def cadasta_api_action(context, data_dict):
# we actually always want to call check access
# development option that should be removed later
if toolkit.asbool(config.get('ckanext.cadasta.enforce_permissions',
True)):
toolkit.check_access(action, context, data_dict)
string_arguments = [a[1] for a in
string.Formatter().parse(cadasta_endpoint.url)
if a[1]]
cadasta_dict = {}
for k, v in data_dict.items():
cadasta_dict[k] = cadasta_endpoint.convert_argument(k, v)
error_dict = {}
endpoint = cadasta_endpoint.url
for arg in string_arguments:
if arg not in data_dict.keys() or not data_dict.get(arg):
error_dict[arg] = ['Missing value']
else:
arg_value = ''
if cadasta_endpoint.keep_param_key is True:
arg_value = cadasta_dict.get(arg, '')
else:
arg_value = cadasta_dict.pop(arg, '')
arg_value = re.sub('[^\-\.0-9a-zA-Z]+', '', str(arg_value))
endpoint_arg = ''.join(['{', arg, '}'])
endpoint = endpoint.replace(endpoint_arg, arg_value)
if error_dict:
raise toolkit.ValidationError(error_dict)
return cadasta_api_func(endpoint, cadasta_dict,
cadasta_endpoint.upload_fields)
def create(context, data_dict):
'''Create a PowerView.
By default, only sysadmins can create a PowerView. But the setting
`ckanext.powerview.allow_user_create` allows any logged in user to
create powerviews.
'''
allow_user_create = toolkit.asbool(
config.get('ckanext.powerview.allow_user_create', False))
if not allow_user_create:
return {'success': False}
user = context.get('user')
# Check resources
for res_id in data_dict.get('resources', []):
try:
toolkit.check_access('resource_show', context,
data_dict={'id': res_id})
except NotAuthorized:
return {
'success': False,
'msg': _('User {0} not authorized to read resource {1}'
.format(user, res_id))
}
return {'success': True}
def organization_delete(context, data_dict):
# authorize user for this call
toolkit.check_access('organization_delete', context, data_dict)
organization = toolkit.get_action('organization_show')(
context,
{'id': data_dict['id']}
)
try:
org_id = int(organization['id'])
except ValueError:
raise toolkit.ValidationError([
'ckan organization id is not an integer {0}'.format(
organization['id'])]
)
request_params = {
'cadasta_organization_id': org_id,
}
request_context = {
'session': context['session'],
'user': context['user'],
'model': context['model']
}
delete_cadasta_organization(request_context,request_params)
return _group_or_org_delete(context, data_dict, is_org=True)
def before_view(self, pkg_dict):
if not self.is_supported_package_type(pkg_dict):
return pkg_dict
# create resource views if necessary
user = tk.get_action('get_site_user')({'ignore_auth': True}, {})
context = {
'model': model,
'session': model.Session,
'user': user['name']
}
tk.check_access('package_create_default_resource_views', context)
# get the dataset via API, as the pkg_dict does not contain all fields
dataset = tk.get_action('package_show')(
context,
{'id': pkg_dict['id']}
)
# Make sure resource views are created before showing a dataset
tk.get_action('package_create_default_resource_views')(
context,
{'package': dataset}
)
return pkg_dict
def cadasta_get_organization(context, data_dict):
'''Make api call to cadasta api show relationship
Fetch one, or all cadast api organizations, you must be a sysadmin to
perform this request
:param id: optional, if not provided, fetch all organizations.
:type id: int
:param sort_by: optional (ASC or DESC)
:type sort_by: str
:param sort_dir: optional (ASC or DESC)
:type sort_dir: str
:param limit: number of records to return (optional)
:type limit: int
:param returnGeometry: whether to return geometry (optional,
default: false)
:type returnGeometry: boolean
:rtype: dict
'''
toolkit.check_access('sysadmin', context, data_dict)
organization_id = data_dict.get('id')
if organization_id:
return cadasta_get_api('organizations/{0}'.format(organization_id),
data_dict)
else:
return cadasta_get_api('organizations', data_dict)
def project_package_list(context, data_dict):
'''List packages associated with a project.
:param project_id: id or name of the project
:type project_id: string
:rtype: list of dictionaries
'''
toolkit.check_access('ckanext_project_package_list', context, data_dict)
# validate the incoming data_dict
validated_data_dict, errors = validate(data_dict,
project_package_list_schema(),
context)
if errors:
raise toolkit.ValidationError(errors)
# get a list of package ids associated with project id
pkg_id_list = projectPackageAssociation.get_package_ids_for_project(
validated_data_dict['project_id'])
pkg_list = []
if pkg_id_list is not None:
# for each package id, get the package dict and append to list if
# active
for pkg_id in pkg_id_list:
pkg = toolkit.get_action('package_show')(context, {'id': pkg_id})
if pkg['state'] == 'active':
pkg_list.append(pkg)
return pkg_list
def after_search(self, search_results, search_params):
for result in search_results['results']:
# Extra fields should not be returned
# The original list cannot be modified
attrs = list(HIDDEN_FIELDS)
# Additionally, resources should not be included if the user is not allowed
# to show the resource
context = {
'model': model,
'session': model.Session,
'user': tk.c.user,
'user_obj': tk.c.userobj
}
try:
tk.check_access('package_show', context, result)
except tk.NotAuthorized:
# NotAuthorized exception is risen when the user is not allowed
# to read the package.
attrs.append('resources')
# Delete
self._delete_pkg_atts(result, attrs)
return search_results
def __before__(self, action, **params):
super(InventoryManageController, self).__before__(action, **params)
context = {'user': c.user, 'auth_user_obj': c.userobj}
try:
check_access('user_show', context, {})
except NotAuthorized:
abort(401, 'You need to have an account.')
def resource_format_autocomplete(self):
'''Return list of resource formats whose names contain a string
Note: Maybe, should be changed to match only at the beginning?
