def package_update(context, data_dict): user = context.get('user') package = logic_auth.get_package_object(context, data_dict) if package.owner_org: # if there is an owner org then we must have update_dataset # premission for that organization check1 = new_authz.has_user_permission_for_group_or_org( package.owner_org, user, 'update_dataset' ) else: # If dataset is not owned then we can edit if config permissions allow if not new_authz.auth_is_anon_user(context): check1 = new_authz.check_config_permission( 'create_dataset_if_not_in_organization') else: check1 = new_authz.check_config_permission('anon_create_dataset') if not check1: return {'success': False, 'msg': _('User %s not authorized to edit package %s') % (str(user), package.id)} else: check2 = _check_group_auth(context, data_dict) if not check2: return {'success': False, 'msg': _('User %s not authorized to edit these groups') % (str(user))} return {'success': True}
def package_create(context, data_dict=None): import ckan.new_authz as new_authz from ckan.logic.auth.create import _check_group_auth user = context['user'] if new_authz.auth_is_anon_user(context): check1 = new_authz.check_config_permission('anon_create_dataset') else: # CKAN default options that grant any user rights to create datasets removed here. check1 = new_authz.has_user_permission_for_some_org(user, 'create_dataset') if not check1: return {'success': False, 'msg': _('User %s not authorized to create packages') % user} check2 = _check_group_auth(context,data_dict) if not check2: return {'success': False, 'msg': _('User %s not authorized to edit these groups') % user} # If an organization is given are we able to add a dataset to it? data_dict = data_dict or {} org_id = data_dict.get('organization_id') if org_id and not new_authz.has_user_permission_for_group_or_org(org_id, user, 'create_dataset'): return {'success': False, 'msg': _('User %s not authorized to add dataset to this organization') % user} # Note the default value True except when we're actually trying to create a new dataset... if data_dict: org_id = data_dict.get('owner_org') if org_id and not new_authz.has_user_permission_for_group_or_org(org_id, user, 'create_dataset'): return {'success': False, 'msg': _('User %s not authorized to add dataset to this organization') % user} elif not org_id: return {'success': False} return {'success': True}
def package_create(context, data_dict=None): user = context['user'] if authz.auth_is_anon_user(context): check1 = all(authz.check_config_permission(p) for p in ( 'anon_create_dataset', 'create_dataset_if_not_in_organization', 'create_unowned_dataset', )) else: check1 = all(authz.check_config_permission(p) for p in ( 'create_dataset_if_not_in_organization', 'create_unowned_dataset', )) or authz.has_user_permission_for_some_org( user, 'create_dataset') if not check1: return {'success': False, 'msg': _('User %s not authorized to create packages') % user} check2 = _check_group_auth(context,data_dict) if not check2: return {'success': False, 'msg': _('User %s not authorized to edit these groups') % user} # If an organization is given are we able to add a dataset to it? data_dict = data_dict or {} org_id = data_dict.get('owner_org') if org_id and not authz.has_user_permission_for_group_or_org( org_id, user, 'create_dataset'): return {'success': False, 'msg': _('User %s not authorized to add dataset to this organization') % user} if authz.config.get('ckan.gov_theme.is_back'): return {'success': True} else: return {'success': False}
def datahub_package_create(context, data_dict): from ckan.logic.auth.create import _check_group_auth if new_authz.is_sysadmin(context.get('user')): return {'success': True} user = context['user'] if not new_authz.auth_is_registered_user(): return {'success': False, 'msg': _('You must login to create a dataset')} else: check1 = new_authz.check_config_permission('create_dataset_if_not_in_organization') \ or new_authz.check_config_permission('create_unowned_dataset') if not check1 and not new_authz.has_user_permission_for_some_org(user, 'create_dataset'): h.redirect_to('/pages/requesting-an-organization') if not check1: return {'success': False, 'msg': _('User %s not authorized to create packages') % user} check2 = _check_group_auth(context,data_dict) if not check2: return {'success': False, 'msg': _('User %s not authorized to edit these groups') % user} # If an organization is given are we able to add a dataset to it? data_dict = data_dict or {} org_id = data_dict.get('organization_id') if org_id and not new_authz.has_user_permission_for_group_or_org( org_id, user, 'create_dataset'): return {'success': False, 'msg': _('User %s not authorized to add dataset to this organization') % user} return {'success': True}
