def assign(package_type, dataset_id):
user_id = getattr(toolkit.c.userobj, 'id', None)
# Get curation data
try:
context, dataset, curation = _get_curation_data(dataset_id, user_id)
except (toolkit.ObjectNotFound, toolkit.NotAuthorized):
message = 'Not authorized to read dataset "%s"'
return toolkit.abort(403, message % dataset_id)
# Authorize context
if 'assign' not in curation['actions']:
message = 'This action is not available for the dataset "%s"'
toolkit.h.flash_error(message % dataset['title'])
return toolkit.redirect_to('deposited-dataset.read', id=dataset['name'])
context['ignore_auth'] = True
# Update dataset
curator_id = toolkit.request.form.get('curator_id')
if curator_id:
dataset['curator_id'] = curator_id
else:
dataset.pop('curator_id', None)
try:
dataset = toolkit.get_action('package_update')(context, dataset)
except toolkit.ValidationError:
message = 'Curator is invalid'
return toolkit.abort(403, message)
# Update activity stream
if curator_id:
context = _get_context(ignore_auth=True)
curator = toolkit.get_action('user_show')(context, {'id': curator_id})
create_curation_activity('curator_assigned', dataset['id'],
dataset['name'], user_id, curator_name=curator['name'])
else:
create_curation_activity('curator_removed', dataset['id'],
dataset['name'], user_id)
# Send notification email
recipient = None
if curator_id:
action = 'assign'
recipient = {'name': curator['id'], 'title': curator['display_name']}
elif curation['contacts']['curator']:
action = 'assign_remove'
recipient = curation['contacts']['curator']
if recipient:
subj = mailer.compose_curation_email_subj(dataset)
body = mailer.compose_curation_email_body(
dataset, curation, recipient['title'], action)
mailer.mail_user_by_id(recipient['name'], subj, body)
# Show flash message and redirect
message = 'Dataset "%s" Curator updated'
toolkit.h.flash_success(message % dataset['title'])
return toolkit.redirect_to('deposited-dataset.read', id=dataset['name'])
def approve(package_type, dataset_id):
user_id = getattr(toolkit.c.userobj, 'id', None)
# Get curation data
try:
context, dataset, curation = _get_curation_data(dataset_id, user_id)
except (toolkit.ObjectNotFound, toolkit.NotAuthorized):
message = 'Not authorized to read dataset "%s"'
return toolkit.abort(403, message % dataset_id)
# Authorize context
if 'approve' not in curation['actions']:
message = 'This action is not available for the dataset "%s"'
toolkit.h.flash_error(message % dataset['title'])
return toolkit.redirect_to('deposited-dataset.read', id=dataset['name'])
context['ignore_auth'] = True
# Update dataset
try:
# We also set type in context to allow type switching by ckan patch
dataset = helpers.convert_deposited_dataset_to_regular_dataset(dataset)
dataset = toolkit.get_action('package_update')(
dict(
list(context.items()) +
list({'type': dataset['type']}.items())
),
dataset
)
except toolkit.ValidationError as error:
message = 'Deposited dataset "%s" is invalid\n(validation error summary: %s)'
return toolkit.abort(403, message % (dataset_id, error.error_summary))
# Update activity stream
message = toolkit.request.form.get('message')
create_curation_activity('dataset_approved', dataset['id'],
dataset['name'], user_id, message=message)
# Send notification email
message = toolkit.request.form.get('message')
if curation['state'] == 'submitted':
recipient = curation['contacts']['depositor']
elif curation['state'] == 'review':
recipient = curation['contacts']['curator']
if recipient:
subj = mailer.compose_curation_email_subj(dataset)
body = mailer.compose_curation_email_body(
dataset, curation, recipient['title'], 'approve', message=message)
mailer.mail_user_by_id(recipient['name'], subj, body)
# Show flash message and redirect
message = 'Dataset "%s" approved and moved to the destination data container'
toolkit.h.flash_success(message % dataset['title'])
return toolkit.redirect_to('deposited-dataset.read', id=dataset['name'])
def request_changes(package_type, dataset_id):
user_id = getattr(toolkit.c.userobj, 'id', None)
# Get curation data
try:
context, dataset, curation = _get_curation_data(dataset_id, user_id)
except (toolkit.ObjectNotFound, toolkit.NotAuthorized):
message = 'Not authorized to read dataset "%s"'