'''
q = request.params.get('incomplete', '')
q = str(q).lower()
limit = request.params.get('limit', 12)
context = { 'model': model, 'session': model.Session }
data_dict = { 'q': q, 'limit': limit }
toolkit.check_access('site_read', context, data_dict)
# The result will be calculated as the merge of matches from 2 sources:
# * a static list of application-domain formats supplied at configuration time
# * a dynamic list of formats supplied for other resources: that's what CKAN's
# action `format_autocomplete` already does.
results = []
r1 = logic.get_action('format_autocomplete')(context, data_dict)
results.extend(({ 'name': t, 'text': t.upper() } for t in r1))
limit -= len(results)
r2 = ifilter(lambda t: (not t in r1) and (t.find(q) >= 0), resource_formats)
r2 = islice(r2, 0, limit)
results.extend(({ 'name': t, 'text': t.upper() } for t in r2))
result_set = { 'ResultSet': { 'Result': results } }
response.headers['Content-Type'] = content_types['json']
return [to_json(result_set)]
def project_admin_add(context, data_dict):
"""Add a user to the list of project admins.
:param username: name of the user to add to project user admin list
:type username: string
"""
toolkit.check_access("ckanext_project_admin_add", context, data_dict)
# validate the incoming data_dict
validated_data_dict, errors = validate(data_dict, project_admin_add_schema(), context)
username = toolkit.get_or_bust(validated_data_dict, "username")
try:
user_id = convert_user_name_or_id_to_id(username, context)
except toolkit.Invalid:
raise toolkit.ObjectNotFound
if errors:
raise toolkit.ValidationError(errors)
if projectAdmin.exists(user_id=user_id):
raise toolkit.ValidationError(
"projectAdmin with user_id '{0}' already exists.".format(user_id),
error_summary=u"User '{0}' is already a project Admin.".format(username),
)
# create project admin entry
return projectAdmin.create(user_id=user_id)
def project_package_association_create(context, data_dict):
"""Create an association between a project and a package.
:param project_id: id or name of the project to associate
:type project_id: string
:param package_id: id or name of the package to associate
:type package_id: string
"""
toolkit.check_access("ckanext_project_package_association_create", context, data_dict)
# validate the incoming data_dict
validated_data_dict, errors = validate(data_dict, project_package_association_create_schema(), context)
if errors:
raise toolkit.ValidationError(errors)
package_id, project_id = toolkit.get_or_bust(validated_data_dict, ["package_id", "project_id"])
if projectPackageAssociation.exists(package_id=package_id, project_id=project_id):
raise toolkit.ValidationError(
"projectPackageAssociation with package_id '{0}' and project_id '{1}' already exists.".format(
package_id, project_id
),
error_summary=u"The dataset, {0}, is already in the project".format(
convert_package_name_or_id_to_title_or_name(package_id, context)
),
)
# create the association
return projectPackageAssociation.create(package_id=package_id, project_id=project_id)
def authorize(self):
context = self._get_context()
try:
tk.check_access('oauth2provider_token_create', context)
except tk.NotAuthorized:
return tk.abort(401)
client_id = self._get_required_param('client_id')
response_type = tk.request.params.get('redirect_uri', 'code')
scopes = self._get_required_param('scope').split(' ')
redirect_uri = tk.request.params.get('redirect_uri', '')
state = tk.request.params.get('state', '')
if state:
session['oauth2provider_state'] = state
session.save()
client = Client.get(client_id=client_id)
data = {
'client_name': client.name,
'client_id': client.client_id,
'response_type': response_type,
'redirect_uri': redirect_uri,
'scopes': scopes,
}
vars = {'data': data, 'action': 'authorize'}
return tk.render('ckanext/oauth2provider/authorize.html',
extra_vars=vars)
def search_add(context, data_dict):
'''
Add an item to the search_history for the current user.
:param content: Search query to add to history
:type content: string
'''
try:
tk.check_access('ckanext_search_history_add', context, data_dict)
except tk.NotAuthorized:
#JOE#
#tk.abort(401, tk._('Not authorized to add history item'))
pass
if db.search_history_table is None:
db.init_db(context['model'])
content = tk.get_or_bust(data_dict, 'content')
username = context.get('user')
#JOE#
#user_id = new_authz.get_user_id_for_username(username, allow_none=False)
user_id = new_authz.get_user_id_for_username(username, allow_none=True)
search_history = db.SearchHistory()
search_history.content = content
search_history.user_id = user_id
session = context['session']
session.add(search_history)
session.commit()
return db.table_dictize(search_history, context)
def project_admin_list(context, data_dict):
'''
Return a list of dicts containing the id and name of all active project
admin users.
:rtype: list of dictionaries
'''
toolkit.check_access('ckanext_project_admin_list', context, data_dict)
model = context["model"]
user_ids = projectAdmin.get_project_admin_ids()
if user_ids:
q = model.Session.query(model.User) \
.filter(model.User.state == 'active') \
.filter(model.User.id.in_(user_ids))
project_admin_list = []
for user in q.all():
project_admin_list.append({'name': user.name, 'id': user.id})
return project_admin_list
return []
def update(context, data_dict):
'''Update a PowerView.
By default, only sysadmins can update PowerViews. But the setting
`ckanext.powerview.allow_user_create` allows any logged in user to
update powerviews they own.
