def search_add(context, data_dict):
username = context.get('user')
user = new_authz.get_user_id_for_username(username, allow_none=True)
#JOE#
#if user is None:
# return {'success': False, 'msg': 'Not authorized'}
return {'success': True}
def search_add(context, data_dict):
'''
Add an item to the search_history for the current user.
:param content: Search query to add to history
:type content: string
'''
try:
tk.check_access('ckanext_search_history_add', context, data_dict)
except tk.NotAuthorized:
#JOE#
#tk.abort(401, tk._('Not authorized to add history item'))
pass
if db.search_history_table is None:
db.init_db(context['model'])
content = tk.get_or_bust(data_dict, 'content')
username = context.get('user')
#JOE#
#user_id = new_authz.get_user_id_for_username(username, allow_none=False)
user_id = new_authz.get_user_id_for_username(username, allow_none=True)
search_history = db.SearchHistory()
search_history.content = content
search_history.user_id = user_id
session = context['session']
session.add(search_history)
session.commit()
return db.table_dictize(search_history, context)
def search_list(context, data_dict):
'''
List the search history
:param limit: The number of items to show (optional, default: 10)
:type limit: int
'''
if db.search_history_table is None:
db.init_db(context['model'])
tk.check_access('search_history_list', context, data_dict)
username = context.get('user')
user = new_authz.get_user_id_for_username(username, allow_none=False)
# Get the limit and put a hard upper limit on it
limit = data_dict.get('limt', 10)
if limit > 25:
limit = 25
history = db.SearchHistory.search_history(user_id=user, limit=limit)
result = []
if history:
for item in history:
data_dict = db.table_dictize(item, context)
data_dict['params'] = json.loads(data_dict.get('params'))
result.append(data_dict)
return result
def search_add(context, data_dict):
'''
Add an item to the search_history for the current user.
:param content: Search query to add to history
:type content: string
'''
try:
tk.check_access('ckanext_search_history_add', context, data_dict)
except tk.NotAuthorized:
#JOE#
#tk.abort(401, tk._('Not authorized to add history item'))
pass
if db.search_history_table is None:
db.init_db(context['model'])
content = tk.get_or_bust(data_dict, 'content')
username = context.get('user')
#JOE#
#user_id = new_authz.get_user_id_for_username(username, allow_none=False)
user_id = new_authz.get_user_id_for_username(username, allow_none=True)
search_history = db.SearchHistory()
search_history.content = content
search_history.user_id = user_id
session = context['session']
session.add(search_history)
session.commit()
return db.table_dictize(search_history, context)
def organization_create(context, data_dict=None):
user = context['user']
user = new_authz.get_user_id_for_username(user, allow_none=True)
if user and new_authz.check_config_permission('user_create_organizations'):
return {'success': True}
return {'success': False,
'msg': _('User %s not authorized to create organizations') % user}
def organization_create(context, data_dict=None):
user = context['user']
user = new_authz.get_user_id_for_username(user, allow_none=True)
if user and new_authz.check_config_permission('user_create_organizations'):
return {'success': True}
return {'success': False,
'msg': _('User %s not authorized to create organizations') % user}
def organization_list_for_user(context, data_dict):
perm = data_dict.get('permission')
if perm in ['create_dataset', 'update_dataset', 'delete_dataset']:
# Create a copy of the data dict, and change the request permission to
# 'read' which will be granted to all members of a group.
data_dict = dict(data_dict.items() + {'permission': 'read'}.items())
#return fb(context, data_dict)
#return core_org_list_for_user(context, data_dict)
'''Return the list of organizations that the user is a member of.
