def action_save_form(users):
# The permissions grid has been saved
# which is a grid of checkboxes named user$role
rpi = request.params.items()
# The grid passes us a list of the users/roles that were displayed
submitted = [a for (a, b) in rpi if (b == u'submitted')]
# and also those which were checked
checked = [a for (a, b) in rpi if (b == u'on')]
# from which we can deduce true/false for each user/role
# combination that was displayed in the form
table_dict = {}
for a in submitted:
table_dict[a] = False
for a in checked:
table_dict[a] = True
# now we'll split up the user$role strings to make a dictionary
# from (user,role) to True/False, which tells us what we need to
# do.
new_user_role_dict = {}
for (ur, val) in table_dict.items():
u, r = ur.split('$')
new_user_role_dict[(u, r)] = val
# we get the current user/role assignments
# and make a dictionary of them
current_uors = model.Session.query(model.SystemRole).all()
current_users_roles = [(uor.user.name, uor.role)
for uor in current_uors if uor.user]
current_user_role_dict = {}
for (u, r) in current_users_roles:
current_user_role_dict[(u, r)] = True
# and now we can loop through our dictionary of desired states
# checking whether a change needs to be made, and if so making it
# WORRY: Here it seems that we have to check whether someone is
# already assigned a role, in order to avoid assigning it twice,
# or attempting to delete it when it doesn't exist. Otherwise
# problems occur. However this doesn't affect the index page,
# which would seem to be prone to suffer the same effect. Why
# the difference?
for ((u, r), val) in new_user_role_dict.items():
if val:
if not ((u, r) in current_user_role_dict):
model.add_user_to_role(model.User.by_name(u), r,
model.System())
else:
if ((u, r) in current_user_role_dict):
model.remove_user_from_role(model.User.by_name(u), r,
model.System())
# finally commit the change to the database
model.Session.commit()
h.flash_success(_("Changes Saved"))
def test_pkg_create(self):
action = model.Action.PACKAGE_CREATE
assert self.authorizer.is_authorized(self.admin.name, action,
model.System())
assert self.authorizer.is_authorized(self.notadmin.name, action,
model.System())
assert not self.authorizer.is_authorized(u'blah', action,
model.System())
assert not self.authorizer.is_authorized(u'visitor', action,
model.System())
def action_add_form(users):
# The user is attempting to set new roles for a named user
new_user = request.params.get('new_user_name')
# this is the list of roles whose boxes were ticked
checked_roles = [
a for (a, b) in request.params.items() if (b == u'on')
]
# this is the list of all the roles that were in the submitted
# form
submitted_roles = [
a for (a, b) in request.params.items() if (b == u'submitted')
]
# from this we can make a dictionary of the desired states
# i.e. true for the ticked boxes, false for the unticked
desired_roles = {}
for r in submitted_roles:
desired_roles[r] = False
for r in checked_roles:
desired_roles[r] = True
# again, in order to avoid either creating a role twice or
# deleting one which is non-existent, we need to get the users'
# current roles (if any)
current_uors = model.Session.query(model.SystemRole).all()
current_roles = [
uor.role for uor in current_uors
if (uor.user and uor.user.name == new_user)
]
user_object = model.User.by_name(new_user)
if user_object is None:
# The submitted user does not exist. Bail with flash
# message
h.flash_error(_('unknown user:') + str(new_user))
else:
# Whenever our desired state is different from our
# current state, change it.
for (r, val) in desired_roles.items():
if val:
if (r not in current_roles):
model.add_user_to_role(user_object, r,
model.System())
else:
if (r in current_roles):
model.remove_user_from_role(
user_object, r, model.System())
h.flash_success(_("User Added"))
# and finally commit all these changes to the database
model.Session.commit()
def setup_class(self):
super(TestDeletedDecoyWhenAdmin, self).setup_class()
try:
self.orig_pkg_dict = {
"name": u"quarterly_epidemiological_commentary",
"title": "Quarterly Epidemiological Commentary",
"version": None, "url": None, "author": None, "author_email": None, "maintainer": None, "maintainer_email": None,
"notes": "Epidemiological analyses of Mandatory surveillance data on MRSA bacteraemia and C. difficile infection covering at least nine quarters\r\nSource agency: Health Protection Agency\r\nDesignation: Official Statistics not designated as National Statistics\r\nLanguage: English\r\nAlternative title: Quarterly Epi Commentary",
"license_id": "uk-ogl",
"tags": ["conditions-and-diseases", "health", "health-and-social-care", "health-of-the-population", "nhs-trust-hcai-pct-mrsa-mrsa-bacteraemia-c-difficile-c-diff-clostridium-difficile-healthcare-associa", "well-being-and-care"],
"groups": ['health-protection-agency'],
"extras": {
"geographic_coverage": "100000: England",
"geographic_granularity": "Other",
"external_reference": "ONSHUB",
"temporal_coverage-from": "",
"temporal_granularity": "",
"date_updated": "",
"precision": "",
"geographic_granularity": "",
"temporal_coverage_to": "",
"temporal_coverage_from": "",
"taxonomy_url": "",
"import_source": "ONS-ons_data_7_days_to_2010-06-23",
"date_released": "2010-06-18",
"temporal_coverage-to": "",
"update_frequency": "quarterly",
"national_statistic": "no",
"categories": "Health and Social Care"
},
"resources": []
}
self.deleted_decoy_pkg_dict = {
"name": u"quarterly_epidemiological_commentary_-_none",
"title": "Quarterly Epidemiological Commentary",
"groups": ['health-protection-agency'],
}
CreateTestData.create_arbitrary([self.orig_pkg_dict])
CreateTestData.create_arbitrary([self.deleted_decoy_pkg_dict],
extra_user_names=[u'testsysadmin'])
# make a sysadmin user
rev = model.repo.new_revision()
testsysadmin = model.User.by_name(u'testsysadmin')
model.add_user_to_role(testsysadmin, model.Role.ADMIN, model.System())
# delete decoy
decoy_pkg = model.Package.by_name(self.deleted_decoy_pkg_dict['name'])
assert decoy_pkg
decoy_pkg.delete()
model.repo.commit_and_remove()
# same data is imported, but should find record and add department
importer_ = importer.OnsImporter(sample_filepath(9), self.testclient)
self.pkg_dict = [pkg_dict for pkg_dict in importer_.pkg_dict()][0]
except:
# ensure that mock_drupal is destroyed
MockDrupalCase.teardown_class()
model.repo.rebuild_db()
raise
def setup_class(self):
try:
search.clear()
setup_test_search_index()
super(OnsLoaderBase, self).setup_class()
# make annafan a sysadmin to allow package creation
rev = model.repo.new_revision()
user = model.User.by_name(u'annafan')
model.add_user_to_role(user, model.Role.ADMIN, model.System())
model.repo.commit_and_remove()
publist = [g.name for g in model.Session.query(model.Group).all()]
# create test publishers
rev = model.repo.new_revision()
for name, title in publishers.items():
if not name in publist:
model.Session.add(model.Group(name=unicode(name), title=title, type='publisher'))
model.repo.commit_and_remove()
except Exception, e:
# ensure that mock_drupal is destroyed
print e
MockDrupalCase.teardown_class()
#model.repo.rebuild_db()
raise
def am_authorized(c, action, domain_object=None):
''' Deprecated. Please use check_access instead'''
from ckan.authz import Authorizer
if domain_object is None:
from ckan import model
domain_object = model.System()
return Authorizer.am_authorized(c, action, domain_object)
def _create_sysadmin():
model.repo.new_revision()
sysadmin_user = model.User(name='sysadmin')
model.Session.add(sysadmin_user)
model.add_user_to_role(sysadmin_user, model.Role.ADMIN, model.System())
model.repo.commit_and_remove()
return 'sysadmin'
def setup_class(self):
# for the authorization editing tests we set up test data so:
# three users, madeup-sysadmin , madeup-administrator, and madeup-another
# one authzgroup
# two packages test6 and test6a, m-a is admin on both
model.repo.init_db()
model.repo.new_revision()
self.sysadmin = 'madeup-sysadmin'
sysadmin_user = model.User(name=unicode(self.sysadmin))
self.admin = 'madeup-administrator'
admin_user = model.User(name=unicode(self.admin))
self.another = u'madeup-another'
another_user = model.User(name=unicode(self.another))