'''
if not toolkit.asbool(config.get('ckanext.powerview.allow_user_create',
False)):
return {'success': False}
else:
user = context.get('user')
user_obj = model.User.get(user)
powerview = PowerView.get(id=data_dict['id'])
# Check resources
for res_id in data_dict.get('resources', []):
try:
toolkit.check_access('resource_show', context,
data_dict={'id': res_id})
except NotAuthorized:
return {
'success': False,
'msg': _('User {0} not authorized to read resource {1}'
.format(user, res_id))
}
if powerview and user and powerview.created_by == user_obj.id:
return {'success': True}
return {'success': False}
def get(context, data_dict):
"""Get the latest link check result data for a resource.
:param resource_id: the resource to return the result data for
:type resource_id: string
:returns: the latest link check data for the resource, or None if there are
no results for this resource
:rtype: dict or None
"""
toolkit.check_access("ckanext_deadoralive_get", context, data_dict)
# TODO: Validation.
resource_id = data_dict["resource_id"]
try:
result = results.get(resource_id)
except results.NoResultForResourceError:
return None
result["broken"] = _is_broken(result)
return result
def showcase_admin_add(context, data_dict):
'''Add a user to the list of showcase admins.
:param username: name of the user to add to showcase user admin list
:type username: string
'''
toolkit.check_access('ckanext_showcase_admin_add', context, data_dict)
# validate the incoming data_dict
validated_data_dict, errors = validate(
data_dict, showcase_admin_add_schema(), context)
username = toolkit.get_or_bust(validated_data_dict, 'username')
try:
user_id = convert_user_name_or_id_to_id(username, context)
except toolkit.Invalid:
raise toolkit.ObjectNotFound
if errors:
raise toolkit.ValidationError(errors)
if ShowcaseAdmin.exists(user_id=user_id):
raise toolkit.ValidationError("ShowcaseAdmin with user_id '{0}' already exists.".format(user_id),
error_summary=u"User '{0}' is already a Showcase Admin.".format(username))
# create showcase admin entry
return ShowcaseAdmin.create(user_id=user_id)
def new(self, data=None, errors=None, error_summary=None):
'''This is a modified version of the core user controller
We have removed the lines redirecting the user the logout page
if they are already logged in, this allows sysadmins to create
users as we have disabled user registration unless they are
sys admins'''
context = {'model': model, 'session': model.Session,
'user': toolkit.c.user or toolkit.c.author,
'auth_user_obj': toolkit.c.userobj,
'schema': self._new_form_to_db_schema(),
'save': 'save' in toolkit.request.params}
try:
toolkit.check_access('user_create', context)
except toolkit.NotAuthorized:
toolkit.abort(401, toolkit._('Unauthorized to create a user'))
if context['save'] and not data:
return self._save_new(context)
data = data or {}
errors = errors or {}
error_summary = error_summary or {}
vars = {'data': data, 'errors': errors, 'error_summary': error_summary}
toolkit.c.is_sysadmin = new_authz.is_sysadmin(toolkit.c.user)
toolkit.c.form = toolkit.render(self.new_user_form, extra_vars=vars)
return toolkit.render('user/new.html')
def review(self, id):
"""
sends review notification to all journal admins
"""
context = self._context()
try:
tk.check_access('package_update', context, {'id': id})
except tk.NotAuthorized:
tk.abort(403, 'Unauthorized')
c.pkg_dict = tk.get_action('package_show')(context, {'id': id})
# avoid multiple notifications (eg. when someone calls review directly)
if c.pkg_dict.get('dara_edawax_review', 'false') == 'true':
h.flash_error("Package has already been sent to review")
redirect(id)
user_name = tk.c.userobj.fullname or tk.c.userobj.email
admins = get_group_or_org_admin_ids(c.pkg_dict['owner_org'])
addresses = map(lambda admin_id: model.User.get(admin_id).email, admins)
note = n.review(addresses, user_name, id)
if note:
c.pkg_dict['dara_edawax_review'] = 'true'
tk.get_action('package_update')(context, c.pkg_dict)
h.flash_success('Notification to Editors sent.')
else:
h.flash_error('ERROR: Mail could not be sent. Please try again later or contact the site admin.')
redirect(id)
def harvest_source_update(context, data_dict):
'''
Authorization check for harvest source update
It forwards the checks to package_update, which will check for
organization membership, whether if sysadmin, etc according to the
instance configuration.
'''
model = context.get('model')
user = context.get('user')
source_id = data_dict['id']
pkg = model.Package.get(source_id)
if not pkg:
raise pt.ObjectNotFound(pt._('Harvest source not found'))
context['package'] = pkg
try:
pt.check_access('package_update', context, data_dict)
return {'success': True}
except pt.NotAuthorized:
msg = pt._('User {0} not authorized to update harvest source {1}')\
.format(user, source_id)
return {
'success': False,
'msg': msg}
def package_showcase_list(context, data_dict):
'''List showcases associated with a package.
