def follow_dataset(context, data_dict): '''Start following a dataset. You must provide your API key in the Authorization header. :param id: the id or name of the dataset to follow, e.g. ``'warandpeace'`` :type id: string :returns: a representation of the 'follower' relationship between yourself and the dataset :rtype: dictionary ''' if not 'user' in context: raise logic.NotAuthorized( _("You must be logged in to follow a dataset.")) model = context['model'] session = context['session'] userobj = model.User.get(context['user']) if not userobj: raise logic.NotAuthorized( _("You must be logged in to follow a dataset.")) schema = (context.get('schema') or ckan.logic.schema.default_follow_dataset_schema()) validated_data_dict, errors = _validate(data_dict, schema, context) if errors: model.Session.rollback() raise ValidationError(errors) # Don't let a user follow a dataset she is already following. if model.UserFollowingDataset.is_following(userobj.id, validated_data_dict['id']): # FIXME really package model should have this logic and provide # 'display_name' like users and groups pkgobj = model.Package.get(validated_data_dict['id']) name = pkgobj.title or pkgobj.name or pkgobj.id message = _( 'You are already following {0}').format(name) raise ValidationError({'message': message}, error_summary=message) follower = model_save.follower_dict_save(validated_data_dict, context, model.UserFollowingDataset) if not context.get('defer_commit'): model.repo.commit() log.debug(u'User {follower} started following dataset {object}'.format( follower=follower.follower_id, object=follower.object_id)) return model_dictize.user_following_dataset_dictize(follower, context)
def follow_user(context, data_dict): '''Start following another user. You must provide your API key in the Authorization header. :param id: the id or name of the user to follow, e.g. ``'joeuser'`` :type id: string :returns: a representation of the 'follower' relationship between yourself and the other user :rtype: dictionary ''' if 'user' not in context: raise logic.NotAuthorized(_("You must be logged in to follow users")) model = context['model'] session = context['session'] userobj = model.User.get(context['user']) if not userobj: raise logic.NotAuthorized(_("You must be logged in to follow users")) schema = (context.get('schema') or ckan.logic.schema.default_follow_user_schema()) validated_data_dict, errors = _validate(data_dict, schema, context) if errors: model.Session.rollback() raise ValidationError(errors) # Don't let a user follow herself. if userobj.id == validated_data_dict['id']: message = _('You cannot follow yourself') raise ValidationError({'message': message}, error_summary=message) # Don't let a user follow someone she is already following. if model.UserFollowingUser.is_following(userobj.id, validated_data_dict['id']): followeduserobj = model.User.get(validated_data_dict['id']) name = followeduserobj.display_name message = _( 'You are already following {0}').format(name) raise ValidationError({'message': message}, error_summary=message) follower = model_save.follower_dict_save(validated_data_dict, context, model.UserFollowingUser) if not context.get('defer_commit'): model.repo.commit() log.debug(u'User {follower} started following user {object}'.format( follower=follower.follower_id, object=follower.object_id)) return model_dictize.user_following_user_dictize(follower, context)
def wrapper(context, data): if signature_header_name in request.headers: if request.headers[signature_header_name].startswith('sha1='): algo, received_hmac = request.headers[signature_header_name].rsplit('=') computed_hmac = hmac.new(api_secret, request.body, sha1).hexdigest() if received_hmac.lower() != computed_hmac: log.info('Invalid HMAC') raise logic.NotAuthorized(_('Invalid HMAC')) else: log.info('Invalid HMAC algo') raise logic.ValidationError(_('Invalid HMAC algo')) else: log.info('No HMAC in the header') raise logic.NotAuthorized(_("No HMAC in the header")) return func(context, data)