:param permission: the permission the user has against the returned organizations
(optional, default: ``edit_group``)
:type permission: string
:returns: list of dictized organizations that the user is authorized to edit
:rtype: list of dicts
'''
model = context['model']
user = context['user']
_check_access('organization_list_for_user', context, data_dict)
sysadmin = new_authz.is_sysadmin(user)
orgs_q = model.Session.query(model.Group) \
.filter(model.Group.is_organization == True) \
.filter(model.Group.state == 'active')
if not sysadmin:
# for non-Sysadmins check they have the required permission
permission = data_dict.get('permission', 'edit_group')
roles = ckan.new_authz.get_roles_with_permission(permission)
if not roles:
return []
user_id = new_authz.get_user_id_for_username(user, allow_none=True)
if not user_id:
return []
q = model.Session.query(model.Member) \
.filter(model.Member.table_name == 'user') \
.filter(model.Member.capacity.in_(roles)) \
.filter(model.Member.table_id == user_id)
group_ids = []
for row in q.all():
group_ids.append(row.group_id)
if not group_ids:
return []
orgs_q = orgs_q.filter(model.Group.id.in_(group_ids))
orgs_list = model_dictize.group_list_dictize(orgs_q.all(), context)
return orgs_list
def search_add(context, data_dict):
username = context.get('user')
user = new_authz.get_user_id_for_username(username, allow_none=True)
#JOE#
#if user is None:
# return {'success': False, 'msg': 'Not authorized'}
return {'success': True}
def organization_list_for_user(context, data_dict):
'''Return the organizations that the user has a given permission for.
By default this returns the list of organizations that the currently
authorized user can edit, i.e. the list of organizations that the user is an
admin of.
Specifically it returns the list of organizations that the currently
authorized user has a given permission (for example: "edit_group") against.
When a user becomes a member of an organization in CKAN they're given a
"capacity" (sometimes called a "role"), for example "member", "editor" or
"admin".
Each of these roles has certain permissions associated with it. For example
the admin role has the "admin" permission (which means they have permission
to do anything). The editor role has permissions like "create_dataset",
"update_dataset" and "delete_dataset". The member role has the "read"
permission.
This function returns the list of organizations that the authorized user has
a given permission for. For example the list of organizations that the user
is an admin of, or the list of organizations that the user can create
datasets in.
:param permission: the permission the user has against the
returned organizations, for example ``"read"`` or ``"create_dataset"``
(optional, default: ``"edit_group"``)
:type permission: string
:returns: list of organizations that the user has the given permission for
:rtype: list of dicts
'''
model = context['model']
user = context['user']
logic.check_access('organization_list_for_user', context, data_dict)
sysadmin = new_authz.is_sysadmin(user)
orgs_q = model.Session.query(model.Group) \
.filter(model.Group.is_organization == True) \
.filter(model.Group.state == 'active')
user_roles = user_custom_roles(context, data_dict)
if not sysadmin and not Roles.MOD_R_DATA in user_roles:
# for non-Sysadmins check they have the required permission
permission = data_dict.get('permission', 'edit_group')
roles = new_authz.get_roles_with_permission(permission)
if not roles:
return []
user_id = new_authz.get_user_id_for_username(user, allow_none=True)
if not user_id:
return []
q = model.Session.query(model.Member) \
.filter(model.Member.table_name == 'user') \
.filter(model.Member.capacity.in_(roles)) \
.filter(model.Member.table_id == user_id) \
.filter(model.Member.state == 'active')
group_ids = []
for row in q.all():
group_ids.append(row.group_id)
if not group_ids:
return []
orgs_q = orgs_q.filter(model.Group.id.in_(group_ids))
orgs_list = model_dictize.group_list_dictize(orgs_q.all(), context)
return orgs_list
def organization_list_for_user(context, data_dict):
'''Return the organizations that the user has a given permission for.
By default this returns the list of organizations that the currently
authorized user can edit, i.e. the list of organizations that the user is an
admin of.
Specifically it returns the list of organizations that the currently
authorized user has a given permission (for example: "edit_group") against.
When a user becomes a member of an organization in CKAN they're given a
"capacity" (sometimes called a "role"), for example "member", "editor" or
"admin".
Each of these roles has certain permissions associated with it. For example
the admin role has the "admin" permission (which means they have permission
to do anything). The editor role has permissions like "create_dataset",
"update_dataset" and "delete_dataset". The member role has the "read"
permission.
This function returns the list of organizations that the authorized user has
a given permission for. For example the list of organizations that the user
is an admin of, or the list of organizations that the user can create
datasets in.