:param package_id: id or name of the package
:type package_id: string
:rtype: list of dictionaries
'''
toolkit.check_access('ckanext_package_showcase_list', context, data_dict)
# validate the incoming data_dict
validated_data_dict, errors = validate(data_dict,
package_showcase_list_schema(),
context)
if errors:
raise toolkit.ValidationError(errors)
# get a list of showcase ids associated with the package id
showcase_id_list = ShowcasePackageAssociation.get_showcase_ids_for_package(
validated_data_dict['package_id'])
showcase_list = []
if showcase_id_list is not None:
for showcase_id in showcase_id_list:
try:
showcase = toolkit.get_action('package_show')(context,
{'id': showcase_id})
showcase_list.append(showcase)
except NotAuthorized:
pass
return showcase_list
def cadasta_api_action(context, data_dict):
# we actually always want to call check access
# development option that should be removed later
if toolkit.asbool(config.get('ckanext.cadasta.enforce_permissions',
True)):
toolkit.check_access(action, context, data_dict)
string_arguments = [a[1] for a in
string.Formatter().parse(cadasta_endpoint.url)
if a[1]]
cadasta_dict = {}
for k, v in data_dict.items():
cadasta_dict[k] = cadasta_endpoint.convert_argument(k, v)
error_dict = {}
for arg in string_arguments:
if arg not in data_dict.keys():
error_dict[arg] = ['Missing value']
cadasta_dict.pop(arg, None)
if error_dict:
raise toolkit.ValidationError(error_dict)
endpoint = cadasta_endpoint.url.format(**data_dict)
return cadasta_api_func(endpoint, cadasta_dict,
cadasta_endpoint.upload_fields)
def broken_links_by_organization(context, data_dict):
"""Return a datasets with broken links grouped by organization report.
Returns a list of all the resources with broken links on the site, grouped
by dataset, with the datasets grouped by organization, and sorted with
organizations and datasets with the most broken resources first.
Sample output::
[
{ "name": "organization-name",
"num_broken_links": 999,
"datasets_with_broken_links": [
{ "name": "dataset name",
"num_broken_links": 9,
"resources_with_broken_links": [
{ "id": 'resource_id", }
...
]
},
...
},
...
]
"""
toolkit.check_access("ckanext_deadoralive_broken_links_by_organization",
context, data_dict)
organization_list = toolkit.get_action("organization_list")
return _broken_links_by_organization(
context, organization_list, results.all, _package_search)
def showcase_admin_remove(context, data_dict):
'''Remove a user to the list of showcase admins.
:param username: name of the user to remove from showcase user admin list
:type username: string
'''
model = context['model']
toolkit.check_access('ckanext_showcase_admin_remove', context, data_dict)
# validate the incoming data_dict
validated_data_dict, errors = validate(data_dict,
showcase_admin_remove_schema(),
context)
if errors:
raise toolkit.ValidationError(errors)
username = toolkit.get_or_bust(validated_data_dict, 'username')
user_id = convert_user_name_or_id_to_id(username, context)
showcase_admin_to_remove = ShowcaseAdmin.get(user_id=user_id)
if showcase_admin_to_remove is None:
raise toolkit.ObjectNotFound("ShowcaseAdmin with user_id '{0}' doesn't exist.".format(user_id))
showcase_admin_to_remove.delete()
model.repo.commit()
def showcase_package_association_create(context, data_dict):
'''Create an association between a showcase and a package.
:param showcase_id: id or name of the showcase to associate
:type showcase_id: string
:param package_id: id or name of the package to associate
:type package_id: string
'''
toolkit.check_access('ckanext_showcase_package_association_create',
context, data_dict)
# validate the incoming data_dict
validated_data_dict, errors = validate(
data_dict, showcase_package_association_create_schema(), context)
if errors:
raise toolkit.ValidationError(errors)
package_id, showcase_id = toolkit.get_or_bust(validated_data_dict,
['package_id',
'showcase_id'])
if ShowcasePackageAssociation.exists(package_id=package_id,
showcase_id=showcase_id):
raise toolkit.ValidationError("ShowcasePackageAssociation with package_id '{0}' and showcase_id '{1}' already exists.".format(package_id, showcase_id),
error_summary=u"The dataset, {0}, is already in the showcase".format(convert_package_name_or_id_to_title_or_name(package_id, context)))
# create the association
return ShowcasePackageAssociation.create(package_id=package_id,
showcase_id=showcase_id)
def admin(self):
# Redirect to /news if not authorized:
try:
context = {'user': c.user}
toolkit.check_access('blog_admin', context)
except toolkit.NotAuthorized:
h.redirect_to('/news')
c.title = ''
c.content = ''
if request.method == 'POST':
try:
title, content = _validate_blog_post(request.POST)
except ValidationError as err:
return toolkit.render('blog/admin.html',
extra_vars={'data_dict': request.POST,
'error': err.args})
# We assume nothing will go wrong here, since the data has been
# validated.
from ckanext.sweden.blog.model.post import Post
newPost = Post(title, content, c.userobj.id)
model.Session.add(newPost)
model.Session.commit()
flash_notice(toolkit._("Your blog post has been saved!"))
controller = 'ckanext.sweden.blog.controllers.blog:BlogController'
h.redirect_to(controller=controller, action='admin_index')
return toolkit.render('blog/admin.html',
extra_vars={'data_dict': {}, 'error': ''})
def showcase_package_association_delete(context, data_dict):
'''Delete an association between a showcase and a package.
