def datahub_package_create(context, data_dict): from ckan.logic.auth.create import _check_group_auth if authz.is_sysadmin(context.get('user')): return {'success': True} user = context['user'] if not authz.auth_is_registered_user(): if '/new' in c.environ['PATH_INFO']: h.redirect_to(CREATE_DATASET_HELP_PAGE) else: return {'success': False, 'msg': _('You must login to create a dataset')} check1 = authz.check_config_permission('create_dataset_if_not_in_organization') \ or authz.check_config_permission('create_unowned_dataset') #if not authorized and not a part of any org, redirect to help page on how to join one if not check1 and not authz.has_user_permission_for_some_org(user, 'create_dataset'): if '/new' in c.environ['PATH_INFO']: h.redirect_to(CREATE_DATASET_HELP_PAGE) else: return {'success': False, 'msg': _('User %s not authorized to create packages') % user} check2 = _check_group_auth(context,data_dict) if not check2 and not check1: return {'success': False, 'msg': _('User %s not authorized to edit these groups') % user} # If an organization is given are we able to add a dataset to it? data_dict = data_dict or {} org_id = data_dict.get('organization_id') if org_id and not authz.has_user_permission_for_group_or_org( org_id, user, 'create_dataset'): return {'success': False, 'msg': _('User %s not authorized to add dataset to this organization') % user} return {'success': True}
def package_create(context, data_dict=None): import ckan.new_authz as new_authz from ckan.logic.auth.create import _check_group_auth user = context['user'] if new_authz.auth_is_anon_user(context): check1 = new_authz.check_config_permission('anon_create_dataset') else: # CKAN default options that grant any user rights to create datasets removed here. check1 = new_authz.has_user_permission_for_some_org(user, 'create_dataset') if not check1: return {'success': False, 'msg': _('User %s not authorized to create packages') % user} check2 = _check_group_auth(context,data_dict) if not check2: return {'success': False, 'msg': _('User %s not authorized to edit these groups') % user} # If an organization is given are we able to add a dataset to it? data_dict = data_dict or {} org_id = data_dict.get('organization_id') if org_id and not new_authz.has_user_permission_for_group_or_org(org_id, user, 'create_dataset'): return {'success': False, 'msg': _('User %s not authorized to add dataset to this organization') % user} # Note the default value True except when we're actually trying to create a new dataset... if data_dict: org_id = data_dict.get('owner_org') if org_id and not new_authz.has_user_permission_for_group_or_org(org_id, user, 'create_dataset'): return {'success': False, 'msg': _('User %s not authorized to add dataset to this organization') % user} elif not org_id: return {'success': False} return {'success': True}
def package_create(context, data_dict=None): user = context['user'] if new_authz.auth_is_anon_user(context): check1 = all(new_authz.check_config_permission(p) for p in ( 'anon_create_dataset', 'create_dataset_if_not_in_organization', 'create_unowned_dataset', )) else: check1 = all(new_authz.check_config_permission(p) for p in ( 'create_dataset_if_not_in_organization', 'create_unowned_dataset', )) or new_authz.has_user_permission_for_some_org( user, 'create_dataset') if not check1: return {'success': False, 'msg': _('User %s not authorized to create packages') % user} check2 = _check_group_auth(context,data_dict) if not check2: return {'success': False, 'msg': _('User %s not authorized to edit these groups') % user} # If an organization is given are we able to add a dataset to it? data_dict = data_dict or {} org_id = data_dict.get('owner_org') if org_id and not new_authz.has_user_permission_for_group_or_org( org_id, user, 'create_dataset'): return {'success': False, 'msg': _('User %s not authorized to add dataset to this organization') % user} return {'success': True}
def datahub_package_create(context, data_dict): from ckan.logic.auth.create import _check_group_auth if new_authz.is_sysadmin(context.get('user')): return {'success': True} user = context['user'] if not new_authz.auth_is_registered_user(): return {'success': False, 'msg': _('You must login to create a dataset')} else: check1 = new_authz.check_config_permission('create_dataset_if_not_in_organization') \ or new_authz.check_config_permission('create_unowned_dataset') if not check1 and not new_authz.has_user_permission_for_some_org(user, 'create_dataset'): h.redirect_to('/pages/requesting-an-organization') if not check1: return {'success': False, 'msg': _('User %s not authorized to create packages') % user} check2 = _check_group_auth(context,data_dict) if not check2: return {'success': False, 'msg': _('User %s not authorized to edit these groups') % user} # If an organization is given are we able to add a dataset to it? data_dict = data_dict or {} org_id = data_dict.get('organization_id') if org_id and not new_authz.has_user_permission_for_group_or_org( org_id, user, 'create_dataset'): return {'success': False, 'msg': _('User %s not authorized to add dataset to this organization') % user} return {'success': True}
