def package_update(context, data_dict):
user = context.get('user')
package = logic_auth.get_package_object(context, data_dict)
if package.owner_org:
# if there is an owner org then we must have update_dataset
# premission for that organization
check1 = new_authz.has_user_permission_for_group_or_org(
package.owner_org, user, 'update_dataset'
)
else:
# If dataset is not owned then we can edit if config permissions allow
if not new_authz.auth_is_anon_user(context):
check1 = new_authz.check_config_permission(
'create_dataset_if_not_in_organization')
else:
check1 = new_authz.check_config_permission('anon_create_dataset')
if not check1:
return {'success': False,
'msg': _('User %s not authorized to edit package %s') %
(str(user), package.id)}
else:
check2 = _check_group_auth(context, data_dict)
if not check2:
return {'success': False,
'msg': _('User %s not authorized to edit these groups') %
(str(user))}
return {'success': True}
def package_create(context, data_dict=None):
import ckan.new_authz as new_authz
from ckan.logic.auth.create import _check_group_auth
user = context['user']
if new_authz.auth_is_anon_user(context):
check1 = new_authz.check_config_permission('anon_create_dataset')
else:
# CKAN default options that grant any user rights to create datasets removed here.
check1 = new_authz.has_user_permission_for_some_org(user, 'create_dataset')
if not check1:
return {'success': False, 'msg': _('User %s not authorized to create packages') % user}
check2 = _check_group_auth(context,data_dict)
if not check2:
return {'success': False, 'msg': _('User %s not authorized to edit these groups') % user}
# If an organization is given are we able to add a dataset to it?
data_dict = data_dict or {}
org_id = data_dict.get('organization_id')
if org_id and not new_authz.has_user_permission_for_group_or_org(org_id, user, 'create_dataset'):
return {'success': False, 'msg': _('User %s not authorized to add dataset to this organization') % user}
# Note the default value True except when we're actually trying to create a new dataset...
if data_dict:
org_id = data_dict.get('owner_org')
if org_id and not new_authz.has_user_permission_for_group_or_org(org_id, user, 'create_dataset'):
return {'success': False, 'msg': _('User %s not authorized to add dataset to this organization') % user}
elif not org_id:
return {'success': False}
return {'success': True}
def package_create(context, data_dict=None):
user = context['user']
if authz.auth_is_anon_user(context):
check1 = all(authz.check_config_permission(p) for p in (
'anon_create_dataset',
'create_dataset_if_not_in_organization',
'create_unowned_dataset',
))
else:
check1 = all(authz.check_config_permission(p) for p in (
'create_dataset_if_not_in_organization',
'create_unowned_dataset',
)) or authz.has_user_permission_for_some_org(
user, 'create_dataset')
if not check1:
return {'success': False, 'msg': _('User %s not authorized to create packages') % user}
check2 = _check_group_auth(context,data_dict)
if not check2:
return {'success': False, 'msg': _('User %s not authorized to edit these groups') % user}
# If an organization is given are we able to add a dataset to it?
data_dict = data_dict or {}
org_id = data_dict.get('owner_org')
if org_id and not authz.has_user_permission_for_group_or_org(
org_id, user, 'create_dataset'):
return {'success': False, 'msg': _('User %s not authorized to add dataset to this organization') % user}
if authz.config.get('ckan.gov_theme.is_back'):
return {'success': True}
else:
return {'success': False}
def datahub_package_create(context, data_dict):
from ckan.logic.auth.create import _check_group_auth
if new_authz.is_sysadmin(context.get('user')):
return {'success': True}
user = context['user']
if not new_authz.auth_is_registered_user():
return {'success': False, 'msg': _('You must login to create a dataset')}
else:
check1 = new_authz.check_config_permission('create_dataset_if_not_in_organization') \
or new_authz.check_config_permission('create_unowned_dataset')
if not check1 and not new_authz.has_user_permission_for_some_org(user, 'create_dataset'):
h.redirect_to('/pages/requesting-an-organization')
if not check1:
return {'success': False, 'msg': _('User %s not authorized to create packages') % user}
check2 = _check_group_auth(context,data_dict)
if not check2:
return {'success': False, 'msg': _('User %s not authorized to edit these groups') % user}