return toolkit.abort(403, message % dataset_id)
# Authorize context
if 'request_changes' not in curation['actions']:
message = 'This action is not available for the dataset "%s"'
toolkit.h.flash_error(message % dataset['title'])
return toolkit.redirect_to('deposited-dataset.read', id=dataset['name'])
context['ignore_auth'] = True
# Update dataset
if dataset['curation_state'] == 'review':
dataset['curation_state'] = 'submitted'
else:
dataset['curation_state'] = 'draft'
dataset = toolkit.get_action('package_update')(context, dataset)
# Update activity stream
message = toolkit.request.form.get('message')
create_curation_activity('changes_requested', dataset['id'],
dataset['name'], user_id, message=message)
# Send notification email
message = toolkit.request.form.get('message')
if curation['state'] == 'submitted':
recipient = curation['contacts']['depositor']
elif curation['state'] == 'review':
recipient = curation['contacts']['curator']
if recipient:
subj = mailer.compose_curation_email_subj(dataset)
body = mailer.compose_curation_email_body(
dataset, curation, recipient['title'], 'request_changes', message=message)
mailer.mail_user_by_id(recipient['name'], subj, body)
# Show flash message and redirect
message = 'Dataset "%s" changes requested'
toolkit.h.flash_success(message % dataset['title'])
return toolkit.redirect_to('deposited-dataset.read', id=dataset['name'])
def submit(package_type, dataset_id):
user_id = getattr(toolkit.c.userobj, 'id', None)
# Get curation data
try:
context, dataset, curation = _get_curation_data(dataset_id, user_id)
except (toolkit.ObjectNotFound, toolkit.NotAuthorized):
message = 'Not authorized to read dataset "%s"'
return toolkit.abort(403, message % dataset_id)
# Authorize context
if 'submit' not in curation['actions']:
message = 'This action is not available for the dataset "%s"'
toolkit.h.flash_error(message % dataset['title'])
return toolkit.redirect_to('deposited-dataset.read', id=dataset['name'])
context['ignore_auth'] = True
# Update dataset
dataset['curation_state'] = 'submitted'
dataset = toolkit.get_action('package_update')(context, dataset)
# Update activity stream
message = toolkit.request.form.get('message')
create_curation_activity('dataset_submitted', dataset['id'],
dataset['name'], user_id, message=message)
# Send notification email
message = toolkit.request.form.get('message')
curator = curation['contacts']['curator']
# We don't bother all curators if someone is already assigned
users = [curator] if curator else helpers.get_data_curation_users(dataset)
for user in users:
subj = mailer.compose_curation_email_subj(dataset)
body = mailer.compose_curation_email_body(
dataset, curation, user['display_name'], 'submit', message=message)
toolkit.enqueue_job(mailer.mail_user_by_id, [user['id'], subj, body])
# Show flash message and redirect
message = 'Dataset "%s" submitted'
toolkit.h.flash_success(message % dataset['title'])
return toolkit.redirect_to('deposited-dataset.read', id=dataset['name'])
def request_review(package_type, dataset_id):
user_id = getattr(toolkit.c.userobj, 'id', None)
# Get curation data
try:
context, dataset, curation = _get_curation_data(dataset_id, user_id)
except (toolkit.ObjectNotFound, toolkit.NotAuthorized):
message = 'Not authorized to read dataset "%s"'
return toolkit.abort(403, message % dataset_id)
# Authorize context
if 'request_review' not in curation['actions']:
message = 'This action is not available for the dataset "%s"'
toolkit.h.flash_error(message % dataset['title'])
return toolkit.redirect_to('deposited-dataset.read', id=dataset['name'])
context['ignore_auth'] = True
# Update dataset
dataset['curation_state'] = 'review'
dataset = toolkit.get_action('package_update')(context, dataset)
# Update activity stream
message = toolkit.request.form.get('message')
context = _get_context(ignore_auth=True)
depositor = toolkit.get_action('user_show')(context, {'id': dataset['creator_user_id']})
create_curation_activity('final_review_requested', dataset['id'],
dataset['name'], user_id, message=message, depositor_name=depositor['name'])
# Send notification email
message = toolkit.request.form.get('message')
depositor = curation['contacts']['depositor']