def package_create(context, data_dict=None): user = context['user'] user_roles = user_custom_roles(context, data_dict) if 'datovy-kurator' in user_roles: return {'success': True} if new_authz.auth_is_anon_user(context): check1 = all(new_authz.check_config_permission(p) for p in ( 'anon_create_dataset', 'create_dataset_if_not_in_organization', 'create_unowned_dataset', )) else: check1 = all(new_authz.check_config_permission(p) for p in ( 'create_dataset_if_not_in_organization', 'create_unowned_dataset', )) or new_authz.has_user_permission_for_some_org( user, 'create_dataset') if not check1: return {'success': False, 'msg': _('User %s not authorized to create packages') % user} check2 = _check_group_auth(context,data_dict) if not check2: return {'success': False, 'msg': _('User %s not authorized to edit these groups') % user} # If an organization is given are we able to add a dataset to it? data_dict = data_dict or {} org_id = data_dict.get('owner_org') if org_id and not new_authz.has_user_permission_for_group_or_org( org_id, user, 'create_dataset'): return {'success': False, 'msg': _('User %s not authorized to add dataset to this organization') % user} return {'success': True}
def export_csv(context, data_dict): '''Check if the user has admin rights in some org''' from ckan import new_authz user_name = context.get('user') if user_name: check = new_authz.has_user_permission_for_some_org(user_name, 'admin') if check: return {'success': True} return {'success': False}
def package_create(context, data_dict=None): import ckan.new_authz as new_authz from ckan.logic.auth.create import _check_group_auth user = context['user'] if new_authz.auth_is_anon_user(context): check1 = new_authz.check_config_permission( 'anon_create_dataset') else: # CKAN default options that grant any user rights to create datasets removed here. check1 = new_authz.has_user_permission_for_some_org( user, 'create_dataset') if not check1: return { 'success': False, 'msg': _('User %s not authorized to create packages') % user } check2 = _check_group_auth(context, data_dict) if not check2: return { 'success': False, 'msg': _('User %s not authorized to edit these groups') % user } # If an organization is given are we able to add a dataset to it? data_dict = data_dict or {} org_id = data_dict.get('organization_id') if org_id and not new_authz.has_user_permission_for_group_or_org( org_id, user, 'create_dataset'): return { 'success': False, 'msg': _('User %s not authorized to add dataset to this organization' ) % user } # Note the default value True except when we're actually trying to create a new dataset... if data_dict: org_id = data_dict.get('owner_org') if org_id and not new_authz.has_user_permission_for_group_or_org( org_id, user, 'create_dataset'): return { 'success': False, 'msg': _('User %s not authorized to add dataset to this organization' ) % user } elif not org_id: return {'success': False} return {'success': True}
def new_has_user_permission_for_group_or_org(group_id_or_name, user_name, permission): sup = old_has_user_permission_for_group_or_org(group_id_or_name, user_name, permission) if sup: return True # Get group if not group_id_or_name: return False group = model.Group.get(group_id_or_name) if not group: return False is_admin_somewhere = new_authz.has_user_permission_for_some_org(user_name, 'admin') is_editor_somewhere = new_authz.has_user_permission_for_some_org(user_name, 'editor') # Allow organization admins & editors to add and remove packages from groups (categories) if (is_admin_somewhere or is_editor_somewhere) and group.type == 'group': return True return False
def package_create(fb, context, data_dict): user = context['auth_user_obj'] if data_dict and 'owner_org' in data_dict: role = users_role_for_group_or_org(data_dict['owner_org'], user.name) if role == 'member': return {'success': True} else: # If there is no organization, then this should return success if the user can create datasets for *some* # organisation (see the ckan implementation), so either if anonymous packages are allowed or if we have # member status in any organization. if has_user_permission_for_some_org(user.name, 'read'): return {'success': True} return fb(context, data_dict)
def datahub_package_create(context, data_dict): from ckan.logic.auth.create import _check_group_auth if new_authz.is_sysadmin(context.get('user')): return {'success': True} user = context['user'] if not new_authz.auth_is_registered_user(): if '/new' in c.environ['PATH_INFO']: h.redirect_to(CREATE_DATASET_HELP_PAGE) else: return { 'success': False, 'msg': _('You must login to create a dataset') } check1 = new_authz.check_config_permission('create_dataset_if_not_in_organization') \ or new_authz.check_config_permission('create_unowned_dataset') #if not authorized and not a part of any org, redirect to help page on how to join one if not check1 and not new_authz.has_user_permission_for_some_org( user, 'create_dataset'): if '/new' in c.environ['PATH_INFO']: h.redirect_to(CREATE_DATASET_HELP_PAGE) else: return { 'success': False, 'msg': _('User %s not authorized to create packages') % user } check2 = _check_group_auth(context, data_dict) if not check2 and not check1: return { 'success': False, 'msg': _('User %s not authorized to edit these groups') % user } # If an organization is given are we able to add a dataset to it? data_dict = data_dict or {} org_id = data_dict.get('organization_id') if org_id and not new_authz.has_user_permission_for_group_or_org( org_id, user, 'create_dataset'): return { 'success': False, 'msg': _('User %s not authorized to add dataset to this organization') % user } return {'success': True}