# If an organization is given are we able to add a dataset to it?
data_dict = data_dict or {}
org_id = data_dict.get('organization_id')
if org_id and not new_authz.has_user_permission_for_group_or_org(
org_id, user, 'create_dataset'):
return {'success': False, 'msg': _('User %s not authorized to add dataset to this organization') % user}
return {'success': True}
def package_create(context, data_dict=None):
user = context['user']
user_object = context.get('auth_user_obj')
#Sysadmin user has all the previliges
if user_object and user_object.sysadmin :
{'success': True}
#Do not authorize anonymous users
if authz.auth_is_anon_user(context):
return {'success': False, 'msg': _('User %s not authorized to create packages') % user}
#Check if the user has the editor or admin role in some org/suborg
check1 = all(authz.check_config_permission(p) for p in (
'create_dataset_if_not_in_organization',
'create_unowned_dataset',
)) or authz.has_user_permission_for_some_org(
user, 'create_dataset')
if not check1:
return {'success': False, 'msg': _('User %s not authorized to create packages') % user}
check2 = _check_group_auth(context,data_dict)
if not check2:
return {'success': False, 'msg': _('User %s not authorized to edit these groups') % user}
# If an organization is given are we able to add a dataset to it?
data_dict = data_dict or {}
org_id = data_dict.get('owner_org')
if org_id and not authz.has_user_permission_for_group_or_org(
org_id, user, 'create_dataset'):
return {'success': False, 'msg': _('User %s not authorized to add dataset to this organization') % user}
return {'success': True}
def datahub_package_create(context, data_dict):
from ckan.logic.auth.create import _check_group_auth
if authz.is_sysadmin(context.get('user')):
return {'success': True}
user = context['user']
if not authz.auth_is_registered_user():
if '/new' in c.environ['PATH_INFO']:
h.redirect_to(CREATE_DATASET_HELP_PAGE)
else:
return {'success': False, 'msg': _('You must login to create a dataset')}
check1 = authz.check_config_permission('create_dataset_if_not_in_organization') \
or authz.check_config_permission('create_unowned_dataset')
#if not authorized and not a part of any org, redirect to help page on how to join one
if not check1 and not authz.has_user_permission_for_some_org(user, 'create_dataset'):
if '/new' in c.environ['PATH_INFO']:
h.redirect_to(CREATE_DATASET_HELP_PAGE)
else:
return {'success': False, 'msg': _('User %s not authorized to create packages') % user}
check2 = _check_group_auth(context,data_dict)
if not check2 and not check1:
return {'success': False, 'msg': _('User %s not authorized to edit these groups') % user}