self.authzgroup = u'madeup-authzgroup'
authzgroup = model.AuthorizationGroup(name=unicode(self.authzgroup))
for obj in sysadmin_user, admin_user, another_user, authzgroup:
model.Session.add(obj)
model.add_user_to_role(sysadmin_user, model.Role.ADMIN, model.System())
model.repo.new_revision()
self.pkgname = u'test6'
self.pkgname2 = u'test6a'
pkg = model.Package(name=self.pkgname)
pkg2 = model.Package(name=self.pkgname2)
model.Session.add(pkg)
model.Session.add(pkg2)
admin_user = model.User.by_name(unicode(self.admin))
assert admin_user
model.setup_default_user_roles(pkg, admins=[admin_user])
model.setup_default_user_roles(pkg2, admins=[admin_user])
model.repo.commit_and_remove()
def roles_user_list(context, data_dict):
'''
Returns the roles of the given user
:returns: roles
:rtype: dictionary
'''
if (check_access('roles_user_list', context, data_dict) == True):
user_name = data_dict.get('user_name')
log.info('Looking up roles for user %r ...', user_name)
try:
user = model.User.get(user_name)
roles = {'System': [], 'Group': [], 'Package': []}
for role in [u'admin', u'editor', u'reader']:
if (authz.user_has_role(user, role, model.System())):
roles['System'].append(role)
if (authz.user_has_role(user, role, model.Package())):
roles['Package'].append(role)
if (authz.user_has_role(user, role, model.Group())):
roles['Group'].append(role)
result = roles
return {'success': True, 'result': result}
except:
return {'success': False, 'msg': traceback.print_exc()}
else:
return {'success': False, 'msg': 'authentication failed'}
def setup(self):
# need to do this for every test since we mess with System rights
CreateTestData.create()
model.repo.new_revision()
model.Session.add(model.User(name=u'testadmin'))
model.Session.add(model.User(name=u'testsysadmin'))
model.Session.add(model.User(name=u'notadmin'))
model.repo.commit_and_remove()
pkg = model.Package.by_name(u'annakarenina')
admin = model.User.by_name(u'testadmin')
sysadmin = model.User.by_name(u'testsysadmin')
model.add_user_to_role(admin, model.Role.ADMIN, pkg)
model.add_user_to_role(sysadmin, model.Role.ADMIN, model.System())
model.repo.commit_and_remove()
self.pkg = model.Package.by_name(u'annakarenina')
self.admin = model.User.by_name(u'testadmin')
self.sysadmin = model.User.by_name(u'testsysadmin')
self.notadmin = model.User.by_name(u'notadmin')
self.package_fillers = {
'title': 'test title',
'notes': 'test notes',
'license_id': 'mit-license',
}
def setup_class(cls):
setup_test_search_index()
assert_solr_schema_is_the_dgu_variant()
CreateTestData.create_user('sysadmin')
model.add_user_to_role(model.User.by_name(u'sysadmin'),
model.Role.ADMIN, model.System())
model.repo.commit_and_remove()
def test_register_whilst_logged_in(self):
'''Start registration form as user B then in another window login
as user A, and then try and then submit form for user B. #1799.'''
# create user A
password = u'letmein'
CreateTestData.create_user(name=u'user_a__', password=password)
userA = model.User.by_name(u'user_a__')
# make him a sysadmin, to ensure he is allowed to create a user
model.add_user_to_role(userA, model.Role.ADMIN, model.System())
model.repo.commit_and_remove()
userA = model.User.by_name(u'user_a__')
# start to register user B
offset = url_for(controller='user', action='register')
res = self.app.get(offset)
fvA = res.forms['user-edit']
fvA['name'] = 'user_b_'
fvA['fullname'] = 'User B'
fvA['email'] = '*****@*****.**'
fvA['password1'] = password
fvA['password2'] = password
# login user A
offset = url_for(controller='user', action='login')
res = self.app.get(offset)
fvB = res.forms['login']
fvB['login'] = '******'
fvB['password'] = str(password)
res = fvB.submit()
while res.status == 302:
res = res.follow()
assert_equal(res.status, 200)
# finish registration of user B
res = fvA.submit('save')
assert_equal(res.status, 200)
assert 'user_a__</a> is currently logged in' in res.body, res.body
assert 'User "user_b_" is now registered but you are still logged in as "user_a__" from before'.replace(
'"', '"') in res.body, res.body
assert 'logout' in res.body, res.body
# logout and login as user B
res = self.app.get('/user/_logout')
res2 = res.follow()
while res2.status == 302:
res2 = res2.follow()
assert 'You have logged out successfully.' in res2, res2
offset = url_for(controller='user', action='login')
res = self.app.get(offset)
fv = res.forms['login']
fv['login'] = '******'
fv['password'] = str(password)
res = fv.submit()
while res.status == 302:
res = res.follow()
assert_equal(res.status, 200)
assert 'User B is now logged in' in res.body, res.body
def create_roles(cls, roles):
'''This is just a basic version for CKAN 1.7.1 - the full version
will be in CKAN 1.8.'''