def before_request(): try: if not g.userobj: raise logic.NotAuthorized() context = dict(model=model, user=g.user, auth_user_obj=g.userobj) logic.check_access(u'site_read', context) except logic.NotAuthorized: base.abort(403, _(u'Not authorized to see this page'))
def __before__(self, action, **params): super(WebAdminController, self).__before__(action, **params) context = {'model': model, 'user': c.user, 'auth_user_obj': c.userobj} try: if not helpers.is_cdrc_admin(): raise logic.NotAuthorized() except logic.NotAuthorized: base.abort(401, _('Need to be CDRC website administrator to administer')) c.revision_change_state_allowed = True
def unfollow_search(context, data_dict): '''Stop following a search. You must provide your API key in the Authorization header. :param id: the id of the saved search :type id: string ''' if 'user' not in context: raise logic.NotAuthorized( _("You must be logged in to follow a search.")) if not paste.deploy.converters.asbool( config.get('ckan.follow_searches_enabled', 'false')): raise logic.NotFound(_("Following searches not supported")) model = context['model'] session = context['session'] userobj = model.User.get(context['user']) if not userobj: raise logic.NotAuthorized( _("You must be logged in to unfollow a search.")) follower = userobj.id if not data_dict.get('id'): errors = {"id": [_("Not provided and search_string not found")]} raise ValidationError(errors) id = data_dict['id'] obj = session.query(model.SavedSearch).get(id) if obj.user_id != follower: raise NotFound(_('You are not following this search')) obj.delete() model.repo.commit()
def post_delete(context, data_dict): '''Deletes a newsfeed post. Only sysadmins and the post author can delete the post. :param id: `str`, the post ID. Required. ''' if 'id' not in data_dict: raise logic.ValidationError({ 'id': _('Missing Value'), }) user = context.get('auth_user_obj') if not user: raise logic.NotAuthorized( _('You are not authorized to ' 'delete this post')) post = Posts.get(data_dict['id']) if not post: raise logic.NotFound(_('Post not found')) is_sysadmin = hasattr(user, 'sysadmin') and user.sysadmin skip_auth = context.get('ignore_authentication') if not (is_sysadmin or skip_auth): if post.created_by != user.id: raise logic.NotAuthorized( _('You are not authorized to ' 'delete this post')) try: model.Session.delete(post) model.Session.commit() Posts.delete_from_index(data_dict) except Exception as e: log.error('Failed to delete comments. Error: %s', str(e)) log.exception(e) model.Session.rollback()
def user_logout(context, data_dict): """Perform the user logout. :param email: the user email :type email: string :format email: string :param key: the received token :type key: string :format key: string :returns: success :rtype: string """ user.logout() if session.id: log.debug(u'Deleting Session: %r', session.items()) session.delete() # Clear flask session try: flask.session.clear() except: log.error("flask session could no be deleted") # check if user remains in context if toolkit.c.user: log.warning('user could be still logged in ({0})'.format( toolkit.c.user)) # check if authorization cookie remains for cookie in request.cookies: if cookie == u'auth_tkt': log.warning( "found cookie {0}, user needs to log out from UI".format( cookie)) raise logic.NotAuthorized( "found cookie {0}, user needs to log out from UI".format( cookie)) return "logout successful"