:param showcase_id: id or name of the showcase in the association
:type showcase_id: string
:param package_id: id or name of the package in the association
:type package_id: string
'''
model = context['model']
toolkit.check_access('ckanext_showcase_package_association_delete',
context, data_dict)
# validate the incoming data_dict
validated_data_dict, errors = validate(
data_dict, showcase_package_association_delete_schema(), context)
if errors:
raise toolkit.ValidationError(errors)
package_id, showcase_id = toolkit.get_or_bust(validated_data_dict,
['package_id',
'showcase_id'])
showcase_package_association = ShowcasePackageAssociation.get(
package_id=package_id, showcase_id=showcase_id)
if showcase_package_association is None:
raise toolkit.ObjectNotFound("ShowcasePackageAssociation with package_id '{0}' and showcase_id '{1}' doesn't exist.".format(package_id, showcase_id))
# delete the association
showcase_package_association.delete()
model.repo.commit()
def group_list_authz(context, data_dict):
"""Return the list of groups that the user is authorized to edit. Replaces
the core authz method of the same name."""
user = context["user"]
model = context["model"]
user_id = authz.get_user_id_for_username(user, allow_none=True)
toolkit.check_access("group_list_authz", context, data_dict)
if GroupAdmin.is_user_group_admin(model.Session, user_id):
q = (
model.Session.query(model.Group)
.filter(model.Group.is_organization == False)
.filter(model.Group.state == "active")
)
groups = q.all()
group_list = model_dictize.group_list_dictize(groups, context)
return group_list
else:
# defer to core method
return core_group_list_authz(context, data_dict)
def export(self):
context = {'model': model, 'user': toolkit.c.user,
'auth_user_obj': toolkit.c.userobj}
try:
toolkit.check_access('export_csv', context, {})
except toolkit.NotAuthorized:
toolkit.abort(401, toolkit._(
'Need to be organization administrator to export as CSV')
)
columns = os.path.join(this_directory(), "columns.json")
csv_table = export(columns)
# export() returns user IDs not user names in the "Uploaded By" column
# because that's all the dataset dicts that package_search() returns
# contain. Convert these IDs to user names ourselves.
convert_user_ids_to_user_names(csv_table)
csv_string = convert_csv_table_to_csv_string(csv_table)
toolkit.response.headers["Content-type"] = "text/csv"
toolkit.response.headers["Content-disposition"] = (
"attachment; filename=export.csv")
return csv_string
def package_project_list(context, data_dict):
'''List projects associated with a package.
:param package_id: id or name of the package
:type package_id: string
:rtype: list of dictionaries
'''
toolkit.check_access('ckanext_package_project_list', context, data_dict)
# validate the incoming data_dict
validated_data_dict, errors = validate(data_dict,
package_project_list_schema(),
context)
if errors:
raise toolkit.ValidationError(errors)
# get a list of project ids associated with the package id
project_id_list = projectPackageAssociation.get_project_ids_for_package(
validated_data_dict['package_id'])
project_list = []
if project_id_list is not None:
for project_id in project_id_list:
project = toolkit.get_action('package_show')(context, {
'id': project_id
})
project_list.append(project)
return project_list
def resource_version_create(context, data_dict):
"""Create a new version from the current dataset's revision
Currently you must have editor level access on the dataset
to create a version.
:param resource_id: the id of the resource
:type resource_id: string
:param name: A short name for the version
:type name: string
:param notes: A description for the version
:type notes: string
:returns: the newly created version
:rtype: dictionary
"""
toolkit.check_access('version_create', context, data_dict)
assert context.get('auth_user_obj') # Should be here after `check_access`
model = context.get('model', core_model)
resource_id, name = toolkit.get_or_bust(data_dict, ['resource_id', 'name'])
resource = model.Resource.get(resource_id)
if not resource:
raise toolkit.ObjectNotFound('Resource not found')
activity = model.Session.query(model.Activity). \
filter_by(object_id=resource.package_id). \
order_by(model.Activity.timestamp.desc()).\
first()
version = Version(package_id=resource.package_id,
resource_id=data_dict['resource_id'],
activity_id=activity.id,
name=data_dict.get('name', None),
notes=data_dict.get('notes', None),
created=datetime.utcnow(),
creator_user_id=context['auth_user_obj'].id)
model.Session.add(version)
try:
model.Session.commit()
except IntegrityError as e:
# Name not unique, or foreign key constraint violated
model.Session.rollback()
log.debug("DB integrity error (version name not unique?): %s", e)
raise toolkit.ValidationError(
'Version names must be unique per resource')
log.info('Version "%s" created for resource %s', data_dict['name'],
data_dict['resource_id'])
return version.as_dict()
def comment_show(context, data_dict):
tk.check_access("comments_comment_show", context, data_dict)
comment = (
context['session'].query(Comment)
.filter(Comment.id == data_dict["id"])
.one_or_none()
)
if comment is None:
raise tk.ObjectNotFound("Comment not found")
comment_dict = get_dictizer(type(comment))(comment, context)
return comment_dict
def volunteering_show(context, data_dict):
'''Show a Volunteering Opportunity'''
toolkit.check_access('ckanext_lacounts_volunteering_show', context,
data_dict)
volunteering = VolunteeringOpportunity.get(id=data_dict['id'])
if volunteering is None:
raise toolkit.ObjectNotFound
return volunteering.as_dict()
def metadata_standard_index_delete(context, data_dict):
"""
Placeholder function for deleting a metadata search index.
May be implemented as required by another plugin.
You must be authorized to delete a search index.
:param id: the id or name of the metadata standard
:type id: string
"""
tk.check_access('metadata_standard_index_delete', context, data_dict)
def _check_auth(self):
if not hasattr(toolkit.c, "user") or not toolkit.c.user:
return toolkit.abort(403, "Forbidden")
context = self._get_context()
try:
toolkit.check_access('package_create', context)
except toolkit.NotAuthorized:
return toolkit.abort(401,
toolkit._('Unauthorized to create a package'))
def volunteering_delete(context, data_dict):
'''Delete a Volunteering Opportunity'''
toolkit.check_access('ckanext_lacounts_volunteering_delete', context,
data_dict)
volunteering = VolunteeringOpportunity.get(id=data_dict['id'])
if volunteering is None:
raise toolkit.ObjectNotFound
volunteering.delete()
def get_harvest_source_ids_for_user(context, harvest_source_ids):
"""check for which harvest source the current user has admin rights"""
harvest_source_ids_for_user = []
for source_id in harvest_source_ids:
try:
tk.check_access('harvest_source_update', context,
{'id': source_id})
harvest_source_ids_for_user.append(source_id)
except tk.NotAuthorized:
pass
return harvest_source_ids_for_user
def ckan_auth_check(permission, data_dict=None, context=None):
# type: (str, Dict[str, Any], OptionalCkanContext) -> bool
"""Wrapper for CKAN permission check
"""
if context is None:
context = get_user_context()
try:
toolkit.check_access(permission, context=context, data_dict=data_dict)
except (toolkit.NotAuthorized, toolkit.ObjectNotFound):
return False
return True
def showcase_show(context, data_dict):
'''Return the pkg_dict for a showcase (package).
