def list(self, id):
""" List all related items for a specific dataset """
context = {
"model": model,
"session": model.Session,
"user": c.user or c.author,
"extras_as_string": True,
"for_view": True,
}
data_dict = {"id": id}
try:
logic.check_access("package_show", context, data_dict)
except logic.NotFound:
base.abort(404, base._("Dataset not found"))
except logic.NotAuthorized:
base.abort(401, base._("Not authorized to see this page"))
try:
c.pkg_dict = logic.get_action("package_show")(context, data_dict)
c.pkg = context["package"]
c.resources_json = h.json.dumps(c.pkg_dict.get("resources", []))
except logic.NotFound:
base.abort(404, base._("Dataset not found"))
except logic.NotAuthorized:
base.abort(401, base._("Unauthorized to read package %s") % id)
c.action = "related"
c.related_count = c.pkg.related_count
c.num_followers = _get_action("dataset_follower_count")(context, {"id": c.pkg.id})
return base.render("related/related_list.html")
def package_relationship_create(context, data_dict):
"""
Permission for users to create a new package relationship requires that the
user share a group with both packages.
"""
model = context['model']
user = context['user']
id = data_dict.get('id', '')
id2 = data_dict.get('id2', '')
pkg1 = model.Package.get(id)
pkg2 = model.Package.get(id2)
if not pkg1 or not pkg2:
return {'success': False, 'msg': _('Two package IDs are required')}
pkg1grps = pkg1.get_groups('organization')
pkg2grps = pkg2.get_groups('organization')
usergrps = model.User.get( user ).get_groups('organization')
authorized = _groups_intersect( usergrps, pkg1grps ) and _groups_intersect( usergrps, pkg2grps )
if not authorized:
return {'success': False, 'msg': _('User %s not authorized to edit these packages') % str(user)}
else:
return {'success': True}
def resource_update(context, data_dict):
model = context["model"]
session = context["session"]
user = context["user"]
id = data_dict["id"]
schema = context.get("schema") or default_update_resource_schema()
model.Session.remove()
resource = model.Resource.get(id)
context["resource"] = resource
if not resource:
logging.error("Could not find resource " + id)
raise NotFound(_("Resource was not found."))
check_access("resource_update", context, data_dict)
data, errors = validate(data_dict, schema, context)
if errors:
model.Session.rollback()
raise ValidationError(errors, resource_error_summary(errors))
rev = model.repo.new_revision()
rev.author = user
if "message" in context:
rev.message = context["message"]
else:
rev.message = _(u"REST API: Update object %s") % data.get("name", "")
resource = resource_dict_save(data, context)
if not context.get("defer_commit"):
model.repo.commit()
return resource_dictize(resource, context)
def report_list(self, id):
# Setup dataset information
package_type = self._get_package_type(id.split("@")[0])
context = {
"model": model,
"session": model.Session,
"user": c.user or c.author,
"extras_as_string": True,
"schema": self._form_to_db_schema(package_type=package_type),
}
data_dict = {"id": id}
# check if package exists
try:
c.pkg_dict = get_action("package_show")(context, data_dict)
c.pkg = context["package"]
c.pkg_json = json.dumps(c.pkg_dict)
except NotFound:
abort(404, _("Dataset not found"))
except NotAuthorized:
abort(401, _("Unauthorized to read package %s") % id)
# Only package admins can see this page
try:
check_access("package_update", context)
except NotAuthorized, e:
abort(401, _("User %r not authorized to edit %s") % (c.user, id))
def package_show(context, data_dict):
""" Package show permission checks the user group if the state is deleted """
model = context['model']
package = get_package_object(context, data_dict)
if package.state == 'deleted':
if 'ignore_auth' in context and context['ignore_auth']:
return {'success': True}
user = context.get('user')
if not user:
return {'success': False, 'msg': _('User not authorized to read package %s') % (package.id)}
userobj = model.User.get( user )
if Authorizer().is_sysadmin(unicode(user)):
return {'success': True}
if not userobj:
return {'success': False, 'msg': _('User %s not authorized to read package %s') % (str(user),package.id)}
if not _groups_intersect( userobj.get_groups('publisher'), package.get_groups('publisher') ):
return {'success': False, 'msg': _('User %s not authorized to read package %s') % (str(user),package.id)}
return {'success': True}
def group_create(context, data_dict=None):
"""
Group create permission. If a group is provided, within which we want to create a group
then we check that the user is within that group. If not then we just say Yes for now
although there may be some approval issues elsewhere.
"""
model = context['model']
user = context['user']
if not model.User.get(user):
return {'success': False, 'msg': _('User is not authorized to create groups') }
if Authorizer.is_sysadmin(user):
return {'success': True}
try:
# If the user is doing this within another group then we need to make sure that
# the user has permissions for this group.
group = get_group_object( context )
except logic.NotFound:
return { 'success' : True }
userobj = model.User.get( user )
if not userobj:
return {'success': False, 'msg': _('User %s not authorized to create groups') % str(user)}
authorized = _groups_intersect( userobj.get_groups('organization'), [group] )
if not authorized:
return {'success': False, 'msg': _('User %s not authorized to create groups') % str(user)}
else:
return {'success': True}
def rating_create(context, data_dict):
model = context['model']
user = context.get("user")
package_ref = data_dict.get('package')
rating = data_dict.get('rating')
opts_err = None
if not package_ref:
opts_err = _('You must supply a package id or name (parameter "package").')
elif not rating:
opts_err = _('You must supply a rating (parameter "rating").')