def follow_dataset(context, data_dict): '''Start following a dataset. You must provide your API key in the Authorization header. :param id: the id or name of the dataset to follow, e.g. ``'warandpeace'`` :type id: string :returns: a representation of the 'follower' relationship between yourself and the dataset :rtype: dictionary ''' if not context.has_key('user'): raise logic.NotAuthorized( _("You must be logged in to follow a dataset.")) model = context['model'] session = context['session'] userobj = model.User.get(context['user']) if not userobj: raise logic.NotAuthorized( _("You must be logged in to follow a dataset.")) schema = (context.get('schema') or ckan.logic.schema.default_follow_dataset_schema()) validated_data_dict, errors = _validate(data_dict, schema, context) if errors: model.Session.rollback() raise ValidationError(errors) # Don't let a user follow a dataset she is already following. if model.UserFollowingDataset.is_following(userobj.id, validated_data_dict['id']): message = _('You are already following {0}').format(data_dict['id']) raise ValidationError({'message': message}, error_summary=message) follower = model_save.follower_dict_save(validated_data_dict, context, model.UserFollowingDataset) activity_dict = { 'user_id': userobj.id, 'object_id': validated_data_dict['id'], 'activity_type': 'follow dataset', } activity_dict['data'] = { 'dataset': ckan.lib.dictization.table_dictize( model.Package.get(validated_data_dict['id']), context), } activity_create_context = { 'model': model, 'user': userobj, 'defer_commit': True, 'session': session } logic.get_action('activity_create')(activity_create_context, activity_dict, ignore_auth=True) if not context.get('defer_commit'): model.repo.commit() log.debug(u'User {follower} started following dataset {object}'.format( follower=follower.follower_id, object=follower.object_id)) return model_dictize.user_following_dataset_dictize(follower, context)
def legacy_package_show(context, data_dict): '''Return the metadata of a dataset (package) and its resources. This overrides core package_show to deal with DCAT-AP data :param str uri: the uri of the dataset :rtype: dictionary ''' import ckanext.ecportal.model.mapping.old_model_mapper as mapper if config.get('ckan.ecodp.backward_compatibility', 'true') in 'false, False': raise logic.NotFound('Function not available') uri_prefix = '{0}/{1}'.format(config.get('ckan.ecodp.uri_prefix'), 'dataset') dataset_uri_ckan2odp = data_dict.get("objectUri") if dataset_uri_ckan2odp: name_or_id = dataset_uri_ckan2odp elif data_dict.get("id"): name_or_id = '{0}/{1}'.format(uri_prefix, data_dict.get("id")) else: name_or_id = data_dict.get( "uri" ) # or 'http://data.europa.eu/999/dataset/dgt-translation-memory-V1-2' if not name_or_id: raise DataError('No id provided') active_cache = config.get('ckan.cache.active', 'false') dataset = None # type: DatasetDcatApOp if active_cache == 'true': # get the ds from cache dataset_string = redis_cache.get_from_cache( name_or_id, pool=redis_cache.DATASET_POOL) if dataset_string: dataset = pickle.loads(dataset_string) log.info('Load dataset from cache: {0}'.format(name_or_id)) # dataset = DatasetDcatApOp(name_or_id,dataset_json) if not dataset or not dataset.schema: dataset = DatasetDcatApOp(name_or_id) # todo optimize the code if not dataset.get_description_from_ts() and ( context.get('auth_user_obj', None) or context.get('ignore_auth', False) == True): dataset.set_state_as_private() #private dataset should not be cached active_cache = 'false' if not dataset.get_description_from_ts(): raise logic.NotFound(_('ecodp.dcat.dataset.not_found')) log.info('Load dataset from ts: {0}'.format(name_or_id)) if active_cache == 'true': redis_cache.set_value_no_ttl_in_cache(name_or_id, pickle.dumps(dataset)) if not dataset.schema: raise logic.NotFound('ecodp.dcat.dataset.not_found') context['package'] = dataset permission = _check_access('package_show', context, data_dict) if not permission: raise logic.NotAuthorized() package_dict = mapper.package_show_schema(dataset) return package_dict