def package_create(context, data_dict=None): user = context['user'] user_object = context.get('auth_user_obj') #Sysadmin user has all the previliges if user_object and user_object.sysadmin : {'success': True} #Do not authorize anonymous users if authz.auth_is_anon_user(context): return {'success': False, 'msg': _('User %s not authorized to create packages') % user} #Check if the user has the editor or admin role in some org/suborg check1 = all(authz.check_config_permission(p) for p in ( 'create_dataset_if_not_in_organization', 'create_unowned_dataset', )) or authz.has_user_permission_for_some_org( user, 'create_dataset') if not check1: return {'success': False, 'msg': _('User %s not authorized to create packages') % user} check2 = _check_group_auth(context,data_dict) if not check2: return {'success': False, 'msg': _('User %s not authorized to edit these groups') % user} # If an organization is given are we able to add a dataset to it? data_dict = data_dict or {} org_id = data_dict.get('owner_org') if org_id and not authz.has_user_permission_for_group_or_org( org_id, user, 'create_dataset'): return {'success': False, 'msg': _('User %s not authorized to add dataset to this organization') % user} return {'success': True}
def datahub_package_create(context, data_dict): from ckan.logic.auth.create import _check_group_auth if authz.is_sysadmin(context.get('user')): return {'success': True} user = context['user'] if not authz.auth_is_registered_user(): if '/new' in c.environ['PATH_INFO']: h.redirect_to(CREATE_DATASET_HELP_PAGE) else: return {'success': False, 'msg': _('You must login to create a dataset')} check1 = authz.check_config_permission('create_dataset_if_not_in_organization') \ or authz.check_config_permission('create_unowned_dataset') #if not authorized and not a part of any org, redirect to help page on how to join one if not check1 and not authz.has_user_permission_for_some_org(user, 'create_dataset'): if '/new' in c.environ['PATH_INFO']: h.redirect_to(CREATE_DATASET_HELP_PAGE) else: return {'success': False, 'msg': _('User %s not authorized to create packages') % user} check2 = _check_group_auth(context,data_dict) if not check2 and not check1: return {'success': False, 'msg': _('User %s not authorized to edit these groups') % user} # If an organization is given are we able to add a dataset to it? data_dict = data_dict or {} org_id = data_dict.get('organization_id') if org_id and not authz.has_user_permission_for_group_or_org( org_id, user, 'create_dataset'): return {'success': False, 'msg': _('User %s not authorized to add dataset to this organization') % user} return {'success': True}
def managing_users_package_update(context, data_dict): user = context.get('user') package = logic_auth.get_package_object(context, data_dict) extras = dict([(key, value) for key, value in package.extras.items()]) if package.owner_org: # if there is an owner org then we must have update_dataset # permission for that organization check1 = authz.has_user_permission_for_group_or_org( package.owner_org, user, 'update_dataset') #Managing users have to be specified for datasets within an organization managing_users = extras.get('managing_users', '') managing_users = managing_users.split(',') check1 = check1 and context['auth_user_obj'].name in managing_users else: # If dataset is not owned then we can edit if config permissions allow if authz.auth_is_anon_user(context): check1 = all( authz.check_config_permission(p) for p in ( 'anon_create_dataset', 'create_dataset_if_not_in_organization', 'create_unowned_dataset', )) else: check1 = all( authz.check_config_permission(p) for p in ( 'create_dataset_if_not_in_organization', 'create_unowned_dataset', )) or authz.has_user_permission_for_some_org( user, 'create_dataset') #Managing users have to be specified for datasets without owner #Else only creator can edit the dataset managing_users = extras.get('managing_users', '') managing_users = managing_users.split(',') check1 = check1 and context['auth_user_obj'].name in managing_users if context['auth_user_obj'].id == package.creator_user_id: #If user is the creator of the package, he can edit it regardless check1 = True if not check1: return { 'success': False, 'msg': _('User %s not authorized to edit package %s') % (str(user), package.id) } else: check2 = _check_group_auth(context, data_dict) if not check2: return { 'success': False, 'msg': _('User %s not authorized to edit these groups') % (str(user)) } return {'success': True}
