def datahub_package_create(context, data_dict):
from ckan.logic.auth.create import _check_group_auth
if authz.is_sysadmin(context.get('user')):
return {'success': True}
user = context['user']
if not authz.auth_is_registered_user():
if '/new' in c.environ['PATH_INFO']:
h.redirect_to(CREATE_DATASET_HELP_PAGE)
else:
return {'success': False, 'msg': _('You must login to create a dataset')}
check1 = authz.check_config_permission('create_dataset_if_not_in_organization') \
or authz.check_config_permission('create_unowned_dataset')
#if not authorized and not a part of any org, redirect to help page on how to join one
if not check1 and not authz.has_user_permission_for_some_org(user, 'create_dataset'):
if '/new' in c.environ['PATH_INFO']:
h.redirect_to(CREATE_DATASET_HELP_PAGE)
else:
return {'success': False, 'msg': _('User %s not authorized to create packages') % user}
check2 = _check_group_auth(context,data_dict)
if not check2 and not check1:
return {'success': False, 'msg': _('User %s not authorized to edit these groups') % user}
# If an organization is given are we able to add a dataset to it?
data_dict = data_dict or {}
org_id = data_dict.get('organization_id')
if org_id and not authz.has_user_permission_for_group_or_org(
org_id, user, 'create_dataset'):
return {'success': False, 'msg': _('User %s not authorized to add dataset to this organization') % user}
return {'success': True}
def package_create(context, data_dict=None):
import ckan.new_authz as new_authz
from ckan.logic.auth.create import _check_group_auth
user = context['user']
if new_authz.auth_is_anon_user(context):
check1 = new_authz.check_config_permission('anon_create_dataset')
else:
# CKAN default options that grant any user rights to create datasets removed here.
check1 = new_authz.has_user_permission_for_some_org(user, 'create_dataset')
if not check1:
return {'success': False, 'msg': _('User %s not authorized to create packages') % user}
check2 = _check_group_auth(context,data_dict)
if not check2:
return {'success': False, 'msg': _('User %s not authorized to edit these groups') % user}
# If an organization is given are we able to add a dataset to it?
data_dict = data_dict or {}
org_id = data_dict.get('organization_id')
if org_id and not new_authz.has_user_permission_for_group_or_org(org_id, user, 'create_dataset'):
return {'success': False, 'msg': _('User %s not authorized to add dataset to this organization') % user}
# Note the default value True except when we're actually trying to create a new dataset...
if data_dict:
org_id = data_dict.get('owner_org')
if org_id and not new_authz.has_user_permission_for_group_or_org(org_id, user, 'create_dataset'):
return {'success': False, 'msg': _('User %s not authorized to add dataset to this organization') % user}
elif not org_id:
return {'success': False}
return {'success': True}
def package_create(context, data_dict=None):
user = context['user']
if new_authz.auth_is_anon_user(context):
check1 = all(new_authz.check_config_permission(p) for p in (
'anon_create_dataset',
'create_dataset_if_not_in_organization',
'create_unowned_dataset',
))
else:
check1 = all(new_authz.check_config_permission(p) for p in (
'create_dataset_if_not_in_organization',
'create_unowned_dataset',
)) or new_authz.has_user_permission_for_some_org(
user, 'create_dataset')
if not check1:
return {'success': False, 'msg': _('User %s not authorized to create packages') % user}
check2 = _check_group_auth(context,data_dict)
if not check2:
return {'success': False, 'msg': _('User %s not authorized to edit these groups') % user}