def package_show(context, data_dict): '''Return the metadata of a dataset (package) and its resources. This overrides core package_show to deal with DCAT-AP data :param str uri: the uri of the dataset :rtype: dictionary ''' start = time.time() uri_prefix = '{0}/{1}'.format(config.get('ckan.ecodp.uri_prefix'), 'dataset') dataset_uri_ckan2odp = data_dict.get("objectUri") if dataset_uri_ckan2odp: name_or_id = dataset_uri_ckan2odp elif data_dict.get("id"): name_or_id = '{0}/{1}'.format(uri_prefix, data_dict.get("id")) else: name_or_id = data_dict.get( "uri" ) # or 'http://data.europa.eu/999/dataset/dgt-translation-memory-V1-2' if not name_or_id: raise DataError('No id provided') active_cache = config.get('ckan.cache.active', 'false') dataset = None # type: DatasetDcatApOp if active_cache == 'true': # get the ds from cache dataset_string = redis_cache.get_from_cache( name_or_id, pool=redis_cache.DATASET_POOL) if dataset_string: dataset = pickle.loads(dataset_string) log.info('Load dataset from cache: {0}'.format(name_or_id)) # dataset = DatasetDcatApOp(name_or_id,dataset_json) if not dataset or not dataset.schema: dataset = DatasetDcatApOp(name_or_id) graph_name = dataset.find_the_graph_in_ts() loaded = False if graph_name not in [ DCATAPOP_PRIVATE_GRAPH_NAME, DCATAPOP_PUBLIC_GRAPH_NAME ]: raise logic.NotFound('Package show: dataset {0} {1}'.format( name_or_id, _('ecodp.dcat.dataset.not_found'))) if graph_name == DCATAPOP_PUBLIC_GRAPH_NAME: dataset.set_state_as_public() loaded = dataset.get_description_from_ts() elif graph_name == DCATAPOP_PRIVATE_GRAPH_NAME and ( context.get('auth_user_obj', None) or context.get('ignore_auth', False) == True): dataset.set_state_as_private() active_cache = 'false' loaded = dataset.get_description_from_ts() if loaded: log.info('Load dataset from ts: {0}'.format(name_or_id)) else: log.info('Load dataset from ts failed: {0}'.format(name_or_id)) raise logic.NotFound('Package show: dataset {0} {1}'.format( name_or_id, _('ecodp.dcat.dataset.not_found'))) if active_cache == 'true' and loaded: redis_cache.set_value_no_ttl_in_cache(name_or_id, pickle.dumps(dataset)) if not dataset.schema and not loaded: raise logic.NotFound('Package show: dataset {0} {1}'.format( name_or_id, _('ecodp.dcat.dataset.not_found'))) context['package'] = dataset permission = _check_access('package_show', context, data_dict) if not permission: raise logic.NotAuthorized() if context.get('internal'): log.info('Package show internal took {0} sec'.format(time.time() - start)) context['package'] = dataset return dataset output_format = data_dict.get('output_format', u'standard') if output_format not in [u'standard', u'rdf', u'json']: output_format = u'standard' package_dict = {} if not output_format == u'json': package_dict['rdf'] = dataset.get_dataset_as_rdfxml() if not output_format == u'rdf': package_dict['dataset'] = dataset.schema.schema_dictaze() if not output_format == u'rdf': package_dict[ 'catalog_record'] = {} if not dataset.schema_catalog_record else dataset.schema_catalog_record.schema_dictaze( ) if output_format == u'standard': package_dict['capacity'] = dataset.privacy_state if context.get('for_view'): try: locale = tk.request.environ['CKAN_LANG'] except Exception: locale = config.get('ckan.locale_default', 'en') package_dict = ui_util.transform_dcat_schema_to_ui_schema( dataset, locale) # package_dict.update(ui_dict) for item in plugins.PluginImplementations(plugins.IPackageController): log.debug('Loaded plugin: {0}'.format(item.__class__.__name__)) package_dict = item.before_view(package_dict) for key, resource_dict in package_dict.get('distribution_dcat', {}).items(): resource_dict['id'] = resource_dict['uri'].split('/')[-1] for item in plugins.PluginImplementations( plugins.IResourceController): log.debug('Loaded plugin: {0}'.format(item.__class__.__name__)) resource_dict = item.before_show(resource_dict) # for item in plugins.PluginImplementations(plugins.IPackageController): # item.after_show(context, package_dict) log.info('Package show took {0} sec'.format(time.time() - start)) return package_dict
def prevent_access(self): raise l.NotAuthorized('Access denied: This action cannot be used')