def package_create(context, data_dict=None): import ckan.new_authz as new_authz from ckan.logic.auth.create import _check_group_auth user = context['user'] if new_authz.auth_is_anon_user(context): check1 = new_authz.check_config_permission( 'anon_create_dataset') else: # CKAN default options that grant any user rights to create datasets removed here. check1 = new_authz.has_user_permission_for_some_org( user, 'create_dataset') if not check1: return { 'success': False, 'msg': _('User %s not authorized to create packages') % user } check2 = _check_group_auth(context, data_dict) if not check2: return { 'success': False, 'msg': _('User %s not authorized to edit these groups') % user } # If an organization is given are we able to add a dataset to it? data_dict = data_dict or {} org_id = data_dict.get('organization_id') if org_id and not new_authz.has_user_permission_for_group_or_org( org_id, user, 'create_dataset'): return { 'success': False, 'msg': _('User %s not authorized to add dataset to this organization' ) % user } # Note the default value True except when we're actually trying to create a new dataset... if data_dict: org_id = data_dict.get('owner_org') if org_id and not new_authz.has_user_permission_for_group_or_org( org_id, user, 'create_dataset'): return { 'success': False, 'msg': _('User %s not authorized to add dataset to this organization' ) % user } elif not org_id: return {'success': False} return {'success': True}
def package_update(context, data_dict): model = context['model'] user = context.get('user') package = logic_auth.get_package_object(context, data_dict) if package.owner_org: # if there is an owner org then we must have update_dataset # permission for that organization check1 = authz.has_user_permission_for_group_or_org( package.owner_org, user, 'update_dataset') else: # If dataset is not owned then we can edit if config permissions allow if authz.auth_is_anon_user(context): check1 = all( authz.check_config_permission(p) for p in ( 'anon_create_dataset', 'create_dataset_if_not_in_organization', 'create_unowned_dataset', )) else: check1 = all( authz.check_config_permission(p) for p in ( 'create_dataset_if_not_in_organization', 'create_unowned_dataset', )) or authz.has_user_permission_for_some_org( user, 'create_dataset') if not check1: success = False if authz.check_config_permission('allow_dataset_collaborators'): # if org-level auth failed, check dataset-level auth # (ie if user is a collaborator) user_obj = model.User.get(user) if user_obj: success = authz.user_is_collaborator_on_dataset( user_obj.id, package.id, ['admin', 'editor']) if not success: return { 'success': False, 'msg': _('User %s not authorized to edit package %s') % (str(user), package.id) } else: check2 = _check_group_auth(context, data_dict) if not check2: return { 'success': False, 'msg': _('User %s not authorized to edit these groups') % (str(user)) } return {'success': True}
def package_create(context, data_dict=None): ''' Modified from CKAN's original check. Any logged in user can add a dataset to any organisation. Packages owner check is done when adding a resource. :param context: context :param data_dict: data_dict :return: dictionary with 'success': True|False ''' user = context['user'] # Needed in metadata supplements if context.get('package', False): return is_owner(context, context.get('package').get('id')) # If an organization is given are we able to add a dataset to it? data_dict = data_dict or {} org_id = data_dict.get('owner_org', False) if org_id and not kata_has_user_permission_for_org( org_id, user, 'create_dataset'): return {'success': False, 'msg': _('User %s not authorized to add a dataset') % user} elif org_id and kata_has_user_permission_for_org(org_id, user, 'create_dataset'): return {'success': True} # Below is copy-pasted from CKAN auth.create.package_create # to allow dataset creation without explicit organization permissions. if authz.auth_is_anon_user(context): check1 = all(authz.check_config_permission(p) for p in ( 'anon_create_dataset', 'create_dataset_if_not_in_organization', 'create_unowned_dataset', )) else: check1 = True # Registered users may create datasets if not check1: return {'success': False, 'msg': _('User %s not authorized to create packages') % user} check2 = _check_group_auth(context, data_dict) if not check2: return {'success': False, 'msg': _('User %s not authorized to edit these groups') % user} # If an organization is given are we able to add a dataset to it? data_dict = data_dict or {} org_id = data_dict.get('owner_org') if org_id and not authz.has_user_permission_for_group_or_org( org_id, user, 'create_dataset'): return {'success': False, 'msg': _('User %s not authorized to add dataset to this organization') % user} return {'success': True}
def managing_users_package_update(context, data_dict): user = context.get('user') package = logic_auth.get_package_object(context, data_dict) extras = dict([(key, value) for key, value in package.extras.items()]) if package.owner_org: # if there is an owner org then we must have update_dataset # permission for that organization check1 = authz.has_user_permission_for_group_or_org( package.owner_org, user, 'update_dataset' ) #Managing users have to be specified for datasets within an organization managing_users = extras.get('managing_users', '') managing_users = managing_users.split(',') check1 = check1 and context['auth_user_obj'].name in managing_users else: # If dataset is not owned then we can edit if config permissions allow if authz.auth_is_anon_user(context): check1 = all(authz.check_config_permission(p) for p in ( 'anon_create_dataset', 'create_dataset_if_not_in_organization', 'create_unowned_dataset', )) else: check1 = all(authz.check_config_permission(p) for p in ( 'create_dataset_if_not_in_organization', 'create_unowned_dataset', )) or authz.has_user_permission_for_some_org( user, 'create_dataset') #Managing users have to be specified for datasets without owner #Else only creator can edit the dataset managing_users = extras.get('managing_users', '') managing_users = managing_users.split(',') check1 = check1 and context['auth_user_obj'].name in managing_users if context['auth_user_obj'].id == package.creator_user_id: #If user is the creator of the package, he can edit it regardless check1 = True if not check1: return {'success': False, 'msg': _('User %s not authorized to edit package %s') % (str(user), package.id)} else: check2 = _check_group_auth(context, data_dict) if not check2: return {'success': False, 'msg': _('User %s not authorized to edit these groups') % (str(user))} return {'success': True}
def package_update(context, data_dict): model = context['model'] user = context.get('user') package = get_package_object(context, data_dict) check1 = logic.check_access_old(package, model.Action.EDIT, context) if not check1: return {'success': False, 'msg': _('User %s not authorized to edit package %s') % (str(user), package.id)} else: check2 = _check_group_auth(context,data_dict) if not check2: return {'success': False, 'msg': _('User %s not authorized to edit these groups') % str(user)} return {'success': True}
def package_update(context, data_dict): model = context["model"] user = context.get("user") package = get_package_object(context, data_dict) check1 = check_access_old(package, model.Action.EDIT, context) if not check1: return {"success": False, "msg": _("User %s not authorized to edit package %s") % (str(user), package.id)} else: check2 = _check_group_auth(context, data_dict) if not check2: return {"success": False, "msg": _("User %s not authorized to edit these groups") % str(user)} return {"success": True}
def package_create(context, data_dict=None): user = context['user'] user_object = context.get('auth_user_obj') #Sysadmin user has all the previliges if user_object and user_object.sysadmin: {'success': True} #Do not authorize anonymous users if authz.auth_is_anon_user(context): return { 'success': False, 'msg': _('User %s not authorized to create packages') % user } #Check if the user has the editor or admin role in some org/suborg check1 = all( authz.check_config_permission(p) for p in ( 'create_dataset_if_not_in_organization', 'create_unowned_dataset', )) or authz.has_user_permission_for_some_org(user, 'create_dataset') if not check1: return { 'success': False, 'msg': _('User %s not authorized to create packages') % user } check2 = _check_group_auth(context, data_dict) if not check2: return { 'success': False, 'msg': _('User %s not authorized to edit these groups') % user } # If an organization is given are we able to add a dataset to it? data_dict = data_dict or {} org_id = data_dict.get('owner_org') if org_id and not authz.has_user_permission_for_group_or_org( org_id, user, 'create_dataset'): return { 'success': False, 'msg': _('User %s not authorized to add dataset to this organization') % user } return {'success': True}
def datahub_package_create(context, data_dict): from ckan.logic.auth.create import _check_group_auth if new_authz.is_sysadmin(context.get('user')): return {'success': True} user = context['user'] if not new_authz.auth_is_registered_user(): if '/new' in c.environ['PATH_INFO']: h.redirect_to(CREATE_DATASET_HELP_PAGE) else: return { 'success': False, 'msg': _('You must login to create a dataset') } check1 = new_authz.check_config_permission('create_dataset_if_not_in_organization') \ or new_authz.check_config_permission('create_unowned_dataset') #if not authorized and not a part of any org, redirect to help page on how to join one if not check1 and not new_authz.has_user_permission_for_some_org( user, 'create_dataset'): if '/new' in c.environ['PATH_INFO']: h.redirect_to(CREATE_DATASET_HELP_PAGE) else: return { 'success': False, 'msg': _('User %s not authorized to create packages') % user } check2 = _check_group_auth(context, data_dict) if not check2 and not check1: return { 'success': False, 'msg': _('User %s not authorized to edit these groups') % user } # If an organization is given are we able to add a dataset to it? data_dict = data_dict or {} org_id = data_dict.get('organization_id') if org_id and not new_authz.has_user_permission_for_group_or_org( org_id, user, 'create_dataset'): return { 'success': False, 'msg': _('User %s not authorized to add dataset to this organization') % user } return {'success': True}