# If an organization is given are we able to add a dataset to it?
data_dict = data_dict or {}
org_id = data_dict.get('owner_org')
if org_id and not new_authz.has_user_permission_for_group_or_org(
org_id, user, 'create_dataset'):
return {'success': False, 'msg': _('User %s not authorized to add dataset to this organization') % user}
return {'success': True}
def datahub_package_create(context, data_dict):
from ckan.logic.auth.create import _check_group_auth
if new_authz.is_sysadmin(context.get('user')):
return {'success': True}
user = context['user']
if not new_authz.auth_is_registered_user():
return {'success': False, 'msg': _('You must login to create a dataset')}
else:
check1 = new_authz.check_config_permission('create_dataset_if_not_in_organization') \
or new_authz.check_config_permission('create_unowned_dataset')
if not check1 and not new_authz.has_user_permission_for_some_org(user, 'create_dataset'):
h.redirect_to('/pages/requesting-an-organization')
if not check1:
return {'success': False, 'msg': _('User %s not authorized to create packages') % user}
check2 = _check_group_auth(context,data_dict)
if not check2:
return {'success': False, 'msg': _('User %s not authorized to edit these groups') % user}
# If an organization is given are we able to add a dataset to it?
data_dict = data_dict or {}
org_id = data_dict.get('organization_id')
if org_id and not new_authz.has_user_permission_for_group_or_org(
org_id, user, 'create_dataset'):
return {'success': False, 'msg': _('User %s not authorized to add dataset to this organization') % user}
return {'success': True}
def package_create(context, data_dict=None):
user = context['user']
user_roles = user_custom_roles(context, data_dict)
if 'datovy-kurator' in user_roles:
return {'success': True}
if new_authz.auth_is_anon_user(context):
check1 = all(new_authz.check_config_permission(p) for p in (
'anon_create_dataset',
'create_dataset_if_not_in_organization',
'create_unowned_dataset',
))
else:
check1 = all(new_authz.check_config_permission(p) for p in (
'create_dataset_if_not_in_organization',
'create_unowned_dataset',
)) or new_authz.has_user_permission_for_some_org(
user, 'create_dataset')
if not check1:
return {'success': False, 'msg': _('User %s not authorized to create packages') % user}
check2 = _check_group_auth(context,data_dict)
if not check2:
return {'success': False, 'msg': _('User %s not authorized to edit these groups') % user}
# If an organization is given are we able to add a dataset to it?
data_dict = data_dict or {}
org_id = data_dict.get('owner_org')
if org_id and not new_authz.has_user_permission_for_group_or_org(
org_id, user, 'create_dataset'):
return {'success': False, 'msg': _('User %s not authorized to add dataset to this organization') % user}
return {'success': True}
def export_csv(context, data_dict):
'''Check if the user has admin rights in some org'''
from ckan import new_authz
user_name = context.get('user')
if user_name:
check = new_authz.has_user_permission_for_some_org(user_name, 'admin')
if check:
return {'success': True}
return {'success': False}
def package_create(context, data_dict=None):
import ckan.new_authz as new_authz
from ckan.logic.auth.create import _check_group_auth
user = context['user']
if new_authz.auth_is_anon_user(context):
check1 = new_authz.check_config_permission(
'anon_create_dataset')
else:
# CKAN default options that grant any user rights to create datasets removed here.
check1 = new_authz.has_user_permission_for_some_org(
user, 'create_dataset')
if not check1:
return {
'success': False,
'msg':
_('User %s not authorized to create packages') % user
}
check2 = _check_group_auth(context, data_dict)
if not check2:
return {
'success': False,
'msg':
_('User %s not authorized to edit these groups') % user
}
# If an organization is given are we able to add a dataset to it?
data_dict = data_dict or {}
org_id = data_dict.get('organization_id')
if org_id and not new_authz.has_user_permission_for_group_or_org(
org_id, user, 'create_dataset'):
return {
'success':
False,
'msg':
_('User %s not authorized to add dataset to this organization'