else:
try:
rating_int = int(rating)
except ValueError:
opts_err = _('Rating must be an integer value.')
else:
package = model.Package.get(package_ref)
if rating < ratings.MIN_RATING or rating > ratings.MAX_RATING:
opts_err = _('Rating must be between %i and %i.') % (ratings.MIN_RATING, ratings.MAX_RATING)
elif not package:
opts_err = _('Package with name %r does not exist.') % package_ref
if opts_err:
raise ValidationError(opts_err)
user = model.User.by_name(user)
ratings.set_rating(user, package, rating_int)
package = model.Package.get(package_ref)
ret_dict = {'rating average':package.get_average_rating(),
'rating count': len(package.ratings)}
return ret_dict
def group_update(context, data_dict):
"""
Group edit permission. Checks that a valid user is supplied and that the user is
a member of the group currently with any capacity.
"""
model = context['model']
user = context.get('user','')
group = get_group_object(context, data_dict)
if not user:
return {'success': False, 'msg': _('Only members of this group are authorized to edit this group')}
# Sys admins should be allowed to update groups
if Authorizer().is_sysadmin(unicode(user)):
return { 'success': True }
# Only allow package update if the user and package groups intersect
userobj = model.User.get( user )
if not userobj:
return { 'success' : False, 'msg': _('Could not find user %s') % str(user) }
# Only admins of this group should be able to update this group
if not _groups_intersect( userobj.get_groups( 'organization', 'admin' ), [group] ):
return { 'success': False, 'msg': _('User %s not authorized to edit this group') % str(user) }
return { 'success': True }
def package_relationship_create(context, data_dict):
"""
Permission for users to create a new package relationship requires that the
user share a group with both packages.
"""
model = context["model"]
user = context["user"]
id = data_dict.get("id", "")
id2 = data_dict.get("id2", "")
pkg1 = model.Package.get(id)
pkg2 = model.Package.get(id2)
if not pkg1 or not pkg2:
return {"success": False, "msg": _("Two package IDs are required")}
pkg1grps = pkg1.get_groups("publisher")
pkg2grps = pkg2.get_groups("publisher")
usergrps = model.User.get(user).get_groups("publisher")
authorized = _groups_intersect(usergrps, pkg1grps) and _groups_intersect(usergrps, pkg2grps)
if not authorized:
return {"success": False, "msg": _("User %s not authorized to edit these packages") % str(user)}
else:
return {"success": True}
def list(self, id):
""" List all related items for a specific dataset """
context = {'model': model, 'session': model.Session,
'user': c.user or c.author,
'auth_user_obj': c.userobj,
'for_view': True}
data_dict = {'id': id}
try:
logic.check_access('package_show', context, data_dict)
except logic.NotFound:
base.abort(404, base._('Dataset not found'))
except logic.NotAuthorized:
base.abort(401, base._('Not authorized to see this page'))
try:
c.pkg_dict = logic.get_action('package_show')(context, data_dict)
c.related_list = logic.get_action('related_list')(context,
data_dict)
c.pkg = context['package']
c.resources_json = h.json.dumps(c.pkg_dict.get('resources', []))
except logic.NotFound:
base.abort(404, base._('Dataset not found'))
except logic.NotAuthorized:
base.abort(401, base._('Unauthorized to read package %s') % id)
return base.render("package/related_list.html")
def harvest_jobs_run(context,data_dict):
model = context['model']
user = context.get('user')
# Check user is logged in
if not user:
return {'success': False, 'msg': _('Only logged users are authorized to run harvest jobs')}
user_obj = User.get(user)
# Checks for non sysadmin users
if not Authorizer().is_sysadmin(user):
if not user_obj or len(user_obj.get_groups(u'publisher')) == 0:
return {'success': False, 'msg': _('User %s must belong to a publisher to run harvest jobs') % str(user)}
source_id = data_dict.get('source_id',False)
if not source_id:
return {'success': False, 'msg': _('Only sysadmins can run all harvest jobs') % str(user)}
source = HarvestSource.get(source_id)
if not source:
raise NotFound
if not source.publisher_id in [g.id for g in user_obj.get_groups(u'publisher')]:
return {'success': False, 'msg': _('User %s not authorized to run jobs from source %s') % (str(user),source.id)}
return {'success': True}
def resource_update(context, data_dict):
model = context['model']
session = context['session']
user = context['user']
id = data_dict["id"]
schema = context.get('schema') or default_update_resource_schema()
model.Session.remove()
resource = model.Resource.get(id)
context["resource"] = resource
if not resource:
raise NotFound(_('Resource was not found.'))
