def get_user_dataset_num(userobj): from ckan.lib.base import model from ckan.lib.search import SearchError from ckanext.bcgov.util.util import get_user_orgs, get_orgs_user_can_edit user_id = userobj.id # If this is the sysadmin user then return don't filter any dataset if userobj.sysadmin == True: fq = "" else: # Include only datsset created by this user or those from the orgs that the user has the admin role. fq = ' +(edc_state:("PUBLISHED" OR "PENDING ARCHIVE")' user_orgs = get_orgs_user_can_edit(userobj) # ['"' + org + '"' for org in get_orgs_user_can_edit()] # user_orgs = ['"' + org.get('id') + '"' for org in get_user_orgs(user_id, 'admin')] # user_orgs += ['"' + org.get('id') + '"' for org in get_user_orgs(user_id, 'editor')] if len(user_orgs) > 0: fq += " OR owner_org:(" + " OR ".join(user_orgs) + ")" fq += ")" try: # package search context = {"model": model, "session": model.Session, "user": user_id} data_dict = {"q": "", "fq": fq, "facet": "false", "rows": 0, "start": 0} query = toolkit.get_action("package_search")(context, data_dict) count = query["count"] except SearchError, se: log.error("Search error: %s", se) count = 0
def before_search(self, search_params): """ Customizes package search and applies filters based on the dataset metadata-visibility and user roles. """ # Change the default sort order when no query passed if not search_params.get('q') and search_params.get('sort') in ( None, 'rank'): search_params[ 'sort'] = 'record_publish_date desc, metadata_modified desc' # Change the query filter depending on the user if 'fq' in search_params: fq = search_params['fq'] else: fq = '' try: # There are no restrictions for sysadmin if c.userobj and c.userobj.sysadmin is True: fq += ' ' fq = filter_query_regex.sub(r'+\1', fq) else: user_name = c.user or 'visitor' if user_name != 'visitor': if 'publish_state' not in fq: fq = filter_query_regex.sub(r'+\1', fq) fq += ' +(publish_state:("PUBLISHED" OR "PENDING ARCHIVE")' if 'owner_org' not in fq: # IDIR users can also see private records of their organizations # Get the list of orgs that the user is an admin or editor of user_orgs = get_orgs_user_can_edit(c.userobj) if user_orgs != []: fq += ' OR ' + 'owner_org:(' + ' OR '.join( user_orgs) + ')' fq += ')' else: if fq: # make all fields in Filter Query mandatory with '+' fq = filter_query_regex.sub(r'+\1', fq) # Public user can only view public and published records fq += ' +(publish_state:("PUBLISHED" OR "PENDING ARCHIVE") AND metadata_visibility:("Public"))' except Exception: if 'fq' in search_params: fq = search_params['fq'] else: fq = '' fq += ' +publish_state:("PUBLISHED" OR "PENDING ARCHIVE") +metadata_visibility:("Public")' search_params['fq'] = fq search_params['include_private'] = False log.debug("Search Params: {0}".format(search_params)) return search_params
def record_is_viewable(pkg_dict, userobj): ''' Checks if the user is authorized to view the dataset. Public users can only see published or pending archive records and only if the metadata-visibility is public. Government users who are not admins or editors can only see the published or pending archive records. Editors and admins can see all the records of their organizations in addition to what government users can see. ''' from ckanext.bcgov.util.util import get_user_orgs, get_orgs_user_can_edit #Sysadmin can view all records if userobj and userobj.sysadmin == True : return True #Anonymous user (visitor) can only view published public records published_state = ['PUBLISHED', 'PENDING ARCHIVE'] # CITZEDC-832 # Checking in `extras` for custom schema fields metadata_visibility = '' edc_state = '' owner_org = '' if 'metadata_visibility' in