Esempio n. 1
0
    def before_view(self, pkg_dict):
        remote_addr = request.environ.get(u'HTTP_X_FORWARDED_FOR', u'')
        remote_addr = remote_addr if remote_addr else c.remote_addr
        if check_if_whitelisted(remote_addr) or check_if_whitelisted(c.remote_addr):
            return pkg_dict

        if not record_is_viewable(pkg_dict, c.userobj):
            base.abort(401, _('Unauthorized to read package %s') % pkg_dict.get("title"))

        return pkg_dict
Esempio n. 2
0
    def resource_read(self, id, resource_id):
        '''
        First calls ckan's default resource read to get the resource and package data.
        Then it checks if the resource can be viewed by the user
        '''

        result = super(SurreyPackageController, self).resource_read(id, resource_id)
        if not record_is_viewable(c.pkg_dict, c.userobj):
            base.abort(401, _('Unauthorized to read package %s') % id)
        if not resource_is_viewable(c.pkg_dict, c.userobj):
            base.abort(401, _('Unauthorized to read resource %s') % c.pkg_dict['name'])
        return result
Esempio n. 3
0
    def before_view(self, pkg_dict):
        remote_addr = request.environ.get(u'HTTP_X_FORWARDED_FOR', u'')
        remote_addr = remote_addr if remote_addr else c.remote_addr
        if check_if_whitelisted(remote_addr) or check_if_whitelisted(
                c.remote_addr):
            return pkg_dict

        if not record_is_viewable(pkg_dict, c.userobj):
            base.abort(
                401,
                _('Unauthorized to read package %s') % pkg_dict.get("title"))

        return pkg_dict
Esempio n. 4
0
    def read(self, id):
        '''
                First calls ckan's default read to get package data.
                Then it checks if the package can be viewed by the user
                '''
        # the ofi object is now in the global vars for this view, to use it in templates, call `c.ofi`
        result = super(SurreyPackageController, self).read(id)

        log.debug('Called read method')
        # Check if user can view this record
        if not record_is_viewable(c.pkg_dict, c.userobj):
            base.abort(401, _('Unauthorized to read package %s') % id)
        return result
Esempio n. 5
0
    def resource_download(self, id, resource_id, filename=None):
        context = {'model': model, 'session': model.Session,
                   'user': c.user or c.author, 'auth_user_obj': c.userobj}
        try:
            pkg = get_action('package_show')(context, {'id': id})
        except NotFound:
            abort(404, _('Resource not found'))
        except NotAuthorized:
            abort(401, _('Unauthorized to read resource %s') % id)

        if not record_is_viewable(pkg, c.userobj):
            base.abort(401, _('Unauthorized to read package %s') % id)
        if not resource_is_viewable(pkg, c.userobj):
            base.abort(401, _('Unauthorized to read resource %s') % pkg['name'])
        result = super(SurreyPackageController, self).resource_download(id, resource_id, filename)
        return result
Esempio n. 6
0
    def restricted_package_show(self):
        '''
        Returns record's data with the given id only if the user is allowed to view the record.
        '''
        # FIXME: use IAuth plugin for authorization check and
        # use IPackageController to fill in extra values
        # then remove this method

        help_str = "Shows the package info with the given id. Param : id"
        pkg_id = request.params.get('id', '')
        return_dict = {"help": help_str}
        try:
            context = {'model': model, 'session': model.Session, 'user': c.user, 'auth_user_obj': c.userobj}
            pkg = get_action('package_show')(context, {'id': pkg_id})

            from ckanext.surrey.util.util import record_is_viewable, resource_is_viewable

            if not record_is_viewable(pkg, c.userobj):
                return_dict['success'] = False
                return_dict['error'] = {'__type': 'Authorization Error', 'message': _('Access denied')}
                return self._finish(403, return_dict, content_type='json')
            if not resource_is_viewable(pkg, c.userobj):
                pkg['resources'] = None
                return_dict[
                    'msg'] = "Access to these resources are restricted. Please submit an FOI request via http://www.surrey.ca/city-government/3062.aspx or contact [email protected]."
            return_dict['success'] = True
            return_dict['result'] = pkg
        except NotFound as e:
            return_dict['error'] = {'__type': 'Not Found Error',
                                    'message': _('Not found')}
            if hasattr(e, 'extra_msg'):
                return_dict['error']['message'] += ': %s' % e.extra_msg
            return_dict['success'] = False
            return self._finish(404, return_dict, content_type='json')
        except ValidationError as e:
            error_dict = e.error_dict
            error_dict['__type'] = 'Validation Error'
            return_dict['error'] = error_dict
            return_dict['success'] = False
            # CS nasty_string ignore
            log.error('Validation error: %r' % str(e.error_dict))
            return self._finish(200, return_dict, content_type='json')

        return self._finish_ok(return_dict)