def member_create(context, data_dict):
group = logic_auth.get_group_object(context, data_dict)
if group.type == 'topics':
return {'success': True}
else:
return create.member_create(context, data_dict)
def member_delete(context, data_dict):
'''
Overriding default member_delete to allow a user to delete himself as a member
'''
authenticated_user = context.get('auth_user_obj')
if data_dict.get('object_type') == 'user':
user_id_to_be_removed = data_dict.get('object')
if user_id_to_be_removed == authenticated_user.id or user_id_to_be_removed == authenticated_user.name:
return {'success': True}
return _auth_create.member_create(context, data_dict)
def member_create_check_authorized(context, data_dict):
'''Overwrite core authorization logic for member_create.
It only deals with cases where the group is thematic, and the member
a package. The rest are delegated to the core authorization function.
'''
group = p.toolkit.get_action('group_show')(context, {
'id': data_dict.get('id'),
})
if group.get('is_organization') or not context.get('package'):
return create_auth.member_create(context, data_dict)
else:
user = context.get('user')
# Looking for any organization's user, has at least editor rights. If none exists
# he cannot edit a thematic group
organizations = p.toolkit.get_action('organization_list_for_user')(
context, {
'permission': 'update_dataset'
})
if not organizations:
return {
'success':
False,
'msg':
_('User %s is not authorized to edit any thematic group') %
(user)
}
# Checking that the user has at least editor's rights for the organization in which
# the package belongs to.
else:
package_org = context.get('package').owner_org
package_id = context.get('package').id
if package_org not in [x.get('id') for x in organizations]:
return {
'success':
False,
'msg':
_('User %s is not authorized to edit package %s') %
(user, package_id)
}
else:
return {'success': True}
def member_create_check_authorized(context, data_dict):
'''Overwrite core authorization logic for member_create.
It only deals with cases where the group is thematic, and the member
a package. The rest are delegated to the core authorization function.
'''
group = p.toolkit.get_action('group_show')(context, {
'id': data_dict.get('id'),
})
if group.get('is_organization') or not context.get('package'):
return create_auth.member_create(context, data_dict)
else:
user = context.get('user')
# Looking for any organization's user, has at least editor rights. If none exists
# he cannot edit a thematic group
organizations = p.toolkit.get_action('organization_list_for_user')(context, {
'permission': 'update_dataset'
})
if not organizations:
return {'success': False,
'msg': _('User %s is not authorized to edit any thematic group') %
(user)}
# Checking that the user has at least editor's rights for the organization in which
# the package belongs to.
else:
package_org = context.get('package').owner_org
package_id = context.get('package').id
if package_org not in [x.get('id') for x in organizations]:
return {'success': False,
'msg': _('User %s is not authorized to edit package %s') %
(user, package_id)}
else:
return {'success': True}
def member_delete(context, data_dict):
return _auth_create.member_create(context, data_dict)
def member_delete(context, data_dict):
return _auth_create.member_create(context, data_dict)
def member_delete(context, data_dict):
if authz.config.get('ckan.gov_theme.is_back'):
return _auth_create.member_create(context, data_dict)
else:
return {'success': False}