for subj, role, obj in roles:
assert role, obj == ('admin', 'system')
subj = model.User.by_name(unicode(subj))
model.add_user_to_role(subj, model.Role.ADMIN, model.System())
model.repo.commit_and_remove()
def test_02_authorization(self):
from ckan.model.authz import Action
import ckan.model as model
import ckan.authz as authz
john = model.User(name=u'john')
model.Session.add(john)
is_authorized = authz.Authorizer.is_authorized(john.name,
Action.UPLOAD_ACTION,
model.System())
assert is_authorized
def _create_test_data(cls):
CreateTestData.create()
# Remove visitor and logged in roles
roles = []
q = model.Session.query(model.UserObjectRole).\
filter(model.UserObjectRole.user==model.User.by_name(u"visitor"))
roles.extend(q.all())
q = model.Session.query(model.UserObjectRole).\
filter(model.UserObjectRole.user==model.User.by_name(u"logged_in"))
roles.extend(q.all())
for role in roles:
model.Session.delete(role)
rev = model.repo.new_revision()
model.Session.add_all([
model.User(name=u'pkggroupadmin'),
model.User(name=u'site_reader'),
model.User(name=u'outcast'),
model.Package(name=cls.ENTITY_NAME),
model.Package(name=u'deleted'),
model.Group(name=cls.ENTITY_NAME),
model.Group(name=u'deleted'),
model.Tag(name=cls.ENTITY_NAME),
model.RoleAction(role=cls.TRUSTED_ROLE,
context=u'',
action=model.Action.SITE_READ),
model.RoleAction(role=cls.TRUSTED_ROLE,
context=u'',
action=model.Action.READ),
])
model.repo.commit_and_remove()
# testsysadmin is sysadmin
# annafan is package admin for annakarenina
rev = model.repo.new_revision()
site_reader = model.User.by_name(u'site_reader')
pkggroupadmin = model.User.by_name(u'pkggroupadmin')
pkg = model.Package.by_name(cls.ENTITY_NAME)
group = model.Group.by_name(cls.ENTITY_NAME)
tag = model.Tag.by_name(cls.ENTITY_NAME)
pkg.add_tag(tag)
model.add_user_to_role(site_reader, cls.TRUSTED_ROLE, model.System())
model.add_user_to_role(site_reader, cls.TRUSTED_ROLE, pkg)
model.add_user_to_role(site_reader, cls.TRUSTED_ROLE, group)
model.add_user_to_role(pkggroupadmin, model.Role.ADMIN, pkg)
model.add_user_to_role(pkggroupadmin, model.Role.ADMIN, group)
model.Package.by_name(u'deleted').delete()
model.Group.by_name(u'deleted').delete()
model.repo.commit_and_remove()
cls.testsysadmin = model.User.by_name(u'testsysadmin')
cls.pkggroupadmin = model.User.by_name(u'pkggroupadmin')
cls.site_reader = model.User.by_name(u'site_reader')
cls.outcast = model.User.by_name(u'outcast')
def set_roles(self, user_name, drupal_roles):
'''Sets CKAN user roles based on the drupal roles.
Restricted to sysadmin. Publishing roles initially imported during migration from
Drupal.