def package_update(context, data_dict): user = context.get('user') package = get_package_object(context, data_dict) if package.owner_org: check1 = new_authz.has_user_permission_for_group_or_org(package.owner_org, user, 'update_dataset') else: check1 = new_authz.check_config_permission('create_dataset_if_not_in_organization') if not check1: return {'success': False, 'msg': _('User %s not authorized to edit package %s') % (str(user), package.id)} else: check2 = _check_group_auth(context,data_dict) if not check2: return {'success': False, 'msg': _('User %s not authorized to edit these groups') % str(user)} return {'success': True}
def package_update(context, data_dict): user = context.get("user") package = get_package_object(context, data_dict) if package.owner_org: # if there is an owner org then we must have update_dataset # premission for that organization check1 = new_authz.has_user_permission_for_group_or_org(package.owner_org, user, "update_dataset") else: # If dataset is not owned then we can edit if config permissions allow if new_authz.auth_is_registered_user(): check1 = new_authz.check_config_permission("create_dataset_if_not_in_organization") else: check1 = new_authz.check_config_permission("anon_create_dataset") if not check1: return {"success": False, "msg": _("User %s not authorized to edit package %s") % (str(user), package.id)} else: check2 = _check_group_auth(context, data_dict) if not check2: return {"success": False, "msg": _("User %s not authorized to edit these groups") % str(user)} return {"success": True}
def package_create(context, data_dict=None): ''' Modified from CKAN's original check. Any logged in user can add a dataset to any organisation. Packages owner check is done when adding a resource. :param context: context :param data_dict: data_dict :return: dictionary with 'success': True|False ''' user = context['user'] # Needed in metadata supplements if context.get('package', False): return is_owner(context, context.get('package').get('id')) # If an organization is given are we able to add a dataset to it? data_dict = data_dict or {} org_id = data_dict.get('owner_org', False) if org_id and not kata_has_user_permission_for_org(org_id, user, 'create_dataset'): return { 'success': False, 'msg': _('User %s not authorized to add a dataset') % user } elif org_id and kata_has_user_permission_for_org(org_id, user, 'create_dataset'): return {'success': True} # Below is copy-pasted from CKAN auth.create.package_create # to allow dataset creation without explicit organization permissions. if authz.auth_is_anon_user(context): check1 = all( authz.check_config_permission(p) for p in ( 'anon_create_dataset', 'create_dataset_if_not_in_organization', 'create_unowned_dataset', )) else: check1 = True # Registered users may create datasets if not check1: return { 'success': False, 'msg': _('User %s not authorized to create packages') % user } check2 = _check_group_auth(context, data_dict) if not check2: return { 'success': False, 'msg': _('User %s not authorized to edit these groups') % user } # If an organization is given are we able to add a dataset to it? data_dict = data_dict or {} org_id = data_dict.get('owner_org') if org_id and not authz.has_user_permission_for_group_or_org( org_id, user, 'create_dataset'): return { 'success': False, 'msg': _('User %s not authorized to add dataset to this organization') % user } return {'success': True}
def package_update(context, data_dict): user = context.get('user') package = logic_auth.get_package_object(context, data_dict) if package.owner_org: # if there is an owner org then we must have update_dataset # permission for that organization check1 = authz.has_user_permission_for_group_or_org( package.owner_org, user, 'update_dataset') else: # If dataset is not owned then we can edit if config permissions allow if authz.auth_is_anon_user(context): check1 = all( authz.check_config_permission(p) for p in ( 'anon_create_dataset', 'create_dataset_if_not_in_organization', 'create_unowned_dataset', )) else: check1 = all( authz.check_config_permission(p) for p in ( 'create_dataset_if_not_in_organization', 'create_unowned_dataset', )) or authz.has_user_permission_for_some_org( user, 'create_dataset') if not check1: return { 'success': False, 'msg': _('User %s not authorized to edit package %s') % (str(user), package.id) } else: check2 = _check_group_auth(context, data_dict) if not check2: return { 'success': False, 'msg': _('User %s not authorized to edit these groups') % (str(user)) } if package.private is not None and package.private is False and data_dict is not None and data_dict.get( 'private', '') == 'True': return { 'success': False, 'msg': 'Public datasets cannot be set private again' } elif package.private is not None and package.private is True and data_dict is not None and data_dict.get( 'private', '') == 'False': subset_uniqueness = helpers.check_subset_uniqueness(package.id) if len(subset_uniqueness) > 0: return { 'success': False, 'msg': 'Dataset cannot be set public as it contains a subset, which was already published' } return {'success': True}