pkg_dict: metadata_visibility = pkg_dict['metadata_visibility'] else: metadata_visibility = get_package_extras_by_key('metadata_visibility', pkg_dict) if 'edc_state' in pkg_dict: edc_state = pkg_dict['edc_state'] else: edc_state = get_package_extras_by_key('edc_state', pkg_dict) if 'owner_org' in pkg_dict: owner_org = pkg_dict['owner_org'] else: owner_org = get_package_extras_by_key('owner_org', pkg_dict) if metadata_visibility == 'Public' and edc_state in published_state: return True if userobj : if metadata_visibility == 'IDIR' and edc_state in published_state: return True user_orgs = get_orgs_user_can_edit(userobj) #user_orgs = [org.get('id') for org in get_user_orgs(userobj.id, 'editor') ] #user_orgs += [org.get('id') for org in get_user_orgs(userobj.id, 'admin') ] if owner_org in user_orgs: return True return True return False
def record_is_viewable(pkg_dict, userobj): ''' Checks if the user is authorized to view the dataset. Public users can only see published or pending archive records and only if the metadata-visibility is public. Government users who are not admins or editors can only see the published or pending archive records. Editors and admins can see all the records of their organizations in addition to what government users can see. ''' from ckanext.bcgov.util.util import get_user_orgs, get_orgs_user_can_edit #Sysadmin can view all records if userobj and userobj.sysadmin == True: return True #Anonymous user (visitor) can only view published public records published_state = ['PUBLISHED', 'PENDING ARCHIVE'] # CITZEDC-832 # Checking in `extras` for custom schema fields metadata_visibility = '' edc_state = '' owner_org = '' if 'metadata_visibility' in pkg_dict: metadata_visibility = pkg_dict['metadata_visibility'] else: metadata_visibility = get_package_extras_by_key( 'metadata_visibility', pkg_dict) if 'edc_state' in pkg_dict: edc_state = pkg_dict['edc_state'] else: edc_state = get_package_extras_by_key('edc_state', pkg_dict) if 'owner_org' in pkg_dict: owner_org = pkg_dict['owner_org'] else: owner_org = get_package_extras_by_key('owner_org', pkg_dict) if metadata_visibility == 'Public' and edc_state in published_state: return True if userobj: if metadata_visibility == 'IDIR' and edc_state in published_state: return True user_orgs = get_orgs_user_can_edit(userobj) #user_orgs = [org.get('id') for org in get_user_orgs(userobj.id, 'editor') ] #user_orgs += [org.get('id') for org in get_user_orgs(userobj.id, 'admin') ] if owner_org in user_orgs: return True return True return False
def read(self, id=None): if c.userobj and c.userobj.sysadmin == True: fq = '' else: fq = ' +(edc_state:("PUBLISHED" OR "PENDING ARCHIVE")' if c.userobj: user_id = c.userobj.id user_orgs = get_orgs_user_can_edit(c.userobj) if len(user_orgs) > 0: fq += ' OR owner_org:(' + ' OR '.join(user_orgs) + ')' fq += ')' self._user_datasets('read', id, fq) return render('user/read.html')
def dashboard_unpublished(self): if not c.userobj: abort(401, _('You must be logged-in to access the dashboard.')) user_id = c.userobj.id fq = ' +edc_state:("DRAFT" OR "PENDING PUBLISH" OR "REJECTED")' # Get the list of organizations that this user is the admin if not c.userobj.sysadmin: user_orgs = get_orgs_user_can_edit(c.userobj) if len(user_orgs) > 0: fq += ' +owner_org:(' + ' OR '.join(user_orgs) + ')' self._user_datasets('dashboard_unpublished', c.userobj.id, fq) return render('user/dashboard_unpublished.html')