check_access('resource_update', context, data_dict)
data, errors = validate(data_dict, schema, context)
if errors:
model.Session.rollback()
raise ValidationError(errors, resource_error_summary(errors))
rev = model.repo.new_revision()
rev.author = user
if 'message' in context:
rev.message = context['message']
else:
rev.message = _(u'REST API: Update object %s') % data.get("name")
resource = resource_dict_save(data, context)
if not context.get('defer_commit'):
model.repo.commit()
return resource_dictize(resource, context)
def read(self, id):
group_type = self._get_group_type(id.split('@')[0])
context = {'model': model, 'session': model.Session,
'user': c.user or c.author,
'schema': self._form_to_db_schema(group_type=type)}
data_dict = {'id': id}
q = c.q = request.params.get('q', '') # unicode format (decoded from utf8)
try:
c.group_dict = get_action('group_show')(context, data_dict)
c.group = context['group']
except NotFound:
abort(404, _('Group not found'))
except NotAuthorized:
abort(401, _('Unauthorized to read group %s') % id)
# Search within group
q += ' groups: "%s"' % c.group_dict.get('name')
try:
description_formatted = ckan.misc.MarkdownFormat().to_html(c.group_dict.get('description',''))
c.description_formatted = genshi.HTML(description_formatted)
except Exception, e:
error_msg = "<span class='inline-warning'>%s</span>" % _("Cannot render description")
c.description_formatted = genshi.HTML(error_msg)
def list(self, id):
context = {'model': model, 'session': model.Session,
'user': c.user or c.author, 'extras_as_string': True,
'for_view': True}
data_dict = {'id': id}
try:
logic.check_access('package_show', context, data_dict)
except logic.NotFound:
base.abort(404, base._('Dataset not found'))
except logic.NotAuthorized:
base.abort(401, base._('Not authorized to see this page'))
try:
c.pkg_dict = logic.get_action('package_show')(context, data_dict)
c.pkg = context['package']
c.resources_json = h.json.dumps(c.pkg_dict.get('resources',[]))
except logic.NotFound:
base.abort(404, base._('Dataset not found'))
except logic.NotAuthorized:
base.abort(401, base._('Unauthorized to read package %s') % id)
c.related_count = len(c.pkg.related)
c.num_followers = logic.get_action('dataset_follower_count')(context,
{'id': c.pkg_dict['id']})
# If the user is logged in set the am_following variable.
if c.user:
c.pkg_dict['am_following'] = logic.get_action('am_following_dataset')(
context, {'id': c.pkg.id})
return base.render( "package/related_list.html")
def vocabulary_update(context, data_dict):
model = context["model"]
vocab_id = data_dict.get("id")
if not vocab_id:
raise ValidationError({"id": _("id not in data")})
vocab = model.vocabulary.Vocabulary.get(vocab_id)
if vocab is None:
raise NotFound(_('Could not find vocabulary "%s"') % vocab_id)
data_dict["id"] = vocab.id
if data_dict.has_key("name"):
if data_dict["name"] == vocab.name:
del data_dict["name"]
check_access("vocabulary_update", context, data_dict)
schema = context.get("schema") or default_update_vocabulary_schema()
data, errors = validate(data_dict, schema, context)
if errors:
model.Session.rollback()
raise ValidationError(errors)
updated_vocab = vocabulary_dict_update(data, context)
if not context.get("defer_commit"):
model.repo.commit()
return vocabulary_dictize(updated_vocab, context)
def index(self):
group_type = None
context = {'model': model, 'session': model.Session,
'user': c.user or c.author, 'for_view': True,
'with_private': False}
q = c.q = request.params.get('q', '')
data_dict = {'all_fields': True, 'q': q}
sort_by = c.sort_by_selected = request.params.get('sort')
if sort_by:
data_dict['sort'] = sort_by
try:
self._check_access('site_read', context)
except NotAuthorized:
abort(401, _('Not authorized to see this page'))
if c.userobj:
context['user_id'] = c.userobj.id
context['user_is_admin'] = c.userobj.sysadmin
c.group_package_stuff = caching.cached_get_group_package_stuff()
##Removing groups without geojson for the map
c.group_map = []
for gp in c.group_package_stuff:
'''
Removed check for geojson data because in the new version this information
does not come from the group_list action and for now we are not using the map.
If we'll need this we should implement some caching functionality for this too.
'''
c.group_map.append(gp)
#print c.group_package_stuff
if c.userobj is not None:
msg = None
url = h.url_for(controller='user', action='edit')
is_google_id = \
c.userobj.name.startswith('https://www.google.com/accounts/o8/id')
if not c.userobj.email and (is_google_id and not c.userobj.fullname):
msg = _(u'Please <a href="{link}">update your profile</a>'
u' and add your email address and your full name. '
u'{site} uses your email address'
u' if you need to reset your password.'.format(
link=url, site=g.site_title))
elif not c.userobj.email:
msg = _('Please <a href="%s">update your profile</a>'
' and add your email address. ') % url + \
_('%s uses your email address'
' if you need to reset your password.') \
% g.site_title
elif is_google_id and not c.userobj.fullname:
msg = _('Please <a href="%s">update your profile</a>'
' and add your full name.') % (url)
if msg:
h.flash_notice(msg, allow_html=True)
return base.render('home/index.html', cache_force=True)
def resource_read(self, id, resource_id):
context = {'model': model, 'session': model.Session,
'user': c.user or c.author}
try:
c.resource = get_action('resource_show')(context, {'id': resource_id})
c.package = get_action('package_show')(context, {'id': id})
# required for nav menu
c.pkg = context['package']
c.resource_json = json.dumps(c.resource)
c.pkg_dict = c.package
except NotFound:
abort(404, _('Resource not found'))
except NotAuthorized:
abort(401, _('Unauthorized to read resource %s') % id)
# get package license info
license_id = c.package.get('license_id')
try:
c.package['isopen'] = model.Package.get_license_register()[license_id].isopen()
except KeyError:
c.package['isopen'] = False
