmin') sysadmin = model.User.by_name(u'testsysadmin') notadmin = model.User.by_name(u'notadmin') model.add_user_to_role(admin, model.Role.ADMIN, pkg) model.add_user_to_role(admin, model.Role.ADMIN, grp) model.add_user_to_role(sysadmin, model.Role.ADMIN, model.System()) model.add_user_to_role(notadmin, model.Role.READER, pkg) model.add_user_to_role(notadmin, model.Role.READER, pkg2) model.repo.commit_and_remove() self.authorizer = ckan.authz.Authorizer() self.pkg = model.Package.by_name(u'testpkg') self.pkg2 = model.Package.by_name(u'testpkg2') self.private_pkg = model.Package.by_name(u'private_pkg') self.grp = model.Group.by_name(u'testgroup') self.grp2 = model.Group.by_name(u'testgroup2') self.admin = model.User.by_name(u'testadmin') self.sysadmin = model.User.by_name(u'testsysadmin') self.notadmin = model.User.by_name(u'notadmin')
def list(self, args): from ckan import model q = model.Session.query(model.UserObjectRole) q = self._filter_query(q, args) if q.count() == 0: print 'No results' else: print '%i results' % q.count() for uor in q: if uor.name: try: obj = getattr(uor, uor.name) except ObjectDeletedError, e: print '! ERROR accessing uor id: ', uor.id continue else: obj = model.System() print RightsTool.get_printable_row(uor.user if uor.user else '', uor.role, obj)
def anon_editor_role_delete(context, data_dict): ''' Deletes reader role for the given user who gets editor role :returns: on success True otherwise False :rtype: string ''' if (check_access('admin_role_create', context, data_dict) == True): user_name = data_dict.get('user_name') log.info('Creating reader role for user: %r', user_name) try: user = model.User.get(user_name) authz.remove_user_from_role(user, u'anon_editor', model.System()) model.Session.commit() return {'success': True} except: return {'success': False, 'error': traceback.print_exc()} else: return {'success': False, 'msg': 'authentication failed'}
def setup_class(self): CreateTestData.create() q = model.Session.query(model.UserObjectRole).filter( sa.or_(model.UserObjectRole.role == Role.EDITOR, model.UserObjectRole.role == Role.ANON_EDITOR, model.UserObjectRole.role == Role.READER)) q = q.filter( model.UserObjectRole.user == model.User.by_name(u"visitor")) for role in q: model.Session.delete(role) model.repo.commit_and_remove() model.repo.new_revision() model.Session.add(model.Package(name=u'testpkg')) model.Session.add(model.Package(name=u'testpkg2')) model.Session.add(model.User(name=u'testadmin')) # Cannot setup testsysadmin user as it is alreade done in # the default test data. #model.Session.add(model.User(name=u'testsysadmin')) model.Session.add(model.User(name=u'notadmin')) model.Session.add(model.Group(name=u'testgroup')) model.Session.add(model.Group(name=u'testgroup2')) model.repo.commit_and_remove() pkg = model.Package.by_name(u'testpkg') grp = model.Group.by_name(u'testgroup') admin = model.User.by_name(u'testadmin') sysadmin = model.User.by_name(u'testsysadmin') model.add_user_to_role(admin, model.Role.ADMIN, pkg) model.add_user_to_role(admin, model.Role.ADMIN, grp) model.add_user_to_role(sysadmin, model.Role.ADMIN, model.System()) model.repo.commit_and_remove() self.authorizer = ckan.authz.Authorizer() self.pkg = model.Package.by_name(u'testpkg') self.pkg2 = model.Package.by_name(u'testpkg2') self.grp = model.Group.by_name(u'testgroup') self.grp2 = model.Group.by_name(u'testgroup2') self.admin = model.User.by_name(u'testadmin') self.sysadmin = model.User.by_name(u'testsysadmin') self.notadmin = model.User.by_name(u'notadmin')
def add(self): from ckan import model if len(self.args) < 2: print 'Need name of the user to be made sysadmin.' return username = self.args[1] user = model.User.by_name(unicode(username)) if not user: print 'User "%s" not found' % username makeuser = raw_input('Create new user: %s? [y/n]' % username) if makeuser == 'y': password = UserCmd.password_prompt() print('Creating %s user' % username) user = model.User(name=unicode(username), password=password) else: print 'Exiting ...' return model.add_user_to_role(user, model.Role.ADMIN, model.System()) model.repo.commit_and_remove() print 'Added %s as sysadmin' % username
def editor_role_create(context, data_dict): ''' Creates a new editor role for the given user :param user_name: the name of the user who gets editor role :returns: on success True otherwise False :rtype: string ''' if (check_access('editor_role_create', context, data_dict) == True): user_name = data_dict.get('user_name') log.info('Creating editor role for user: %r', user_name) try: user = model.User.get(user_name) authz.add_user_to_role(user, u'editor', model.System()) model.Session.commit() return {'success': True} except: return {'success': False, 'msg': traceback.print_exc()} else: return {'success': False, 'msg': 'authentication failed'}
def admin_role_delete(context, data_dict): ''' Deletes admin role for the given user :param user_name: the name of the user :returns: on success True otherwise False :rtype: string ''' if (check_access('admin_role_create', context, data_dict) == True): user_name = data_dict.get('user_name') log.info('Creating admin role for user: %r', user_name) try: user = model.User.get(user_name) authz.remove_user_from_role(user, u'admin', model.System()) model.Session.commit() return {'success': True} except: return {'success': False} else: return {'success': False, 'msg': 'authentication failed'}