:param permission: the permission the user has against the
returned organizations, for example ``"read"`` or ``"create_dataset"``
(optional, default: ``"edit_group"``)
:type permission: string
:returns: list of organizations that the user has the given permission for
:rtype: list of dicts
'''
model = context['model']
user = context['user']
logic.check_access('organization_list_for_user', context, data_dict)
sysadmin = new_authz.is_sysadmin(user)
orgs_q = model.Session.query(model.Group) \
.filter(model.Group.is_organization == True) \
.filter(model.Group.state == 'active')
user_roles = user_custom_roles(context, data_dict)
if not sysadmin and not 'datovy-kurator' in user_roles:
# for non-Sysadmins check they have the required permission
permission = data_dict.get('permission', 'edit_group')
roles = new_authz.get_roles_with_permission(permission)
if not roles:
return []
user_id = new_authz.get_user_id_for_username(user, allow_none=True)
if not user_id:
return []
q = model.Session.query(model.Member) \
.filter(model.Member.table_name == 'user') \
.filter(model.Member.capacity.in_(roles)) \
.filter(model.Member.table_id == user_id) \
.filter(model.Member.state == 'active')
group_ids = []
for row in q.all():
group_ids.append(row.group_id)
if not group_ids:
return []
orgs_q = orgs_q.filter(model.Group.id.in_(group_ids))
orgs_list = model_dictize.group_list_dictize(orgs_q.all(), context)
return orgs_list
def _service_organizations(self):
''' modified from organization_list_for_user '''
context = {'user': c.user}
data_dict = {'permission': 'create_dataset'}
user = context['user']
toolkit.check_access('organization_list_for_user', context, data_dict)
sysadmin = new_authz.is_sysadmin(user)
orgs_q = model.Session.query(model.Group) \
.filter(model.Group.is_organization == True) \
.filter(model.Group.state == 'active') # noqa
if not sysadmin:
# for non-Sysadmins check they have the required permission
permission = data_dict.get('permission', 'edit_group')
roles = new_authz.get_roles_with_permission(permission)
if not roles:
return []
user_id = new_authz.get_user_id_for_username(user, allow_none=True)
if not user_id:
return []
q = model.Session.query(model.Member) \
.filter(model.Member.table_name == 'user') \
.filter(model.Member.capacity.in_(roles)) \
.filter(model.Member.table_id == user_id) \
.filter(model.Member.state == 'active')
group_ids = []
for row in q.all():
group_ids.append(row.group_id)
if not group_ids:
return []
orgs_q = orgs_q.filter(model.Group.id.in_(group_ids))
orgs_q = orgs_q.join(model.GroupExtra).filter(model.GroupExtra.key == u'public_adminstration_organization') \
.filter(model.GroupExtra.value == u'true') # YTP modification
return model_dictize.group_list_dictize(orgs_q.all(), context)
def search_list(context, data_dict):
'''
List the search history
:param limit: The number of items to show (optional, default: 10)
:type limit: int
'''
tk.check_access('ckanext_search_history_list', context, data_dict)
if db.search_history_table is None:
db.init_db(context['model'])
username = context.get('user')
user = new_authz.get_user_id_for_username(username, allow_none=False)
limit = data_dict.get('limt')
history = db.SearchHistory.search_history(user_id=user, limit=limit)
result = []
if history:
for item in history:
result.append(db.table_dictize(item, context))
return result
def search_list(context, data_dict):
'''
List the search history
:param limit: The number of items to show (optional, default: 10)
:type limit: int
'''
tk.check_access('ckanext_search_history_list', context, data_dict)
if db.search_history_table is None:
db.init_db(context['model'])
username = context.get('user')
user = new_authz.get_user_id_for_username(username, allow_none=False)
limit = data_dict.get('limt')
history = db.SearchHistory.search_history(user_id=user, limit=limit)
result = []
if history:
for item in history:
result.append(db.table_dictize(item, context))
return result
def showings_list_admin(context, data_dict):
'''
Return a list of showings groups for which the authorized user is admin.
This is like login.action.get.group_list_authz, but without being tied up
with 'organizations' conditionals.
'''
model = context['model']
user = context['user']
toolkit.check_access('group_list_authz', context, data_dict)
if new_authz.auth_is_loggedin_user():
user_id = new_authz.get_user_id_for_username(user.get('name'),
allow_none=True)
else:
return []
if user_id is None:
return []
q = model.Session.query(model.Member) \
.filter(model.Member.table_name == 'user') \
.filter(model.Member.capacity == 'admin') \
.filter(model.Member.table_id == user_id)
group_ids = [row.group_id for row in q.all()]
if not group_ids:
return []
q = model.Session.query(model.Group) \
.filter(model.Group.type == 'showing') \
.filter(model.Group.state == 'active')
groups = q.filter(model.Group.id.in_(group_ids)).all()
group_list = model_dictize.group_list_dictize(groups, context)
return group_list
def search_add(context, data_dict):
'''
Add an item to the search_history for the current user.