# TODO: Find another way to get this action
action_name = 'resource_read'
# Get fields list for this action
report = model.Session.query(lightbaseDatasetReports).\
filter(lightbaseDatasetReports.dataset_action_id == lightbaseDatasetActions.dataset_action_id).\
filter(lightbaseDatasetReports.dataset_id == c.pkg_dict.get('id')).\
filter(lightbaseDatasetActions.action_name == action_name).all()
# Add fields to dict
report_dict = dict()
if len(report) > 0:
report_dict = report[0].fields_list
# Add it to page
identifier = report_dict.pop('identifier')
vars = {'report_dict': report_dict, 'identifier': identifier}
# Add results from elastic search
c.resource['elastic_search'] = self.before_view_resource(c.pkg_dict['name'], c.resource['name'])
# Get item name from description item
c.resource['description'] = c.resource['elastic_search'].get(report_dict.pop('description'))
# Get content from content item in dict
conteudo = plaintext2html(c.resource['elastic_search'].get(report_dict.pop('content')))
# Check if conteudo is nil
if not conteudo:
c.resource['conteudo'] = unicode('Nao disponivel')
else:
conteudo_html = fromstring(conteudo)
conteudo = tostring(conteudo_html)
c.resource['conteudo'] = unicode(conteudo)
return render('package/resource_read.html', extra_vars=vars)
def group_delete(context, data_dict):
group = get_group_object(context, data_dict)
user = context["user"]
if not new_authz.check_config_permission("user_delete_groups"):
return {"success": False, "msg": _("User %s not authorized to delete groups") % user}
authorized = new_authz.has_user_permission_for_group_or_org(group.id, user, "delete")
if not authorized:
return {"success": False, "msg": _("User %s not authorized to delete group %s") % (user, group.id)}
else:
return {"success": True}
def group_error_summary(error_dict):
error_summary = {}
for key, error in error_dict.iteritems():
if key == 'extras':
error_summary[_('Extras')] = _('Missing Value')
elif key == 'extras_validation':
error_summary[_('Extras')] = error[0]
else:
error_summary[_(prettify(key))] = error[0]
return error_summary
def group_error_summary(error_dict):
error_summary = {}
for key, error in error_dict.iteritems():
if key == "extras":
error_summary[_("Extras")] = _("Missing Value")
elif key == "extras_validation":
error_summary[_("Extras")] = error[0]
else:
error_summary[_(prettify(key))] = error[0]
return error_summary
def organization_delete(context, data_dict):
group = get_group_object(context, data_dict)
user = context['user']
if not new_authz.check_config_permission('user_delete_organizations'):
return {'success': False,
'msg': _('User %s not authorized to delete organizations') % user}
authorized = new_authz.has_user_permission_for_group_or_org(
group.id, user, 'delete')
if not authorized:
return {'success': False, 'msg': _('User %s not authorized to delete organization %s') % (user ,group.id)}
else:
return {'success': True}
def create(self):
if not self._check_access(model.System(), model.Action.PACKAGE_CREATE):
return json.dumps(_('Access denied'))
# Create a Package.
fs = self._get_standard_package_fieldset()
try:
request_data = self._get_request_data()
request_fa_dict = ckan.forms.edit_package_dict(ckan.forms.get_package_dict(fs=fs), request_data)
fs = fs.bind(model.Package, data=request_fa_dict, session=model.Session)
log.debug('Created object %s' % str(fs.name.value))
obj = fs.model
# Validate the fieldset.
validation = fs.validate()
if not validation:
# Complain about validation errors.
log.error('Validation error: %r' % repr(fs.errors))
response.write(self._finish(409, repr(fs.errors),
content_type='json'))
else:
try:
# Construct new revision.
rev = model.repo.new_revision()
rev.author = self.rest_api_user
rev.message = _(u'REST API: Create object %s') % str(fs.name.value)
# Construct catalogue entity.
fs.sync()
# Construct access control entities.
if self.rest_api_user:
admins = [model.User.by_name(self.rest_api_user.decode('utf8'))]
else:
admins = []
model.setup_default_user_roles(fs.model, admins)
for item in self.extensions:
item.create(fs.model)
# Commit
model.repo.commit()
# Set location header with new ID.
location = str('%s/%s' % (request.path, obj.id))
response.headers['Location'] = location
log.debug('Response headers: %r' % (response.headers))
response.write(self._finish_ok(
obj.as_dict(),
newly_created_resource_location=location))
except Exception, inst:
log.exception(inst)
model.Session.rollback()
log.error('Exception creating object %s: %r' % (str(fs.name.value), inst))
raise
except ValueError, inst:
response.status_int = 400
response.write(_(u'JSON Error: %s') % str(inst))
def read(self, id, url=''):
context = {'model': model, 'session': model.Session,
'user': c.user or c.author}
try:
resource = get_action('resource_show')(context, {'id': id})
self._make_redirect(id, url)
return ''
except NotFound:
abort(404, _('Resource not found'))
except NotAuthorized:
abort(401, _('Unauthorized to read resource %s') % id)
def related_update(context, data_dict):
model = context['model']
user = context['user']
if not user:
return {'success': False, 'msg': _('Only the owner can update a related item')}
related = get_related_object(context, data_dict)
userobj = model.User.get( user )
if not userobj or userobj.id != related.owner_id:
return {'success': False, 'msg': _('Only the owner can update a related item')}
return {'success': True}
def package_update(context, data_dict):
model = context["model"]
user = context.get("user")
package = get_package_object(context, data_dict)
check1 = check_access_old(package, model.Action.EDIT, context)
if not check1:
return {"success": False, "msg": _("User %s not authorized to edit package %s") % (str(user), package.id)}
else:
check2 = _check_group_auth(context, data_dict)
if not check2:
return {"success": False, "msg": _("User %s not authorized to edit these groups") % str(user)}
return {"success": True}
def package_update(context, data_dict):
model = context['model']