# If an organization is given are we able to add a dataset to it?
data_dict = data_dict or {}
org_id = data_dict.get('organization_id')
if org_id and not authz.has_user_permission_for_group_or_org(
org_id, user, 'create_dataset'):
return {'success': False, 'msg': _('User %s not authorized to add dataset to this organization') % user}
return {'success': True}
def managing_users_package_update(context, data_dict):
user = context.get('user')
package = logic_auth.get_package_object(context, data_dict)
extras = dict([(key, value) for key, value in package.extras.items()])
if package.owner_org:
# if there is an owner org then we must have update_dataset
# permission for that organization
check1 = authz.has_user_permission_for_group_or_org(
package.owner_org, user, 'update_dataset')
#Managing users have to be specified for datasets within an organization
managing_users = extras.get('managing_users', '')
managing_users = managing_users.split(',')
check1 = check1 and context['auth_user_obj'].name in managing_users
else:
# If dataset is not owned then we can edit if config permissions allow
if authz.auth_is_anon_user(context):
check1 = all(
authz.check_config_permission(p) for p in (
'anon_create_dataset',
'create_dataset_if_not_in_organization',
'create_unowned_dataset',
))
else:
check1 = all(
authz.check_config_permission(p) for p in (
'create_dataset_if_not_in_organization',
'create_unowned_dataset',
)) or authz.has_user_permission_for_some_org(
user, 'create_dataset')
#Managing users have to be specified for datasets without owner
#Else only creator can edit the dataset
managing_users = extras.get('managing_users', '')
managing_users = managing_users.split(',')
check1 = check1 and context['auth_user_obj'].name in managing_users
if context['auth_user_obj'].id == package.creator_user_id:
#If user is the creator of the package, he can edit it regardless
check1 = True
if not check1:
return {
'success':
False,
'msg':
_('User %s not authorized to edit package %s') %
(str(user), package.id)
}
else:
check2 = _check_group_auth(context, data_dict)
if not check2:
return {
'success':
False,
'msg':
_('User %s not authorized to edit these groups') % (str(user))
}
return {'success': True}
def package_create(context, data_dict=None):
import ckan.new_authz as new_authz
from ckan.logic.auth.create import _check_group_auth
user = context['user']
if new_authz.auth_is_anon_user(context):
check1 = new_authz.check_config_permission(
'anon_create_dataset')
else:
# CKAN default options that grant any user rights to create datasets removed here.
check1 = new_authz.has_user_permission_for_some_org(
user, 'create_dataset')
if not check1:
return {
'success': False,
'msg':
_('User %s not authorized to create packages') % user
}
check2 = _check_group_auth(context, data_dict)
if not check2:
return {
'success': False,
'msg':
_('User %s not authorized to edit these groups') % user
}
# If an organization is given are we able to add a dataset to it?
data_dict = data_dict or {}
org_id = data_dict.get('organization_id')
if org_id and not new_authz.has_user_permission_for_group_or_org(
org_id, user, 'create_dataset'):
return {
'success':
False,
'msg':
_('User %s not authorized to add dataset to this organization'
) % user
}
# Note the default value True except when we're actually trying to create a new dataset...
if data_dict:
org_id = data_dict.get('owner_org')
if org_id and not new_authz.has_user_permission_for_group_or_org(
org_id, user, 'create_dataset'):
return {
'success':
False,
'msg':
_('User %s not authorized to add dataset to this organization'
) % user
}
elif not org_id:
return {'success': False}
return {'success': True}
def package_update(context, data_dict):
model = context['model']
user = context.get('user')
package = logic_auth.get_package_object(context, data_dict)
if package.owner_org:
# if there is an owner org then we must have update_dataset
# permission for that organization
check1 = authz.has_user_permission_for_group_or_org(
package.owner_org, user, 'update_dataset')
else:
# If dataset is not owned then we can edit if config permissions allow
if authz.auth_is_anon_user(context):
check1 = all(
authz.check_config_permission(p) for p in (
'anon_create_dataset',
'create_dataset_if_not_in_organization',
'create_unowned_dataset',
))
else:
check1 = all(
authz.check_config_permission(p) for p in (
'create_dataset_if_not_in_organization',
'create_unowned_dataset',
)) or authz.has_user_permission_for_some_org(
user, 'create_dataset')
if not check1:
success = False
if authz.check_config_permission('allow_dataset_collaborators'):
# if org-level auth failed, check dataset-level auth
# (ie if user is a collaborator)
user_obj = model.User.get(user)
if user_obj:
success = authz.user_is_collaborator_on_dataset(
user_obj.id, package.id, ['admin', 'editor'])
if not success:
return {
'success':
False,
'msg':
_('User %s not authorized to edit package %s') %
(str(user), package.id)
}
else:
check2 = _check_group_auth(context, data_dict)
if not check2:
return {
'success':
False,
'msg':
_('User %s not authorized to edit these groups') % (str(user))
}
return {'success': True}
def package_create(context, data_dict=None):
'''
Modified from CKAN's original check. Any logged in user can add
a dataset to any organisation.
