def get_allowable_parent_groups(group_id):
deposit = get_data_deposit()
if group_id:
groups = hierarchy_helpers.get_allowable_parent_groups(group_id)
else:
groups = model.Group.all(group_type='data-container')
org_list_func = toolkit.get_action('organization_list_for_user')
user_admins = org_list_func({'ignore_auth': True}, {
'id': toolkit.c.userobj.id,
'permission': 'admin'
})
user_admins_names = [org['name'] for org in user_admins]
allowed_groups = []
for group in groups:
if group.name == deposit.get('name'):
continue
if group.name not in user_admins_names:
continue
allowed_groups.append(group)
return allowed_groups
def get_allowable_parent_groups(self, group_id):
role_cascading_enabled = config.get(
'ckan.auth.roles_that_cascade_to_sub_groups', False)
# Default behaviour
allowable_parent_groups = helpers.get_allowable_parent_groups(group_id)
user = p.toolkit.c.user
# No restrictions for `sysadmin` users
if authz.is_sysadmin(user) or role_cascading_enabled:
return allowable_parent_groups
# Get the users organisations
organization_list_for_user = \
p.toolkit.get_action('organization_list_for_user')({'user': user}, {'permission': None})
# Get the org/group name for those
user_allowed_orgs = [org['name'] for org in organization_list_for_user]
if group_id:
group = model.Group.get(group_id)
# Get the org/name of the parent group for this group
parent = group.get_parent_groups('organization')
if parent:
parent = parent.pop(0)
if parent and parent.name not in user_allowed_orgs:
user_allowed_orgs.append(parent.name)
# Loop through the original allowed parent groups list, only picking those also in the users organization
# list and the parent org (if managing an existing org)
return [
org for org in allowable_parent_groups
if org.name in user_allowed_orgs
]
def setup_template_variables(self, context, data_dict):
from pylons import tmpl_context as c
group_id = data_dict.get('id')
c.allowable_parent_groups = helpers.get_allowable_parent_groups(
group_id)
def setup_template_variables(self, context, data_dict):
group_id = data_dict.get('id')
c.allowable_parent_groups = \
helpers.get_allowable_parent_groups(group_id)
def get_allowable_parent_groups(group_id):
deposit = get_data_deposit()
groups = hierarchy_helpers.get_allowable_parent_groups(group_id)
groups = filter(lambda group: group.name != deposit.get('name'), groups)
return groups
def setup_template_variables(self, context, data_dict):
from pylons import tmpl_context as c
group_id = data_dict.get('id')
c.allowable_parent_groups = helpers.get_allowable_parent_groups(group_id)