user = context.get('user')
package = get_package_object(context, data_dict)
check1 = logic.check_access_old(package, model.Action.EDIT, context)
if not check1:
return {'success': False, 'msg': _('User %s not authorized to edit package %s') % (str(user), package.id)}
else:
check2 = _check_group_auth(context,data_dict)
if not check2:
return {'success': False, 'msg': _('User %s not authorized to edit these groups') % str(user)}
return {'success': True}
def package_create(context, data_dict=None):
model = context["model"]
user = context["user"]
check1 = logic.check_access_old(model.System(), model.Action.PACKAGE_CREATE, context)
if not check1:
return {"success": False, "msg": _("User %s not authorized to create packages") % str(user)}
else:
check2 = _check_group_auth(context, data_dict)
if not check2:
return {"success": False, "msg": _("User %s not authorized to edit these groups") % str(user)}
return {"success": True}
def package_create(context, data_dict=None):
model = context['model']
user = context['user']
check1 = logic.check_access_old(model.System(), model.Action.PACKAGE_CREATE, context)
if not check1:
return {'success': False, 'msg': _('User %s not authorized to create packages') % str(user)}
else:
check2 = _check_group_auth(context,data_dict)
if not check2:
return {'success': False, 'msg': _('User %s not authorized to edit these groups') % str(user)}
return {'success': True}
def report_action(self, id, data=None, errors=None, error_summary=None):
"""
Reports action page
"""
# Setup dataset information
package_type = self._get_package_type(id.split("@")[0])
# context = {'model': model, 'session': model.Session,
# 'user': c.user or c.author, 'extras_as_string': True,
# 'schema': self._form_to_db_schema(package_type=package_type)}
context = {
"model": model,
"session": model.Session,
"save": "save" in request.params,
"user": c.user or c.author,
"extras_as_string": True,
}
data_dict = {"id": id}
# check if package exists
try:
c.pkg_dict = get_action("package_update")(context, data_dict)
c.pkg = context["package"]
c.pkg_json = json.dumps(c.pkg_dict)
except NotFound:
abort(404, _("Dataset not found"))
except NotAuthorized:
abort(401, _("Unauthorized to edit package %s") % id)
data = data or clean_dict(unflatten(tuplize_dict(parse_params(request.params, ignore_keys=[CACHE_PARAMETER]))))
errors = errors or {}
error_summary = error_summary or {}
vars = {"data": data, "errors": errors, "error_summary": error_summary}
# Save data if requested
if context.get("save") and data:
result = self._save_report_action_new(data)
# Return error message
if not result:
errors["name"] = "Insertion error"
error_summary[_(u"Ação")] = _(u"Erro inserindo elemento na base de dados")
# Add actual reports actions information
data["actions"] = model.Session.query(lightbaseDatasetActions).all()
self._setup_template_variables(context, {"id": id})
c.form = render("package/reports/actions_new_form.html", extra_vars=vars)
return render("package/reports/actions_new.html")
def harvest_source_create(context,data_dict):
model = context['model']
user = context.get('user','')
# Non-logged users can not create sources
if not user:
return {'success': False, 'msg': _('Non-logged in users are not authorized to create harvest sources')}
# Sysadmins and the rest of logged users can create sources,
# as long as they belong to a publisher
user_obj = User.get(user)
if not user_obj or not Authorizer().is_sysadmin(user) and len(user_obj.get_groups(u'publisher')) == 0:
return {'success': False, 'msg': _('User %s must belong to a publisher to create harvest sources') % str(user)}
else:
return {'success': True}
def read(self, id, format='html'):
if not format == 'html':
ctype, extension, loader = \
self._content_type_from_extension(format)
if not ctype:
# An unknown format, we'll carry on in case it is a
# revision specifier and re-constitute the original id
id = "%s.%s" % (id, format)
ctype, format, loader = "text/html; charset=utf-8", "html", \
MarkupTemplate
else:
ctype, format, loader = self._content_type_from_accept()
response.headers['Content-Type'] = ctype
package_type = self._get_package_type(id.split('@')[0])
context = {
'model': model,
'session': model.Session,
'user': c.user or c.author,
'for_view': True,
'auth_user_obj': c.userobj
}
data_dict = {'id': id}
# interpret @<revision_id> or @<date> suffix
split = id.split('@')
if len(split) == 2:
data_dict['id'], revision_ref = split
if model.is_id(revision_ref):
context['revision_id'] = revision_ref
else:
try:
date = h.date_str_to_datetime(revision_ref)
context['revision_date'] = date
except TypeError, e:
abort(400, _('Invalid revision format: %r') % e.args)
except ValueError, e:
abort(400, _('Invalid revision format: %r') % e.args)
def group_create(context, data_dict=None):
"""
Group create permission. If a group is provided, within which we want to create a group
then we check that the user is within that group. If not then we just say Yes for now
although there may be some approval issues elsewhere.
"""
model = context['model']
user = context['user']
if not user:
return {
'success': False,
'msg': _('User is not authorized to create groups')
}
if Authorizer.is_sysadmin(user):
return {'success': True}
try:
# If the user is doing this within another group then we need to make sure that
# the user has permissions for this group.
group = get_group_object(context)
except NotFound:
return {'success': True}
userobj = model.User.get(user)
if not userobj:
return {
'success': False,
'msg': _('User %s not authorized to create groups') % str(user)
}
authorized = _groups_intersect(userobj.get_groups('publisher'), [group])
if not authorized:
return {
'success': False,
'msg': _('User %s not authorized to create groups') % str(user)
}
else:
return {'success': True}
def site_read(context, data_dict):
"""\
This function should be deprecated. It is only here because we couldn't
get hold of Friedrich to ask what it was for.