Packages owner check is done when adding a resource.
:param context: context
:param data_dict: data_dict
:return: dictionary with 'success': True|False
'''
user = context['user']
# Needed in metadata supplements
if context.get('package', False):
return is_owner(context, context.get('package').get('id'))
# If an organization is given are we able to add a dataset to it?
data_dict = data_dict or {}
org_id = data_dict.get('owner_org', False)
if org_id and not kata_has_user_permission_for_org(
org_id, user, 'create_dataset'):
return {'success': False, 'msg': _('User %s not authorized to add a dataset') % user}
elif org_id and kata_has_user_permission_for_org(org_id, user, 'create_dataset'):
return {'success': True}
# Below is copy-pasted from CKAN auth.create.package_create
# to allow dataset creation without explicit organization permissions.
if authz.auth_is_anon_user(context):
check1 = all(authz.check_config_permission(p) for p in (
'anon_create_dataset',
'create_dataset_if_not_in_organization',
'create_unowned_dataset',
))
else:
check1 = True # Registered users may create datasets
if not check1:
return {'success': False, 'msg': _('User %s not authorized to create packages') % user}
check2 = _check_group_auth(context, data_dict)
if not check2:
return {'success': False, 'msg': _('User %s not authorized to edit these groups') % user}
# If an organization is given are we able to add a dataset to it?
data_dict = data_dict or {}
org_id = data_dict.get('owner_org')
if org_id and not authz.has_user_permission_for_group_or_org(
org_id, user, 'create_dataset'):
return {'success': False, 'msg': _('User %s not authorized to add dataset to this organization') % user}
return {'success': True}
def managing_users_package_update(context, data_dict):
user = context.get('user')
package = logic_auth.get_package_object(context, data_dict)
extras = dict([(key, value) for key, value in package.extras.items()])
if package.owner_org:
# if there is an owner org then we must have update_dataset
# permission for that organization
check1 = authz.has_user_permission_for_group_or_org(
package.owner_org, user, 'update_dataset'
)
#Managing users have to be specified for datasets within an organization
managing_users = extras.get('managing_users', '')
managing_users = managing_users.split(',')
check1 = check1 and context['auth_user_obj'].name in managing_users
else:
# If dataset is not owned then we can edit if config permissions allow
if authz.auth_is_anon_user(context):
check1 = all(authz.check_config_permission(p) for p in (
'anon_create_dataset',
'create_dataset_if_not_in_organization',
'create_unowned_dataset',
))
else:
check1 = all(authz.check_config_permission(p) for p in (
'create_dataset_if_not_in_organization',
'create_unowned_dataset',
)) or authz.has_user_permission_for_some_org(
user, 'create_dataset')
#Managing users have to be specified for datasets without owner
#Else only creator can edit the dataset
managing_users = extras.get('managing_users', '')
managing_users = managing_users.split(',')
check1 = check1 and context['auth_user_obj'].name in managing_users
if context['auth_user_obj'].id == package.creator_user_id:
#If user is the creator of the package, he can edit it regardless
check1 = True
if not check1:
return {'success': False,
'msg': _('User %s not authorized to edit package %s') %
(str(user), package.id)}
else:
check2 = _check_group_auth(context, data_dict)
if not check2:
return {'success': False,
'msg': _('User %s not authorized to edit these groups') %
(str(user))}
return {'success': True}
def package_update(context, data_dict):
model = context['model']
user = context.get('user')
package = get_package_object(context, data_dict)
check1 = logic.check_access_old(package, model.Action.EDIT, context)
if not check1:
return {'success': False, 'msg': _('User %s not authorized to edit package %s') % (str(user), package.id)}
else:
check2 = _check_group_auth(context,data_dict)
if not check2:
return {'success': False, 'msg': _('User %s not authorized to edit these groups') % str(user)}
return {'success': True}
def package_update(context, data_dict):
model = context["model"]
user = context.get("user")
package = get_package_object(context, data_dict)
check1 = check_access_old(package, model.Action.EDIT, context)
if not check1:
return {"success": False, "msg": _("User %s not authorized to edit package %s") % (str(user), package.id)}
else:
check2 = _check_group_auth(context, data_dict)
if not check2:
return {"success": False, "msg": _("User %s not authorized to edit these groups") % str(user)}
return {"success": True}
def package_create(context, data_dict=None):
user = context['user']
user_object = context.get('auth_user_obj')
#Sysadmin user has all the previliges
if user_object and user_object.sysadmin:
{'success': True}
#Do not authorize anonymous users
if authz.auth_is_anon_user(context):
return {
'success': False,
'msg': _('User %s not authorized to create packages') % user
}
#Check if the user has the editor or admin role in some org/suborg
check1 = all(
authz.check_config_permission(p) for p in (
'create_dataset_if_not_in_organization',
'create_unowned_dataset',
)) or authz.has_user_permission_for_some_org(user, 'create_dataset')
if not check1:
return {
'success': False,
'msg': _('User %s not authorized to create packages') % user
}
check2 = _check_group_auth(context, data_dict)
if not check2:
return {
'success': False,
'msg': _('User %s not authorized to edit these groups') % user
}
# If an organization is given are we able to add a dataset to it?
data_dict = data_dict or {}
org_id = data_dict.get('owner_org')
if org_id and not authz.has_user_permission_for_group_or_org(
org_id, user, 'create_dataset'):
return {
'success':
False,
'msg':
_('User %s not authorized to add dataset to this organization') %
user
}
return {'success': True}
def datahub_package_create(context, data_dict):
from ckan.logic.auth.create import _check_group_auth
if new_authz.is_sysadmin(context.get('user')):
return {'success': True}
user = context['user']
if not new_authz.auth_is_registered_user():
if '/new' in c.environ['PATH_INFO']:
h.redirect_to(CREATE_DATASET_HELP_PAGE)
else:
return {
'success': False,
'msg': _('You must login to create a dataset')
}
check1 = new_authz.check_config_permission('create_dataset_if_not_in_organization') \
or new_authz.check_config_permission('create_unowned_dataset')
#if not authorized and not a part of any org, redirect to help page on how to join one
if not check1 and not new_authz.has_user_permission_for_some_org(
user, 'create_dataset'):
if '/new' in c.environ['PATH_INFO']:
h.redirect_to(CREATE_DATASET_HELP_PAGE)
else:
return {
'success': False,
'msg': _('User %s not authorized to create packages') % user
}
check2 = _check_group_auth(context, data_dict)
if not check2 and not check1:
return {
'success': False,
'msg': _('User %s not authorized to edit these groups') % user
}
# If an organization is given are we able to add a dataset to it?
data_dict = data_dict or {}
org_id = data_dict.get('organization_id')
if org_id and not new_authz.has_user_permission_for_group_or_org(
org_id, user, 'create_dataset'):
return {
'success':
False,
'msg':
_('User %s not authorized to add dataset to this organization') %
user
}
return {'success': True}
def package_update(context, data_dict):
user = context.get('user')
package = get_package_object(context, data_dict)
if package.owner_org:
check1 = new_authz.has_user_permission_for_group_or_org(package.owner_org, user, 'update_dataset')
else:
check1 = new_authz.check_config_permission('create_dataset_if_not_in_organization')
if not check1:
return {'success': False, 'msg': _('User %s not authorized to edit package %s') % (str(user), package.id)}
else:
check2 = _check_group_auth(context,data_dict)
if not check2:
return {'success': False, 'msg': _('User %s not authorized to edit these groups') % str(user)}
return {'success': True}
def package_update(context, data_dict):
user = context.get("user")
package = get_package_object(context, data_dict)
if package.owner_org:
# if there is an owner org then we must have update_dataset
# premission for that organization
check1 = new_authz.has_user_permission_for_group_or_org(package.owner_org, user, "update_dataset")
else:
# If dataset is not owned then we can edit if config permissions allow
if new_authz.auth_is_registered_user():
check1 = new_authz.check_config_permission("create_dataset_if_not_in_organization")
else:
check1 = new_authz.check_config_permission("anon_create_dataset")
if not check1:
return {"success": False, "msg": _("User %s not authorized to edit package %s") % (str(user), package.id)}
else:
check2 = _check_group_auth(context, data_dict)
if not check2:
return {"success": False, "msg": _("User %s not authorized to edit these groups") % str(user)}
return {"success": True}
def package_create(context, data_dict=None):
'''
Modified from CKAN's original check. Any logged in user can add
a dataset to any organisation.