subj = mailer.compose_curation_email_subj(dataset)
body = mailer.compose_curation_email_body(
dataset, curation, depositor['title'], 'request_review', message=message)
mailer.mail_user_by_id(depositor['name'], subj, body)
# Show flash message and redirect
message = 'Dataset "%s" review requested'
toolkit.h.flash_success(message % dataset['title'])
return toolkit.redirect_to('deposited-dataset.read', id=dataset['name'])
def withdraw(package_type, dataset_id):
user_id = getattr(toolkit.c.userobj, 'id', None)
# Get curation data
try:
context, dataset, curation = _get_curation_data(dataset_id, user_id)
except (toolkit.ObjectNotFound, toolkit.NotAuthorized):
message = 'Not authorized to read dataset "%s"'
return toolkit.abort(403, message % dataset_id)
# Authorize context
if 'withdraw' not in curation['actions']:
message = 'This action is not available for the dataset "%s"'
toolkit.h.flash_error(message % dataset['title'])
return toolkit.redirect_to('deposited-dataset.read', id=dataset['name'])
context['ignore_auth'] = True
# Delete withdrawn dataset, but first update its name so it can be reused
new_name = _get_withdrawn_dataset_name(dataset['name'])
toolkit.get_action('package_patch')(context, {'id': dataset_id, 'name': new_name})
toolkit.get_action('package_delete')(context, {'id': dataset_id})
# Update activity stream
message = toolkit.request.form.get('message')
create_curation_activity('dataset_withdrawn', dataset['id'],
dataset['name'], user_id, message=message)
# Send notification email
message = toolkit.request.form.get('message')
for user in helpers.get_data_curation_users(dataset):
subj = mailer.compose_curation_email_subj(dataset)
body = mailer.compose_curation_email_body(
dataset, curation, user['display_name'], 'withdraw', message=message)
mailer.mail_user_by_id(user['id'], subj, body)
# Show flash message and redirect
message = 'Dataset "%s" withdrawn'
toolkit.h.flash_error(message % dataset['title'])
return toolkit.redirect_to('data-container.read', id='data-deposit')
def setup(self):
self.sysadmin = core_factories.Sysadmin(name='sysadmin', id='sysadmin')
self.container1_admin = core_factories.User()
self.container1_member = core_factories.User()
self.container1 = factories.DataContainer(users=[
{
"name": self.container1_admin["name"],
"capacity": "admin"
},
{
"name": self.container1_member["name"],
"capacity": "member"
},
])
self.dataset1 = factories.Dataset(owner_org=self.container1["id"])
self.resource1 = factories.Resource(
package_id=self.dataset1['id'],
upload=mocks.FakeFileStorage(),
visibility="restricted",
url="http://fakeurl/test.txt",
url_type='upload',
)
create_curation_activity('dataset_approved',
self.dataset1['id'],
self.dataset1['name'],
self.sysadmin['id'],
message='asdf')
create_download_activity({'user': self.sysadmin['name']},
self.resource1['id'])
toolkit.get_action('activity_create')({
'ignore_auth': True
}, {
'user_id': self.sysadmin['name'],
'object_id': self.dataset1['id'],
'activity_type': 'changed package',
'data': {}
})
def test_users_who_can_approve(self, mock_notify_renewal_request):
""" Check what users can approve a renewal """
user = factories.ExternalUser()
container_admin = core_factories.User()
container_member = core_factories.User()
curator = core_factories.User()
container = factories.DataContainer(users=[
{
"name": container_admin["name"],
"capacity": "admin"
},
{
"name": container_member["name"],
"capacity": "member"
},
])
dataset = factories.Dataset(user=user, owner_org=container['id'])
activity = create_curation_activity('dataset_approved',
dataset['id'],
dataset['name'],
curator['id'],
message='x')
mock_notify_renewal_request.return_value = []
created, reason = request_renewal(user, activity)
assert created
assert reason is None
mock_notify_renewal_request.assert_called_once()
access_requests = get_existing_access_request(
user_id=user['id'],
object_id=user['id'],
status='requested',
)
access_request = access_requests[0]
users_who_can_approve = access_request.data.get(
'users_who_can_approve')
assert user['id'] not in users_who_can_approve
assert container_member['id'] not in users_who_can_approve
assert container_admin['id'] in users_who_can_approve
assert curator['id'] in users_who_can_approve