:param id: the id or name of the showcase
:type id: string
'''
toolkit.check_access('ckanext_showcase_show', context, data_dict)
pkg_dict = toolkit.get_action('package_show')(context, data_dict)
return pkg_dict
def agent_update(context, data_dict):
'''
Action for updating an :class:`~ckanext.attribution.model.agent.Agent` record. Different
fields are required by different agent types.
:param id: ID of the record to update
:type id: str
:param agent_type: broad type of agent; usually 'person' or 'org'
:type agent_type: str, optional
:param family_name: family name of an person [person only]
:type family_name: str, optional
:param given_names: given name(s) or initials of an person [person only]
:type given_names: str, optional
:param given_names_first: whether given names should be displayed before the family name
(default True) [person only]
:type given_names_first: bool, optional
:param user_id: the ID for a registered user of this CKAN instance associated with this agent
[person only]
:type user_id: str, optional
:param name: name of an organisation [org only]
:type name: str, optional
:param context:
:param data_dict:
:returns: The updated agent record.
:rtype: dict
'''
toolkit.check_access('agent_update', context, data_dict)
try:
item_id = data_dict.get('id')
except KeyError:
raise toolkit.ValidationError('Record ID must be provided.')
current_record = AgentQuery.read(item_id)
old_citation_name = current_record.citation_name
if 'agent_type' not in data_dict:
agent_type = current_record.agent_type
else:
agent_type = data_dict.get('agent_type')
data_dict['agent_type'] = agent_type
data_dict = AgentQuery.validate(data_dict)
new_agent = AgentQuery.update(item_id, **data_dict)
if new_agent.citation_name != old_citation_name:
# if the name has been updated, the author strings need to be updated everywhere else too
agent_id_column = AgentContributionActivityQuery.m.agent_id
contrib_activities = AgentContributionActivityQuery.search(agent_id_column == item_id)
packages = list(set([c.contribution_activity.package.id for c in contrib_activities]))
for p in packages:
author_string = get_author_string(package_id=p)
toolkit.get_action('package_revise')({}, {'match': {'id': p},
'update': {'author': author_string}})
if new_agent is None:
raise toolkit.ValidationError('Unable to update agent. Check the fields are valid.')
return new_agent.as_dict()
def _raise_not_authz_or_not_pending(container_id):
# check auth with toolkit.check_access
toolkit.check_access('sysadmin', {'model': model})
# check org exists and it's pending with organization_show
org_dict = toolkit.get_action('organization_show')({}, {
'id': container_id
})
if org_dict.get('state') != 'approval_needed':
raise toolkit.ObjectNotFound(
'Data container "{}" not found'.format(container_id))
def dcat_dataset_show(context, data_dict):
toolkit.check_access('dcat_dataset_show', context, data_dict)
dataset_dict = toolkit.get_action('package_show')(context, data_dict)
serializer = RDFSerializer(profiles=data_dict.get('profiles'))
output = serializer.serialize_dataset(dataset_dict,
_format=data_dict.get('format'))
return output
def _get_can_edit(context, dataset_dict):
# Can the tags be edited?
try:
toolkit.check_access(
u'dataontosearch_tag_create', context, {
u'dataset': dataset_dict[u'id'],
u'concept': u'http://example.com/rdf#Example',
})
return True
except toolkit.NotAuthorized:
logger.debug(u'User cannot edit concepts')
return False
def cadasta_admin_list(context, data_dict):
'''Show the list of admins that can administer all organizations
You must be a sysadmin to make this api call
:rtype: list of user ids
'''
toolkit.check_access('sysadmin', context, data_dict)
session = context['session']
user_ids = CadastaAdmin.get_cadasta_admin_ids(session)
return [toolkit.get_action('user_show')(data_dict={'id': user_id})
for user_id in user_ids]
def cadasta_show_parcel_detail(context, data_dict):
'''Make api call to cadasta api parcel show detail
:param id: the id of the parcel
:type id: str
:rtype: dict
'''
parcel_id = data_dict.get('id')
toolkit.check_access('cadasta_show_parcel', context, data_dict)
data_dict.pop('id', '')
return cadasta_get_api('parcels/{0}/details'.format(parcel_id), data_dict)
def check_editor_access(orgs):
allowed_orgs = 0
for org in orgs:
try:
check_access("package_create", context(), {"owner_org": org})
allowed_orgs += 1
except NotAuthorized:
pass
if allowed_orgs > 0:
return True
else:
raise NotAuthorized()
def infrastructure_create(context, data_dict):
"""
Create a group of type 'infrastructure'.
You must be authorized to create infrastructures.