Packages owner check is done when adding a resource.
:param context: context
:param data_dict: data_dict
:return: dictionary with 'success': True|False
'''
user = context['user']
# Needed in metadata supplements
if context.get('package', False):
return is_owner(context, context.get('package').get('id'))
# If an organization is given are we able to add a dataset to it?
data_dict = data_dict or {}
org_id = data_dict.get('owner_org', False)
if org_id and not kata_has_user_permission_for_org(org_id, user,
'create_dataset'):
return {
'success': False,
'msg': _('User %s not authorized to add a dataset') % user
}
elif org_id and kata_has_user_permission_for_org(org_id, user,
'create_dataset'):
return {'success': True}
# Below is copy-pasted from CKAN auth.create.package_create
# to allow dataset creation without explicit organization permissions.
if authz.auth_is_anon_user(context):
check1 = all(
authz.check_config_permission(p) for p in (
'anon_create_dataset',
'create_dataset_if_not_in_organization',
'create_unowned_dataset',
))
else:
check1 = True # Registered users may create datasets
if not check1:
return {
'success': False,
'msg': _('User %s not authorized to create packages') % user
}
check2 = _check_group_auth(context, data_dict)
if not check2:
return {
'success': False,
'msg': _('User %s not authorized to edit these groups') % user
}
# If an organization is given are we able to add a dataset to it?
data_dict = data_dict or {}
org_id = data_dict.get('owner_org')
if org_id and not authz.has_user_permission_for_group_or_org(
org_id, user, 'create_dataset'):
return {
'success':
False,
'msg':
_('User %s not authorized to add dataset to this organization') %
user
}
return {'success': True}
def package_update(context, data_dict):
user = context.get('user')
package = logic_auth.get_package_object(context, data_dict)
if package.owner_org:
# if there is an owner org then we must have update_dataset
# permission for that organization
check1 = authz.has_user_permission_for_group_or_org(
package.owner_org, user, 'update_dataset')
else:
# If dataset is not owned then we can edit if config permissions allow
if authz.auth_is_anon_user(context):
check1 = all(
authz.check_config_permission(p) for p in (
'anon_create_dataset',
'create_dataset_if_not_in_organization',
'create_unowned_dataset',
))
else:
check1 = all(
authz.check_config_permission(p) for p in (
'create_dataset_if_not_in_organization',
'create_unowned_dataset',
)) or authz.has_user_permission_for_some_org(
user, 'create_dataset')
if not check1:
return {
'success':
False,
'msg':
_('User %s not authorized to edit package %s') %
(str(user), package.id)
}
else:
check2 = _check_group_auth(context, data_dict)
if not check2:
return {
'success':
False,
'msg':
_('User %s not authorized to edit these groups') % (str(user))
}
if package.private is not None and package.private is False and data_dict is not None and data_dict.get(
'private', '') == 'True':
return {
'success': False,
'msg': 'Public datasets cannot be set private again'
}
elif package.private is not None and package.private is True and data_dict is not None and data_dict.get(
'private', '') == 'False':
subset_uniqueness = helpers.check_subset_uniqueness(package.id)
if len(subset_uniqueness) > 0:
return {
'success':
False,
'msg':
'Dataset cannot be set public as it contains a subset, which was already published'
}
return {'success': True}