) % user
}
# Note the default value True except when we're actually trying to create a new dataset...
if data_dict:
org_id = data_dict.get('owner_org')
if org_id and not new_authz.has_user_permission_for_group_or_org(
org_id, user, 'create_dataset'):
return {
'success':
False,
'msg':
_('User %s not authorized to add dataset to this organization'
) % user
}
elif not org_id:
return {'success': False}
return {'success': True}
def new_has_user_permission_for_group_or_org(group_id_or_name, user_name, permission):
sup = old_has_user_permission_for_group_or_org(group_id_or_name, user_name, permission)
if sup:
return True
# Get group
if not group_id_or_name:
return False
group = model.Group.get(group_id_or_name)
if not group:
return False
is_admin_somewhere = new_authz.has_user_permission_for_some_org(user_name, 'admin')
is_editor_somewhere = new_authz.has_user_permission_for_some_org(user_name, 'editor')
# Allow organization admins & editors to add and remove packages from groups (categories)
if (is_admin_somewhere or is_editor_somewhere) and group.type == 'group':
return True
return False
def package_create(fb, context, data_dict):
user = context['auth_user_obj']
if data_dict and 'owner_org' in data_dict:
role = users_role_for_group_or_org(data_dict['owner_org'], user.name)
if role == 'member':
return {'success': True}
else:
# If there is no organization, then this should return success if the user can create datasets for *some*
# organisation (see the ckan implementation), so either if anonymous packages are allowed or if we have
# member status in any organization.
if has_user_permission_for_some_org(user.name, 'read'):
return {'success': True}
return fb(context, data_dict)
def datahub_package_create(context, data_dict):
from ckan.logic.auth.create import _check_group_auth
if new_authz.is_sysadmin(context.get('user')):
return {'success': True}
user = context['user']
if not new_authz.auth_is_registered_user():
if '/new' in c.environ['PATH_INFO']:
h.redirect_to(CREATE_DATASET_HELP_PAGE)
else:
return {
'success': False,
'msg': _('You must login to create a dataset')
}
check1 = new_authz.check_config_permission('create_dataset_if_not_in_organization') \
or new_authz.check_config_permission('create_unowned_dataset')
#if not authorized and not a part of any org, redirect to help page on how to join one
if not check1 and not new_authz.has_user_permission_for_some_org(
user, 'create_dataset'):
if '/new' in c.environ['PATH_INFO']:
h.redirect_to(CREATE_DATASET_HELP_PAGE)
else:
return {
'success': False,
'msg': _('User %s not authorized to create packages') % user
}
check2 = _check_group_auth(context, data_dict)
if not check2 and not check1:
return {
'success': False,
'msg': _('User %s not authorized to edit these groups') % user
}
# If an organization is given are we able to add a dataset to it?
data_dict = data_dict or {}
org_id = data_dict.get('organization_id')
if org_id and not new_authz.has_user_permission_for_group_or_org(
org_id, user, 'create_dataset'):
return {
'success':
False,
'msg':
_('User %s not authorized to add dataset to this organization') %
user
}
return {'success': True}
def package_create(context, data_dict):
user = context['auth_user_obj']
if data_dict and 'owner_org' in data_dict:
role = users_role_for_group_or_org(data_dict['owner_org'], user.name)
if role == 'member':
return {'success': True}
else:
# If there is no organization, then this should return success if the user can create datasets for *some*
# organisation (see the ckan implementation), so either if anonymous packages are allowed or if we have
# member status in any organization.
if has_user_permission_for_some_org(user.name, 'read'):
return {'success': True}
fallback = get_default_auth('create', 'package_create')
return fallback(context, data_dict)
def new_has_user_permission_for_group_or_org(group_id_or_name,
user_name, permission):
sup = old_has_user_permission_for_group_or_org(
group_id_or_name, user_name, permission)
if sup:
return True
# Get group
if not group_id_or_name:
return False
group = model.Group.get(group_id_or_name)
if not group:
return False
is_admin_somewhere = new_authz.has_user_permission_for_some_org(
user_name, 'admin')
can_create_dataset_somewhere = new_authz.has_user_permission_for_some_org(
user_name, 'create_dataset')
# Allow organization admins & editors to add and remove packages from groups (categories)
if (is_admin_somewhere
or can_create_dataset_somewhere) and group.type == 'group':
return True
return False
def package_create(context, data_dict=None):
user = context['user']