:param name: the name of the infrastructure; must conform to group naming rules
:type name: string
:param title: the title of the infrastructure (optional)
:type title: string
:param description: the description of the infrastructure (optional)
:type description: string
:param users: the users associated with the infrastructure (optional); a list of dictionaries
each with key ``'name'`` (string, the id or name of the user) and optionally ``'capacity'``
(string, the capacity in which the user is a member of the infrastructure)
:type users: list of dictionaries
:returns: the newly created infrastructure (unless 'return_id_only' is set to True
in the context, in which case just the infrastructure id will be returned)
:rtype: dictionary
"""
log.info("Creating infrastructure: %r", data_dict)
tk.check_access('infrastructure_create', context, data_dict)
model = context['model']
defer_commit = context.get('defer_commit', False)
return_id_only = context.get('return_id_only', False)
data_dict.update({
'type': 'infrastructure',
'is_organization': False,
})
internal_context = context.copy()
internal_context.update({
'schema': schema.infrastructure_create_schema(),
'invoked_action': 'infrastructure_create',
'defer_commit': True,
'return_id_only': True,
'ignore_auth': True,
})
# defer_commit does not actually work due to a bug in _group_or_org_create (in ckan.logic.action.create)
# - addition of the creating user as a member is done (committed) without consideration for defer_commit
# - but it does not make much difference to us here
infrastructure_id = tk.get_action('group_create')(internal_context,
data_dict)
if not defer_commit:
model.repo.commit()
output = infrastructure_id if return_id_only \
else tk.get_action('infrastructure_show')(internal_context, {'id': infrastructure_id})
return output
def membership_add():
form_data = _parse_form(toolkit.request.form)
context = {'model': model, 'user': toolkit.c.user}
username = form_data.get('username')
contnames = form_data.get('contnames')
if type(contnames) != list:
contnames = [contnames]
role = form_data.get('role')
# Check access
try:
toolkit.check_access('sysadmin', context)
except toolkit.NotAuthorized:
message = 'Not authorized to add membership'
return toolkit.abort(403, message)
# Add membership
containers = []
for contname in contnames:
try:
container = toolkit.get_action('organization_show')(context, {
'id': contname
})
data_dict = {
'id': contname,
'username': username,
'role': role,
'not_notify': True
}
toolkit.get_action('organization_member_create')(context,
data_dict)
containers.append(container)
except (toolkit.ObjectNotFound, toolkit.ValidationError):
message = 'User "%s" NOT added to the following data container: "%s"'
toolkit.h.flash_error(message % (username, contname))
# Notify by flash
titles = ['"%s"' % cont.get('title', cont['name']) for cont in containers]
message = 'User "%s" added to the following data containers: %s'
toolkit.h.flash_success(message % (username, ', '.join(titles)))
# Notify by email
user = toolkit.get_action('user_show')(context, {'id': username})
subj = mailer.compose_membership_email_subj(
{'title': 'multiple containers'})
body = mailer.compose_membership_email_body(containers, user,
'create_multiple')
mailer.mail_user_by_id(username, subj, body)
# Redirect
return toolkit.redirect_to('unhcr_data_container.membership',
username=username)
def metadata_json_attr_map_create(context, data_dict):
"""
Create a one-to-one mapping from a metadata JSON element to a metadata record attribute.
When a metadata record is created or updated, metadata JSON values are copied into
metadata record attributes for each such defined mapping.
:param json_path: JSON pointer to a location in a metadata record dictionary
:type json_path: string
:param record_attr: the name of an attribute in the metadata record schema
:type record_attr: string
:param is_key: no longer used
:type is_key: boolean
:param metadata_standard_id: the id or name of the metadata standard for which this mapping is defined
:type metadata_standard_id: string
:returns: the newly created MetadataJSONAttrMap object
:rtype: dictionary
"""
log.info("Creating metadata JSON attribute mapping: %r", data_dict)
tk.check_access('metadata_json_attr_map_create', context, data_dict)
model = context['model']
user = context['user']
session = context['session']
defer_commit = context.get('defer_commit', False)
return_id_only = context.get('return_id_only', False)
data_dict['is_key'] = False
data, errors = tk.navl_validate(
data_dict, schema.metadata_json_attr_map_create_schema(), context)
if errors:
session.rollback()
raise tk.ValidationError(errors)
metadata_json_attr_map = model_save.metadata_json_attr_map_dict_save(
data, context)
rev = model.repo.new_revision()
rev.author = user
if 'message' in context:
rev.message = context['message']
else:
rev.message = _(u'REST API: Create metadata JSON attribute mapping %s'
) % metadata_json_attr_map.id
if not defer_commit:
model.repo.commit()
output = metadata_json_attr_map.id if return_id_only \
else tk.get_action('metadata_json_attr_map_show')(context, {'id': metadata_json_attr_map.id})
return output
def inventory_entry_list_for_user(context, data_dict):
# TODO @palcu: DRY the code below from organization_list_for_user
model = context['model']
user = context['user']
check_access('organization_list_for_user', context, data_dict)
sysadmin = authz.is_sysadmin(user)
orgs_q = model.Session.query(InventoryEntry).join(model.Group) \
.filter(model.Group.is_organization == True) \
.filter(model.Group.state == 'active')
if not sysadmin:
# for non-Sysadmins check they have the required permission
# NB 'edit_group' doesn't exist so by default this action returns just
# orgs with admin role
permission = data_dict.get('permission', 'edit_group')
roles = authz.get_roles_with_permission(permission)
if not roles:
return []
user_id = authz.get_user_id_for_username(user, allow_none=True)
if not user_id:
return []
q = model.Session.query(model.Member, model.Group) \
.filter(model.Member.table_name == 'user') \
.filter(model.Member.capacity.in_(roles)) \
.filter(model.Member.table_id == user_id) \
.filter(model.Member.state == 'active') \
.join(model.Group)
group_ids = set()
roles_that_cascade = \
authz.check_config_permission('roles_that_cascade_to_sub_groups')
for member, group in q.all():
if member.capacity in roles_that_cascade:
group_ids |= set([
grp_tuple[0]
for grp_tuple in group.get_children_group_hierarchy(
type='organization')
])
group_ids.add(group.id)
if not group_ids:
return []
orgs_q = orgs_q.filter(model.Group.id.in_(group_ids))
return [table_dictize(obj, context) for obj in orgs_q.all()]
def agent_affiliation_delete(context, data_dict):
'''
Delete an :class:`~ckanext.attribution.model.agent_affiliation.AgentAffiliation` record by ID.