def package_create(context, data_dict): user = context['auth_user_obj'] if data_dict and 'owner_org' in data_dict: role = users_role_for_group_or_org(data_dict['owner_org'], user.name) if role == 'member': return {'success': True} else: # If there is no organization, then this should return success if the user can create datasets for *some* # organisation (see the ckan implementation), so either if anonymous packages are allowed or if we have # member status in any organization. if has_user_permission_for_some_org(user.name, 'read'): return {'success': True} fallback = get_default_auth('create', 'package_create') return fallback(context, data_dict)
def new_has_user_permission_for_group_or_org(group_id_or_name, user_name, permission): sup = old_has_user_permission_for_group_or_org( group_id_or_name, user_name, permission) if sup: return True # Get group if not group_id_or_name: return False group = model.Group.get(group_id_or_name) if not group: return False is_admin_somewhere = new_authz.has_user_permission_for_some_org( user_name, 'admin') can_create_dataset_somewhere = new_authz.has_user_permission_for_some_org( user_name, 'create_dataset') # Allow organization admins & editors to add and remove packages from groups (categories) if (is_admin_somewhere or can_create_dataset_somewhere) and group.type == 'group': return True return False
def package_create(context, data_dict=None): user = context['user'] if not new_authz.auth_is_registered_user(): check1 = new_authz.check_config_permission('anon_create_dataset') else: check1 = new_authz.check_config_permission('create_dataset_if_not_in_organization') \ or new_authz.has_user_permission_for_some_org(user, 'create_dataset') if not check1: return {'success': False, 'msg': _('User %s not authorized to create packages') % user} else: check2 = _check_group_auth(context,data_dict) if not check2: return {'success': False, 'msg': _('User %s not authorized to edit these groups') % str(user)} return {'success': True}
def package_update(context, data_dict): user = context.get('user') package = logic_auth.get_package_object(context, data_dict) if package.owner_org: # if there is an owner org then we must have update_dataset # permission for that organization check1 = new_authz.has_user_permission_for_group_or_org( package.owner_org, user, 'update_dataset') else: # If dataset is not owned then we can edit if config permissions allow if new_authz.auth_is_anon_user(context): check1 = all( new_authz.check_config_permission(p) for p in ( 'anon_create_dataset', 'create_dataset_if_not_in_organization', 'create_unowned_dataset', )) else: check1 = all( new_authz.check_config_permission(p) for p in ( 'create_dataset_if_not_in_organization', 'create_unowned_dataset', )) or new_authz.has_user_permission_for_some_org( user, 'create_dataset') if not check1: return { 'success': False, 'msg': _('User %s not authorized to edit package %s') % (str(user), package.id) } else: check2 = _check_group_auth(context, data_dict) if not check2: return { 'success': False, 'msg': _('User %s not authorized to edit these groups') % (str(user)) } return {'success': True}
def package_update(context, data_dict): user = context.get('user') user_roles = user_custom_roles(context, data_dict) if 'datovy-kurator' in user_roles: return {'success': True} package = logic_auth.get_package_object(context, data_dict) if package.owner_org: # if there is an owner org then we must have update_dataset # permission for that organization check1 = new_authz.has_user_permission_for_group_or_org( package.owner_org, user, 'update_dataset' ) else: # If dataset is not owned then we can edit if config permissions allow if new_authz.auth_is_anon_user(context): check1 = all(new_authz.check_config_permission(p) for p in ( 'anon_create_dataset', 'create_dataset_if_not_in_organization', 'create_unowned_dataset', )) else: check1 = all(new_authz.check_config_permission(p) for p in ( 'create_dataset_if_not_in_organization', 'create_unowned_dataset', )) or new_authz.has_user_permission_for_some_org( user, 'create_dataset') if not check1: return {'success': False, 'msg': _('User %s not authorized to edit package %s') % (str(user), package.id)} else: check2 = _check_group_auth(context, data_dict) if not check2: return {'success': False, 'msg': _('User %s not authorized to edit these groups') % (str(user))} return {'success': True}
def package_create(context, data_dict=None): user = context['user'] if not new_authz.auth_is_registered_user(): check1 = new_authz.check_config_permission('anon_create_dataset') else: check1 = new_authz.check_config_permission('create_dataset_if_not_in_organization') \ or new_authz.has_user_permission_for_some_org(user, 'create_dataset') if not check1: return {'success': False, 'msg': _('User %s not authorized to create packages') % user} check2 = _check_group_auth(context,data_dict) if not check2: return {'success': False, 'msg': _('User %s not authorized to edit these groups') % user} # If an organization is given are we able to add a dataset to it? data_dict = data_dict or {} org_id = data_dict.get('organization_id') if org_id and not new_authz.has_user_permission_for_group_or_org( org_id, user, 'create_dataset'): return {'success': False, 'msg': _('User %s not authorized to add dataset to this organization') % user} return {'success': True}