./ckan/controllers/api.py
"""
model = context['model']
user = context.get('user')
if not Authorizer().is_authorized(user, model.Action.SITE_READ, model.System):
return {'success': False, 'msg': _('Not authorized to see this page')}
return {'success': True}
def task_status_delete(context, data_dict):
model = context['model']
user = context['user']
authorized = Authorizer().is_sysadmin(unicode(user))
if not authorized:
return {
'success': False,
'msg':
_('User %s not authorized to delete task_status') % str(user)
}
else:
return {'success': True}
def package_create(context, data_dict=None):
model = context['model']
user = context['user']
check1 = logic.check_access_old(model.System(),
model.Action.PACKAGE_CREATE, context)
if not check1:
return {
'success': False,
'msg': _('User %s not authorized to create packages') % str(user)
}
else:
check2 = _check_group_auth(context, data_dict)
if not check2:
return {
'success': False,
'msg':
_('User %s not authorized to edit these groups') % str(user)
}
return {'success': True}
def fao_m49_regions(key, flattened_data, errors, context):
# we use extended api to update data dict in-place
# this way we avoid various errors in harvesters,
# which don't populate extras properly
value = flattened_data[key]
if isinstance(value, Missing) or value is None:
flattened_data[key] = []
else:
value = _deserialize_from_array(value)
validated = []
try:
v = Vocabulary.get(Vocabulary.VOCABULARY_M49_REGIONS)
for term in value:
if not v.valid_term(term):
errors[key].append(
ValueError(_("Term not valid: {}").format(term)))
break
validated.append(term)
flattened_data[key] = validated
except Exception, err:
errors[key].append(
Invalid(_("Invalid m49 regions: {} {}").format(value, err)))
def harvest_source_create(context, data_dict):
model = context['model']
user = context.get('user')
if not Authorizer().is_sysadmin(user):
return {
'success':
False,
'msg':
_('User %s not authorized to create harvest sources') % str(user)
}
else:
return {'success': True}
def user_create(context, data_dict=None):
model = context['model']
user = context['user']
authorized = check_access_old(model.System(), model.Action.USER_CREATE,
context)
if not authorized:
return {
'success': False,
'msg': _('User %s not authorized to create users') % str(user)
}
else:
return {'success': True}
def hdx_send_mail_contributor(context, data_dict):
'''
Only a logged in user has access.
'''
user_obj = context.get('auth_user_obj') or context.get('user_obj')
if user_obj:
return {'success': True}
return {
'success': False,
'msg': _('Not authorized to perform this request')
}
def group_show(context, data_dict):
""" Group show permission checks the user group if the state is deleted """
model = context['model']
user = context.get('user')
group = get_group_object(context, data_dict)
userobj = model.User.get( user )
if group.state == 'deleted':
if not user or \
not _groups_intersect( userobj.get_groups('organization'), group.get_groups('organization') ):
return {'success': False, 'msg': _('User %s not authorized to show group %s') % (str(user),group.id)}
return {'success': True}
def term_translation_update(context, data_dict):
model = context['model']
user = context['user']
if 'ignore_auth' in context and context['ignore_auth']:
return {'success': True}
authorized = Authorizer().is_sysadmin(unicode(user))
if not authorized:
return {'success': False, 'msg': _('User %s not authorized to update term_translation table') % str(user)}
else:
return {'success': True}
def resource_create(context, data_dict):
# resource_create runs through package_update, no need to
# check users eligibility to add resource to package here.
model = context['model']
user = context['user']
userobj = model.User.get(user)
if userobj:
return {'success': True}
return {
'success': False,
'msg': _('You must be logged in to create a resource')
}
def related_delete(context, data_dict):
model = context['model']
user = context['user']
userobj = model.User.get( user )
if not user or not userobj:
return {'success': False, 'msg': _('Only the owner can delete a related item')}
if Authorizer().is_sysadmin(unicode(user)):
return {'success': True}
related = get_related_object(context, data_dict)
if related.datasets:
package = related.datasets[0]
if _groups_intersect( userobj.get_groups('organization'), package.get_groups('organization') ):
return {'success': True}
if not userobj or userobj.id != related.owner_id:
return {'success': False, 'msg': _('Only the owner can delete a related item')}
return {'success': True}
def user_extra_create(context, data_dict):
'''
A user has access only to his own metainformation (user_extra).
'''
user_obj = context.get('auth_user_obj') or context.get('user_obj')
if user_obj and user_obj.id == data_dict.get('user_id', ''):
return {'success': True}
return {
'success': False,
'msg': _('Not authorized to perform this request')
}
def package_update(context, data_dict):
model = context['model']
user = context['user']
id = data_dict["id"]
schema = context.get('schema') or default_update_package_schema()
model.Session.remove()
model.Session()._context = context
pkg = model.Package.get(id)
context["package"] = pkg
if pkg is None:
raise NotFound(_('Package was not found.'))