:param params: Search query to add to history
:type params: string
'''
tk.check_access('search_history_add', context, data_dict)
if db.search_history_table is None:
db.init_db(context['model'])
data, errors = df.validate(data_dict, schema_add, context)
username = context.get('user')
user_id = new_authz.get_user_id_for_username(username, allow_none=False)
search_history = db.SearchHistory()
search_history.params = data.get('params')
search_history.user_id = user_id
session = context['session']
session.add(search_history)
session.commit()
return db.table_dictize(search_history, context)
def showings_list_admin(context, data_dict):
'''
Return a list of showings groups for which the authorized user is admin.
This is like login.action.get.group_list_authz, but without being tied up
with 'organizations' conditionals.
'''
model = context['model']
user = context['user']
toolkit.check_access('group_list_authz', context, data_dict)
if new_authz.auth_is_loggedin_user():
user_id = new_authz.get_user_id_for_username(user.get('name'), allow_none=True)
else:
return []
if user_id is None:
return []
q = model.Session.query(model.Member) \
.filter(model.Member.table_name == 'user') \
.filter(model.Member.capacity == 'admin') \
.filter(model.Member.table_id == user_id)
group_ids = [row.group_id for row in q.all()]
if not group_ids:
return []
q = model.Session.query(model.Group) \
.filter(model.Group.type == 'showing') \
.filter(model.Group.state == 'active')
groups = q.filter(model.Group.id.in_(group_ids)).all()
group_list = model_dictize.group_list_dictize(groups, context)
return group_list
def group_list_authz(context, data_dict):
''' Return the list of groups that the user is authorized to edit.
Action "group_list_authz" ovewrites core "group_list_authz" action.
It does so in order to allow users, other than the sysadmin, add/delete
members to/from a thematic group. The only precondition to that right,
is the user having at least editor rights for at least one organization.
:param available_only: remove the existing groups in the package
(optional, default: ``False``)
:type available_only: boolean
:param am_member: if True return only the groups the logged-in user is a
member of, otherwise return all groups that the user is authorized to
edit (for example, sysadmin users are authorized to edit all groups)
(optional, default: False)
:type am-member: boolean
:returns: list of dictized groups that the user is authorized to edit
:rtype: list of dicts
'''
model = context['model']
user = context['user']
available_only = data_dict.get('available_only', False)
am_member = data_dict.get('am_member', False)
_check_access('group_list_authz', context, data_dict)
sysadmin = new_authz.is_sysadmin(user)
roles = new_authz.get_roles_with_permission('update_dataset')
if not roles:
return []
user_id = new_authz.get_user_id_for_username(user, allow_none=True)
if not user_id:
return []
if not sysadmin or am_member:
q = model.Session.query(model.Member) \
.filter(model.Member.table_name == 'user') \
.filter(model.Member.capacity.in_(roles)) \
.filter(model.Member.table_id == user_id)
group_ids = []
for row in q.all():
group_ids.append(row.group_id)
if not group_ids:
return []
if context.get('package'):
package_org = context.get('package').owner_org
if package_org not in group_ids:
return []
q = model.Session.query(model.Group) \
.filter(model.Group.is_organization == False) \
.filter(model.Group.state == 'active')
groups = q.all()
if available_only:
package = context.get('package')
if package:
groups = set(groups) - set(package.get_groups())
group_list = model_dictize.group_list_dictize(groups, context)
return group_list
def group_list_authz(context, data_dict):
''' Return the list of groups that the user is authorized to edit.
Action "group_list_authz" ovewrites core "group_list_authz" action.
It does so in order to allow users, other than the sysadmin, add/delete
members to/from a thematic group. The only precondition to that right,
is the user having at least editor rights for at least one organization.