def dashboard_unpublished(self): if not c.userobj : abort(401, _('You must be logged-in to access the dashboard.')) user_id = c.userobj.id fq = ' +edc_state:("DRAFT" OR "PENDING PUBLISH" OR "REJECTED")' # Get the list of organizations that this user is the admin if not c.userobj.sysadmin : user_orgs = get_orgs_user_can_edit(c.userobj) if len(user_orgs) > 0 : fq += ' +owner_org:(' + ' OR '.join(user_orgs) + ')' self._user_datasets('dashboard_unpublished', c.userobj.id, fq) return render('user/dashboard_unpublished.html')
def read(self, id=None): if c.userobj and c.userobj.sysadmin == True: fq = '' else: fq = ' +(edc_state:("PUBLISHED" OR "PENDING ARCHIVE")' if c.userobj: user_id = c.userobj.id user_orgs = get_orgs_user_can_edit(c.userobj)#['"' + org + '"' for org in get_orgs_user_can_edit()] #user_orgs = ['"' + org.get('id') + '"' for org in get_user_orgs(user_id, 'admin')] #user_orgs += ['"' + org.get('id') + '"' for org in get_user_orgs(user_id, 'editor')] if len(user_orgs) > 0: fq += ' OR owner_org:(' + ' OR '.join(user_orgs) + ')' fq += ')' self._user_datasets('read',id, fq) return render('user/read.html')
def read(self, id=None): if c.userobj == None: return render('package/auth_error.html') if c.userobj and c.userobj.sysadmin == True: fq = '' else: fq = ' +(edc_state:("PUBLISHED" OR "PENDING ARCHIVE")' if c.userobj: user_id = c.userobj.id user_orgs = get_orgs_user_can_edit(c.userobj) if len(user_orgs) > 0: fq += ' OR owner_org:(' + ' OR '.join(user_orgs) + ')' fq += ')' self._user_datasets('read',id, fq) return render('user/read.html')
def get_user_dataset_num(userobj): from ckan.lib.base import model from ckan.lib.search import SearchError from ckanext.bcgov.util.util import get_user_orgs, get_orgs_user_can_edit user_id = userobj.id #If this is the sysadmin user then return don't filter any dataset if userobj.sysadmin == True: fq = '' else : #Include only datsset created by this user or those from the orgs that the user has the admin role. fq = ' +(edc_state:("PUBLISHED" OR "PENDING ARCHIVE")' user_orgs = get_orgs_user_can_edit(userobj) #['"' + org + '"' for org in get_orgs_user_can_edit()] #user_orgs = ['"' + org.get('id') + '"' for org in get_user_orgs(user_id, 'admin')] #user_orgs += ['"' + org.get('id') + '"' for org in get_user_orgs(user_id, 'editor')] if len(user_orgs) > 0: fq += ' OR owner_org:(' + ' OR '.join(user_orgs) + ')' fq += ')' try: # package search context = {'model': model, 'session': model.Session, 'user': user_id} data_dict = { 'q':'', 'fq':fq, 'facet':'false', 'rows':0, 'start':0, } query = toolkit.get_action('package_search')(context,data_dict) count = query['count'] except SearchError, se: log.error('Search error: %s', se) count = 0
def get_user_dataset_num(userobj): from ckan.lib.base import model from ckan.lib.search import SearchError from ckanext.bcgov.util.util import get_user_orgs, get_orgs_user_can_edit user_id = userobj.id #If this is the sysadmin user then return don't filter any dataset if userobj.sysadmin == True: fq = '' else: #Include only datsset created by this user or those from the orgs that the user has the admin role. fq = ' +(edc_state:("PUBLISHED" OR "PENDING ARCHIVE")' user_orgs = get_orgs_user_can_edit( userobj) #['"' + org + '"' for org in get_orgs_user_can_edit()] #user_orgs = ['"' + org.get('id') + '"' for org in get_user_orgs(user_id, 'admin')] #user_orgs += ['"' + org.get('id') + '"' for org in get_user_orgs(user_id, 'editor')] if len(user_orgs) > 0: fq += ' OR owner_org:(' + ' OR '.join(user_orgs) + ')' fq += ')' try: # package search context = {'model': model, 'session': model.Session, 'user': user_id} data_dict = { 'q': '', 'fq': fq, 'facet': 'false', 'rows': 0, 'start': 0, } query = toolkit.get_action('package_search')(context, data_dict) count = query['count'] except SearchError, se: log.error('Search error: %s', se) count = 0
