def restricted_resource_show(context, data_dict=None):
# Ensure user who can edit the package can see the resource
resource = data_dict.get('resource', context.get('resource', {}))
if not resource:
resource = logic_auth.get_resource_object(context, data_dict)
if type(resource) is not dict:
resource = resource.as_dict()
if authz.is_authorized(
'package_update', context,
{'id': resource.get('package_id')}).get('success'):
return ({'success': True})
user_name = logic.restricted_get_username_from_context(context)
package = data_dict.get('package', {})
if not package:
logger.warning('restricted_resource_show was called without a Package in data_dict. Extra API call is required')
model = context['model']
package = model.Package.get(resource.get('package_id'))
package = package.as_dict()
return (logic.restricted_check_user_resource_access(
user_name, resource, package))
def restricted_check_access(context, data_dict):
package_id = data_dict.get('package_id', False)
resource_id = data_dict.get('resource_id', False)
user_name = logic.restricted_get_username_from_context(context)
if not package_id:
raise ValidationError('Missing package_id')
if not resource_id:
raise ValidationError('Missing resource_id')
log.debug("action.restricted_check_access: user_name = " + str(user_name))
log.debug("checking package " + str(package_id))
package_dict = get_action('package_show')(dict(context,
return_type='dict'), {
'id': package_id
})
log.debug("checking resource")
resource_dict = get_action('resource_show')(dict(context,
return_type='dict'), {
'id': resource_id
})
return logic.restricted_check_user_resource_access(user_name,
resource_dict,
package_dict)
def _restricted_resource_list_hide_fields(context, resource_list):
restricted_resources_list = []
for resource in resource_list:
# copy original resource
restricted_resource = dict(resource)
# get the restricted fields
restricted_dict = logic.restricted_get_restricted_dict(
restricted_resource)
# hide other fields in restricted to everyone but dataset owner(s)
if not authz.is_authorized('package_update', context, {
'id': resource.get('package_id')
}).get('success'):
user_name = logic.restricted_get_username_from_context(context)
# hide partially other allowed user_names (keep own)
allowed_users = []
for user in restricted_dict.get('allowed_users'):
if len(user.strip()) > 0:
if user_name == user:
allowed_users.append(user_name)
else:
allowed_users.append(user[0:3] + '*****' + user[-2:])
new_restricted = json.dumps({
'level':
restricted_dict.get("level"),
'allowed_users':
','.join(allowed_users)
})
extras_restricted = resource.get('extras',
{}).get('restricted', {})
if (extras_restricted):
restricted_resource['extras']['restricted'] = new_restricted
field_restricted_field = resource.get('restricted', {})
if (field_restricted_field):
restricted_resource['restricted'] = new_restricted
restricted_resources_list += [restricted_resource]
return restricted_resources_list