:param available_only: remove the existing groups in the package
(optional, default: ``False``)
:type available_only: boolean
:param am_member: if True return only the groups the logged-in user is a
member of, otherwise return all groups that the user is authorized to
edit (for example, sysadmin users are authorized to edit all groups)
(optional, default: False)
:type am-member: boolean
:returns: list of dictized groups that the user is authorized to edit
:rtype: list of dicts
'''
model = context['model']
user = context['user']
available_only = data_dict.get('available_only', False)
am_member = data_dict.get('am_member', False)
_check_access('group_list_authz',context, data_dict)
sysadmin = new_authz.is_sysadmin(user)
roles = new_authz.get_roles_with_permission('update_dataset')
if not roles:
return []
user_id = new_authz.get_user_id_for_username(user, allow_none=True)
if not user_id:
return []
if not sysadmin or am_member:
q = model.Session.query(model.Member) \
.filter(model.Member.table_name == 'user') \
.filter(model.Member.capacity.in_(roles)) \
.filter(model.Member.table_id == user_id)
group_ids = []
for row in q.all():
group_ids.append(row.group_id)
if not group_ids:
return []
if context.get('package'):
package_org = context.get('package').owner_org
if package_org not in group_ids:
return []
q = model.Session.query(model.Group) \
.filter(model.Group.is_organization == False) \
.filter(model.Group.state == 'active')
groups = q.all()
if available_only:
package = context.get('package')
if package:
groups = set(groups) - set(package.get_groups())
group_list = model_dictize.group_list_dictize(groups, context)
return group_list
def organization_update(context, data_dict):
""" This overrides CKAN's auth function to make sure that user has permission to use a specific parent organization. """
group = logic_auth.get_group_object(context, data_dict)
user = context['user']
# Check that user has admin permissions in selected parent organizations
if data_dict and data_dict.get('groups'):
admin_in_orgs = model.Session.query(model.Member).filter(model.Member.state == 'active').filter(model.Member.table_name == 'user') \
.filter(model.Member.capacity == 'admin').filter(model.Member.table_id == new_authz.get_user_id_for_username(user, allow_none=True))
for parent_org in data_dict['groups']:
if any(parent_org['name'] == admin_org.group.name for admin_org in admin_in_orgs):
break
else:
return {'success': False, 'msg': _('User %s is not administrator in the selected parent organization') % user}
if (data_dict and 'save' in data_dict and
data_dict.get('public_adminstration_organization', None) != group.extras.get('public_adminstration_organization', None)):
return {'success': False, 'msg': _('User %s is not allowed to change the public organization option') % user}
authorized = new_authz.has_user_permission_for_group_or_org(group.id, user, 'update')
if not authorized:
return {'success': False,
'msg': _('User %s not authorized to edit organization %s') %
(user, group.id)}
else:
return {'success': True}
def organization_list_for_user(context, data_dict):
'''Return the list of organizations that the user is a member of.
:param permission: the permission the user has against the returned organizations
(optional, default: ``edit_group``)
:type permission: string
:returns: list of dictized organizations that the user is authorized to edit
:rtype: list of dicts
'''
model = context['model']
user = context['user']
_check_access('organization_list_for_user',context, data_dict)
sysadmin = new_authz.is_sysadmin(user)
orgs_q = model.Session.query(model.Group) \
.filter(model.Group.is_organization == True) \
.filter(model.Group.state == 'active')
if not sysadmin:
# for non-Sysadmins check they have the required permission
permission = data_dict.get('permission', 'edit_group')
roles = ckan.new_authz.get_roles_with_permission(permission)
if not roles:
return []
user_id = new_authz.get_user_id_for_username(user, allow_none=True)
if not user_id:
return []
q = model.Session.query(model.Member) \
.filter(model.Member.table_name == 'user') \
.filter(model.Member.capacity.in_(roles)) \
.filter(model.Member.table_id == user_id) \
.filter(model.Member.state == 'active')
group_ids = []
for row in q.all():
group_ids.append(row.group_id)
if not group_ids:
return []
orgs_q = orgs_q.filter(model.Group.id.in_(group_ids))
orgs_list_complete = orgs_q.all()
orgs_list = model_dictize.group_list_dictize(orgs_list_complete, context)
#to be used in case we want to display the created field
# org_list_map ={}
# for it in orgs_list_complete:
# org_list_map[it.id]=it
# for it in orgs_list:
# id=it['id']
# org = org_list_map[id]
# it['created']=org.created.isoformat()
return orgs_list