:param id: ID of the affiliation record
:type id: str
:returns: The affiliation record.
:rtype: dict
'''
toolkit.check_access('agent_affiliation_delete', context, data_dict)
item_id = toolkit.get_or_bust(data_dict, 'id')
return AgentAffiliationQuery.delete(item_id)
def admin_view(id):
try:
context = {'model': model, 'user': tk.c.user}
tk.check_access('harvest_source_update', context, {'id': id})
harvest_source = tk.get_action('harvest_source_show')(context, {
'id': id
})
return tk.render('source/admin.html',
extra_vars={'harvest_source': harvest_source})
except tk.ObjectNotFound:
return tk.abort(404, _('Harvest source not found'))
except tk.NotAuthorized:
return tk.abort(401, _not_auth_message())
def _get_context_controller(self):
context = {
'model': model,
'session': model.Session,
'user': toolkit.c.user or toolkit.c.author
}
try:
toolkit.check_access('member_create', context, {})
except toolkit.NotAuthorized:
toolkit.abort(401, toolkit._('User not authorized to manage page'))
controller = 'ckanext.ab_security.controllers:SecurityClassificationController'
return context, controller
def thread_delete(context, data_dict):
tk.check_access("comments_thread_delete", context, data_dict)
thread = (
context['session'].query(Thread)
.filter(Thread.id == data_dict["id"])
.one_or_none()
)
if thread is None:
raise tk.ObjectNotFound("Thread not found")
context['session'].delete(thread)
context['session'].commit()
thread_dict = get_dictizer(type(thread))(thread, context)
return thread_dict
def agent_show(context, data_dict):
'''
Retrieve an :class:`~ckanext.attribution.model.agent.Agent` record by ID.
:param id: ID of the agent record
:type id: str
:returns: The agent record.
:rtype: dict
'''
toolkit.check_access('agent_show', context, data_dict)
item_id = toolkit.get_or_bust(data_dict, 'id')
return AgentQuery.read(item_id).as_dict()
def datasets(username):
'''
Render a list of datasets that this user has contributed to.
:param username: The username
:return: str
'''
try:
toolkit.check_access('user_show', {}, {'id': username})
except toolkit.NotAuthorized:
toolkit.abort(403, toolkit._('Not authorized to see this page'))
user = toolkit.get_action('user_show')({'for_view': True}, {'id': username, 'include_num_followers': True})
return toolkit.render('user/contributions.html', extra_vars=dict(contributions=user_contributions(user['id']), user_dict=user))
def iaest_dataset_show(context, data_dict):
log.debug('Entrando en iaest_dataset_show')
toolkit.check_access('iaest_dataset_show', context, data_dict)
dataset_dict = toolkit.get_action('package_show')(context, data_dict)
serializer = RDFSerializer()
output = serializer.serialize_dataset(dataset_dict,
_format=data_dict.get('format'))
return output
def resource_stats_show(context, data_dict):
tk.check_access("googleanalytics_resource_stats_show", context, data_dict)
rec = (
context["session"]
.query(ResourceStats)
.filter(ResourceStats.resource_id == data_dict["id"])
.one_or_none()
)
if not rec:
raise tk.ObjectNotFound()
return rec.for_json(context)
def config(self):
#在「/ckan-admin/dsp-integrate」頁面render之前,先確認使用者是否為sysadmin。
context = {'model': c.model,
'user': c.user, 'auth_user_obj': c.userobj}
try:
toolkit.check_access('sysadmin', context, {})
except toolkit.NotAuthorized:
toolkit.abort(401, _('Need to be system administrator to administer') )
c.revision_change_state_allowed = True
return toolkit.render('admin/sync.html')
def get(self, id):
context = {u'model': model, u'user': toolkit.c.user}
data_dict = {'id': id}
try:
toolkit.check_access(u'package_collaborator_list', context,
data_dict)
pkg_dict = toolkit.get_action('package_show')(context, data_dict)
except toolkit.NotAuthorized:
message = u'Unauthorized to read collaborators {0}'.format(id)
return toolkit.abort(401, toolkit._(message))
except toolkit.ObjectNotFound as e:
return toolkit.abort(404, toolkit._(u'Resource not found'))
org_id = toolkit.request.params.get(u'org_id')
extra_vars = {
'capacities': [
{
'name': 'editor',
'value': 'editor'
},
{
'name': 'member',
'value': 'member'
},
],
'capacity':
'member',
'pkg_dict':
pkg_dict
}
if org_id:
org_dict = toolkit.get_action('organization_show')(context, {
'id': org_id
})
extra_vars['org_id'] = org_id
extra_vars['org_name'] = org_dict.get('title')
collaborators = toolkit.get_action(
'package_collaborator_org_list')(context, data_dict)
for c in collaborators:
if c['org_id'] == org_id:
extra_vars['capacity'] = c['capacity']
return toolkit.render(
'package/collaborators/collaborator_org_new.html', extra_vars)