def before_search(self, search_params): ''' Customizes package search and applies filters based on the dataset metadata-visibility and user roles. ''' #Change the default sort order when no query passed if not search_params.get('q') and search_params.get('sort') in ( None, 'rank'): search_params[ 'sort'] = 'record_publish_date desc, metadata_modified desc' #Change the query filter depending on the user if 'fq' in search_params: fq = search_params['fq'] else: fq = '' #need to append solr param q.op to force an AND query if 'q' in search_params: q = search_params['q'] else: q = '' try: user_name = c.user or 'visitor' # There are no restrictions for sysadmin if c.userobj and c.userobj.sysadmin == True: fq += ' ' fq = filter_query_regex.sub(r'+\1', fq) else: if user_name != 'visitor': if 'edc_state' not in fq: fq = filter_query_regex.sub(r'+\1', fq) fq += ' +(edc_state:("PUBLISHED" OR "PENDING ARCHIVE")' if 'owner_org' not in fq: #IDIR users can also see private records of their organizations user_id = c.userobj.id #Get the list of orgs that the user is an admin or editor of user_orgs = get_orgs_user_can_edit( c.userobj ) #['"' + org + '"' for org in get_orgs_user_can_edit()] #user_orgs = ['"' + org.get('id') + '"' for org in get_user_orgs(user_id, 'admin')] #user_orgs += ['"' + org.get('id') + '"' for org in get_user_orgs(user_id, 'editor')] if user_orgs != []: fq += ' OR ' + 'owner_org:(' + ' OR '.join( user_orgs) + ')' fq += ')' else: if fq: # make all fieds in Filter Query minditory with '+' fq = filter_query_regex.sub(r'+\1', fq) # Public user can only view public and published records fq += ' +(edc_state:("PUBLISHED" OR "PENDING ARCHIVE") AND metadata_visibility:("Public"))' except Exception: if 'fq' in search_params: fq = search_params['fq'] else: fq = '' fq += ' +edc_state:("PUBLISHED" OR "PENDING ARCHIVE") +metadata_visibility:("Public")' search_params['fq'] = fq return search_params
def before_search(self, search_params): ''' Customizes package search and applies filters based on the dataset metadata-visibility and user roles. ''' #Change the default sort order when no query passed if not search_params.get('q') and search_params.get('sort') in (None, 'rank'): search_params['sort'] = 'record_publish_date desc, metadata_modified desc' #Change the query filter depending on the user if 'fq' in search_params: fq = search_params['fq'] else: fq = '' #need to append solr param q.op to force an AND query if 'q' in search_params: q = search_params['q'] if q !='': q = '{!lucene q.op=AND}' + q search_params['q'] = q else: q = '' try : user_name = c.user or 'visitor' # There are no restrictions for sysadmin if c.userobj and c.userobj.sysadmin == True: fq += ' ' else: if user_name != 'visitor': if 'edc_state' not in fq : fq += ' +(edc_state:("PUBLISHED" OR "PENDING ARCHIVE")' if 'owner_org' not in fq : #IDIR users can also see private records of their organizations user_id = c.userobj.id #Get the list of orgs that the user is an admin or editor of user_orgs = get_orgs_user_can_edit(c.userobj) #['"' + org + '"' for org in get_orgs_user_can_edit()] #user_orgs = ['"' + org.get('id') + '"' for org in get_user_orgs(user_id, 'admin')] #user_orgs += ['"' + org.get('id') + '"' for org in get_user_orgs(user_id, 'editor')] if user_orgs != []: fq += ' OR ' + 'owner_org:(' + ' OR '.join(user_orgs) + ')' fq += ')' #Public user can only view public and published records else: fq += ' +(edc_state:("PUBLISHED" OR "PENDING ARCHIVE") AND metadata_visibility:("Public"))' except Exception: if 'fq' in search_params: fq = search_params['fq'] else: fq = '' fq += ' +edc_state:("PUBLISHED" OR "PENDING ARCHIVE") +metadata_visibility:("Public")' search_params['fq'] = fq return search_params