if not new_authz.auth_is_registered_user():
check1 = new_authz.check_config_permission('anon_create_dataset')
else:
check1 = new_authz.check_config_permission('create_dataset_if_not_in_organization') \
or new_authz.has_user_permission_for_some_org(user, 'create_dataset')
if not check1:
return {'success': False, 'msg': _('User %s not authorized to create packages') % user}
else:
check2 = _check_group_auth(context,data_dict)
if not check2:
return {'success': False, 'msg': _('User %s not authorized to edit these groups') % str(user)}
return {'success': True}
def package_create(context, data_dict=None):
user = context['user']
if not new_authz.auth_is_registered_user():
check1 = new_authz.check_config_permission('anon_create_dataset')
else:
check1 = new_authz.check_config_permission('create_dataset_if_not_in_organization') \
or new_authz.has_user_permission_for_some_org(user, 'create_dataset')
if not check1:
return {'success': False, 'msg': _('User %s not authorized to create packages') % user}
else:
check2 = _check_group_auth(context,data_dict)
if not check2:
return {'success': False, 'msg': _('User %s not authorized to edit these groups') % str(user)}
return {'success': True}
def package_update(context, data_dict):
user = context.get('user')
package = logic_auth.get_package_object(context, data_dict)
if package.owner_org:
# if there is an owner org then we must have update_dataset
# permission for that organization
check1 = new_authz.has_user_permission_for_group_or_org(
package.owner_org, user, 'update_dataset')
else:
# If dataset is not owned then we can edit if config permissions allow
if new_authz.auth_is_anon_user(context):
check1 = all(
new_authz.check_config_permission(p) for p in (
'anon_create_dataset',
'create_dataset_if_not_in_organization',
'create_unowned_dataset',
))
else:
check1 = all(
new_authz.check_config_permission(p) for p in (
'create_dataset_if_not_in_organization',
'create_unowned_dataset',
)) or new_authz.has_user_permission_for_some_org(
user, 'create_dataset')
if not check1:
return {
'success':
False,
'msg':
_('User %s not authorized to edit package %s') %
(str(user), package.id)
}
else:
check2 = _check_group_auth(context, data_dict)
if not check2:
return {
'success':
False,
'msg':
_('User %s not authorized to edit these groups') % (str(user))
}
return {'success': True}
def package_update(context, data_dict):
user = context.get('user')
user_roles = user_custom_roles(context, data_dict)
if 'datovy-kurator' in user_roles:
return {'success': True}
package = logic_auth.get_package_object(context, data_dict)
if package.owner_org:
# if there is an owner org then we must have update_dataset
# permission for that organization
check1 = new_authz.has_user_permission_for_group_or_org(
package.owner_org, user, 'update_dataset'
)
else:
# If dataset is not owned then we can edit if config permissions allow
if new_authz.auth_is_anon_user(context):
check1 = all(new_authz.check_config_permission(p) for p in (
'anon_create_dataset',
'create_dataset_if_not_in_organization',
'create_unowned_dataset',
))
else:
check1 = all(new_authz.check_config_permission(p) for p in (
'create_dataset_if_not_in_organization',
'create_unowned_dataset',
)) or new_authz.has_user_permission_for_some_org(
user, 'create_dataset')
if not check1:
return {'success': False,
'msg': _('User %s not authorized to edit package %s') %
(str(user), package.id)}
else:
check2 = _check_group_auth(context, data_dict)
if not check2:
return {'success': False,
'msg': _('User %s not authorized to edit these groups') %
(str(user))}
return {'success': True}
def package_create(context, data_dict=None):
user = context['user']
if not new_authz.auth_is_registered_user():
check1 = new_authz.check_config_permission('anon_create_dataset')
else:
check1 = new_authz.check_config_permission('create_dataset_if_not_in_organization') \
or new_authz.has_user_permission_for_some_org(user, 'create_dataset')
if not check1:
return {'success': False, 'msg': _('User %s not authorized to create packages') % user}
check2 = _check_group_auth(context,data_dict)
if not check2:
return {'success': False, 'msg': _('User %s not authorized to edit these groups') % user}
# If an organization is given are we able to add a dataset to it?
data_dict = data_dict or {}
org_id = data_dict.get('organization_id')
if org_id and not new_authz.has_user_permission_for_group_or_org(
org_id, user, 'create_dataset'):
return {'success': False, 'msg': _('User %s not authorized to add dataset to this organization') % user}
return {'success': True}