data_dict["id"] = pkg.id
check_access('package_update', context, data_dict)
data, errors = validate(data_dict, schema, context)
if errors:
model.Session.rollback()
raise ValidationError(errors, package_error_summary(errors))
rev = model.repo.new_revision()
rev.author = user
if 'message' in context:
rev.message = context['message']
else:
rev.message = _(u'REST API: Update object %s') % data.get("name")
pkg = package_dict_save(data, context)
for item in PluginImplementations(IPackageController):
item.edit(pkg)
if not context.get('defer_commit'):
model.repo.commit()
return package_dictize(pkg, context)
def new(self):
record = model.Group
c.error = ''
try:
context = {'model': model, 'user': c.user or c.author}
check_access('group_create', context)
except NotAuthorized:
abort(401, _('Unauthorized to create a group'))
is_admin = self.authorizer.is_sysadmin(c.user)
fs = ckan.forms.get_group_fieldset(is_admin=is_admin)
if request.params.has_key('save'):
rev = model.repo.new_revision()
rev.author = c.author
# needed because request is nested
# multidict which is read only
params = dict(request.params)
c.fs = fs.bind(record, data=params or None, session=model.Session)
try:
self._update(c.fs, id, record.id)
except ValidationException, error:
fs = error.args[0]
c.form = self._render_edit_form(fs)
return render('group/edit.html')
# do not use groupname from id as may have changed
c.groupname = c.fs.name.value
c.grouptitle = c.fs.title.value
group = model.Group.get(c.groupname)
assert group
admins = []
user = model.User.by_name(c.user)
admins = [user]
model.setup_default_user_roles(group, admins)
group = model.Group.get(c.groupname)
pkgs = [
model.Package.by_name(name)
for name in request.params.getall('Group-packages-current')
]
group.packages = pkgs
pkgnames = request.params.getall('PackageGroup--package_name')
for pkgname in pkgnames:
if pkgname:
package = model.Package.by_name(pkgname)
if package and package not in group.packages:
group.packages.append(package)
for extension in self.extensions:
extension.create(group)
model.repo.commit_and_remove()
h.redirect_to(controller='group', action='read', id=c.groupname)
def group_update(context, data_dict):
"""
Group edit permission. Checks that a valid user is supplied and that the user is
a member of the group currently with any capacity.
"""
model = context['model']
user = context.get('user', '')
group = get_group_object(context, data_dict)
if not user:
return {
'success':
False,
'msg':
_('Only members of this group are authorized to edit this group')
}
# Sys admins should be allowed to update groups
if Authorizer().is_sysadmin(unicode(user)):
return {'success': True}
# Only allow package update if the user and package groups intersect
userobj = model.User.get(user)
if not userobj:
return {
'success': False,
'msg': _('Could not find user %s') % str(user)
}
# Only admins of this group should be able to update this group
if not _groups_intersect(userobj.get_groups('organization', 'admin'),
[group]):
return {
'success': False,
'msg': _('User %s not authorized to edit this group') % str(user)
}
return {'success': True}
def group_delete(context, data_dict):
"""
Group delete permission. Checks that the user specified is within the group to be deleted
and also have 'admin' capacity.
"""
model = context['model']
user = context['user']
if not user:
return {
'success':
False,
'msg':
_('Only members of this group are authorized to delete this group')
}
group = get_group_object(context, data_dict)
userobj = model.User.get(user)
if not userobj:
return {
'success':
False,
'msg':
_('Only members of this group are authorized to delete this group')
}
authorized = _groups_intersect(userobj.get_groups('organization', 'admin'),
[group])
if not authorized:
return {
'success':
False,
'msg':
_('User %s not authorized to delete group %s') %
(str(user), group.id)
}
else:
return {'success': True}
def rating_create(context, data_dict):
model = context['model']
user = context.get("user")
package_ref = data_dict.get('package')
rating = data_dict.get('rating')
opts_err = None
if not package_ref:
opts_err = _(
'You must supply a package id or name (parameter "package").')
elif not rating:
opts_err = _('You must supply a rating (parameter "rating").')
else:
try:
rating_int = int(rating)
except ValueError:
opts_err = _('Rating must be an integer value.')
else:
package = model.Package.get(package_ref)
if rating < ratings.MIN_RATING or rating > ratings.MAX_RATING:
opts_err = _('Rating must be between %i and %i.') % (
ratings.MIN_RATING, ratings.MAX_RATING)
elif not package:
opts_err = _(
'Package with name %r does not exist.') % package_ref
if opts_err:
raise ValidationError(opts_err)
user = model.User.by_name(user)
ratings.set_rating(user, package, rating_int)
package = model.Package.get(package_ref)
ret_dict = {
'rating average': package.get_average_rating(),
'rating count': len(package.ratings)
}
return ret_dict
def related_create(context, data_dict=None):
model = context['model']
user = context['user']
userobj = model.User.get(user)
if not userobj:
return {
'success': False,
'msg': _('You must be logged in to add a related item')
}
if 'dataset_id' in data_dict:
# If this is to be associated with a dataset then we need to make sure that
# the user doing so is a member of that group
dataset = model.Package.get(data_dict['dataset_id'])
if dataset and not _groups_intersect(userobj.get_groups(),
dataset.get_groups()):
return {
'success': False,
'msg': _('You do not have permission to create an item')
}
return {'success': True}
def edit(self, id=None): # allow id=None to allow posting
c.error = ''
group = model.Group.get(id)
if group is None:
abort(404, '404 Not Found')
am_authz = self.authorizer.am_authorized(c, model.Action.EDIT, group)
if not am_authz:
abort(401, _('User %r not authorized to edit %r') % (c.user, id))
auth_for_change_state = self.authorizer.am_authorized(c, model.Action.CHANGE_STATE, group)
if not 'save' in request.params:
c.group = group
c.groupname = group.name
c.grouptitle = group.title
fs = forms.get_group_fieldset(is_admin=auth_for_change_state).bind(c.group)
c.form = self._render_edit_form(fs)
return render('group/edit.html')
else:
rev = model.repo.new_revision()
rev.author = c.author
# id is the name (pre-edited state)
c.groupname = id
# needed because request is nested
# multidict which is read only
params = dict(request.params)
fs = ckan.forms.get_group_fieldset(is_admin=auth_for_change_state)
c.fs = fs.bind(group, data=params or None)
try:
self._update(c.fs, id, group.id)
# do not use groupname from id as may have changed
c.groupname = c.fs.name.value
c.grouptitle = c.fs.title.value
except ValidationException, error:
fs = error.args[0]
c.form = self._render_edit_form(fs)
return render('group/edit.html')
pkgs = [model.Package.by_name(name) for name in request.params.getall('Group-packages-current')]
group.packages = pkgs
pkgnames = request.params.getall('PackageGroup--package_name')
for pkgname in pkgnames:
if pkgname:
package = model.Package.by_name(pkgname)
if package and package not in group.packages:
group.packages.append(package)
for extension in self.extensions:
extension.edit(group)
model.repo.commit_and_remove()
h.redirect_to(controller='group', action='read', id=c.groupname)
def revision_change_state(context, data_dict):
model = context['model']
user = context['user']
authorized = Authorizer().is_sysadmin(unicode(user))
if not authorized:
return {
'success':
False,
'msg':
_('User %s not authorized to change state of revision') % str(user)
}
else:
return {'success': True}
def package_show(context, data_dict):
user = context.get('user')
package = get_package_object(context, data_dict)
labels = get_permission_labels()
user_labels = labels.get_user_dataset_labels(context['auth_user_obj'])
authorized = any(
dl in user_labels for dl in labels.get_dataset_labels(package))
if not authorized:
return {
'success': False,
'msg': _('User %s not authorized to read package %s') % (user, package.id)}
else:
return {'success': True}
def group_member_create(context, data_dict):
try:
group_dict = tk.get_action('organization_show')(context, {
'id': data_dict['id']
})
# if the above call returns we already know it is an organization
# otherwise a NotFound is raised
return create.group_member_create(context, data_dict)
except logic.NotFound:
# means the specific group is surely not an org or doesn't exist at all
return {
'success': False,
'msg': _('Nobody can add a member to a country in HDX')
}
def harvest_job_create_all(context, data_dict):
model = context['model']
user = context.get('user')
if not ckan.new_authz.is_sysadmin(user):
return {
'success':
False,
'msg':
_('Only sysadmins can create harvest jobs for all sources') %
str(user)
}
else:
return {'success': True}
def _post_feedback(self):
'''
Redirects the user to the home page and flashes a message,
acknowledging the feedback.
'''
context = {
'name': request.params['name'],
'email': request.params['email'],
'feedback': request.params['feedback']
}
feedback.send_feedback(context)
h.flash_notice(_('Thank you for your feedback'))
h.redirect_to(controller='home', action='index')
return
def report_delete(self,
id,
report_id,
data=None,
errors=None,
error_summary=None):
"""
Controller to delete a report
"""
# Setup dataset information
package_type = self._get_package_type(id.split('@')[0])
context = {
'model': model,
'session': model.Session,
'user': c.user or c.author,
'extras_as_string': True,
'schema': self._form_to_db_schema(package_type=package_type),
'save': 'save' in request.params
}
data_dict = {'id': id, 'report_id': report_id}
#check if package exists
try:
c.pkg_dict = get_action('package_show')(context, data_dict)
c.pkg = context['package']
c.pkg_json = json.dumps(c.pkg_dict)
except NotFound:
abort(404, _('Dataset not found'))
except NotAuthorized:
abort(401, _('Unauthorized to read package %s') % id)
# Only package admins can see this page
try:
check_access('package_update', context)
except NotAuthorized, e:
abort(401, _('User %r not authorized to edit %s') % (c.user, id))
def package_delete(context, data_dict):
"""
Delete a package permission. User must be in at least one group that that
package is also in.
"""
model = context['model']
user = context['user']
package = get_package_object(context, data_dict)
userobj = model.User.get( user )
if not userobj or \
not _groups_intersect( userobj.get_groups('organization'), package.get_groups('organization') ):
return {'success': False,
'msg': _('User %s not authorized to delete packages in these group') % str(user)}
return {'success': True}
def resource_delete(context, data_dict):
model = context['model']
user = context.get('user')
resource = get_resource_object(context, data_dict)
# check authentication against package
pkg = model.Package.get(resource.package_id)
if not pkg:
raise logic.NotFound(
_('No package found for this resource, cannot check auth.'))
pkg_dict = {'id': pkg.id}
authorized = package_delete(context, pkg_dict).get('success')
if not authorized:
return {
'success':
False,
'msg':
_('User %s not authorized to delete resource %s') %
(user, resource.id)
}
else:
return {'success': True}
def _followee_list(context, data_dict):
model = context['model']
# Visitors cannot see what users are following.
authorized_user = model.User.get(context.get('user'))
if not authorized_user:
return {'success': False, 'msg': _('Not authorized')}
# Any user is authorized to see what she herself is following.
requested_user = model.User.get(data_dict.get('id'))
if authorized_user == requested_user:
return {'success': True}
# Sysadmins are authorized to see what anyone is following.
return sysadmin(context, data_dict)