Example drupal_roles:
['package admin', 'publisher admin', 'authenticated user', 'publishing user']
where sysadmin roles are:
3 'administrator' - total control
11 'package admin' - admin of datasets
'publisher admin' - admin of publishers
other roles:
'publishing user' - anyone who has registered - includes spammers
'''
from ckan import model
from ckan.authz import Authorizer
needs_commit = False
user = model.User.by_name(user_name)
# Sysadmin or not
log.debug('User roles in Drupal: %r', drupal_roles)
should_be_sysadmin = bool(
set(('administrator', 'package admin', 'publisher admin'))
& set(drupal_roles))
is_sysadmin = Authorizer().is_sysadmin(user)
if should_be_sysadmin and not is_sysadmin:
# Make user a sysadmin
model.add_user_to_role(user, model.Role.ADMIN, model.System())
log.info('User made a sysadmin: %s', user_name)
needs_commit = True
elif not should_be_sysadmin and is_sysadmin:
# Stop user being a sysadmin
model.remove_user_from_role(user, model.Role.ADMIN, model.System())
log.info('User now not a sysadmin: %s', user_name)
needs_commit = True
if needs_commit:
model.repo.commit_and_remove()
def list(self, args):
q = model.Session.query(model.UserObjectRole)
q = self._filter_query(q, args)
if q.count() == 0:
print 'No results'
else:
print '%i results' % q.count()
for uor in q:
if uor.name:
obj = getattr(uor, uor.name)
else:
obj = model.System()
self.print_row(uor.user if uor.user else uor.authorized_group,
uor.role, obj)
def remove(self):
import ckan.model as model
if len(self.args) < 2:
print 'Need name of the user to be made sysadmin.'
return
username = self.args[1]
user = model.User.by_name(unicode(username))
if not user:
print 'Error: user "%s" not found!' % username
return
model.remove_user_from_role(user, model.Role.ADMIN, model.System())
model.repo.commit_and_remove()
def setup_class(cls):
# setup test data including testsysadmin user
CreateTestData.create()
# Creating a couple of authorization groups, which are enough to break
# some things just by their existence
for ag_name in [u'anauthzgroup', u'anotherauthzgroup']:
ag=model.AuthorizationGroup.by_name(ag_name)
if not ag: #may already exist, if not create
ag=model.AuthorizationGroup(name=ag_name)
model.Session.add(ag)
model.Session.commit()
#they are especially dangerous if they have a role on the System
ag = model.AuthorizationGroup.by_name(u'anauthzgroup')
model.add_authorization_group_to_role(ag, u'editor', model.System())
model.Session.commit()
def authorize(method, bucket, key, user, ofs):
"""
Check authz for the user with a given bucket/key combo within a
particular ofs implementation.
"""
if not method in ['POST', 'GET', 'PUT', 'DELETE']:
abort(400)
if method != 'GET':
# do not allow overwriting
if ofs.exists(bucket, key):
abort(409)
# now check user stuff
username = user.name if user else ''
is_authorized = authz.Authorizer.is_authorized(username, 'file-upload', model.System())
if not is_authorized:
h.flash_error('Not authorized to upload files.')
abort(401)
def setup_class(self):
search.clear()
setup_test_search_index()
super(OnsLoaderBase, self).setup_class()
# make annafan a sysadmin to allow package creation
rev = model.repo.new_revision()
user = model.User.by_name(u'annafan')
model.add_user_to_role(user, model.Role.ADMIN, model.System())
model.repo.commit_and_remove()
# create test publishers
rev = model.repo.new_revision()
for name, title in publishers.items():
model.Session.add(
model.Group(name=unicode(name), title=title, type='publisher'))
model.repo.commit_and_remove()
def setup(self):
model.repo.init_db()
CreateTestData.create()
self.package_name = u'formsapi'
self.package_name_alt = u'formsapialt'
self.package_name_alt2 = u'formsapialt2'
self.apikey_header_name = config.get('apikey_header_name',
'X-CKAN-API-Key')
self.user = self.get_user_by_name(u'tester')
if not self.user:
self.user = self.create_user(name=u'tester')
self.user = self.get_user_by_name(u'tester')
model.add_user_to_role(self.user, model.Role.ADMIN, model.System())
model.repo.commit_and_remove()
self.extra_environ = {self.apikey_header_name: str(self.user.apikey)}
self.create_package(name=self.package_name)
def setup_class(self):
# for the authorization editing tests we set up test data so:
# three users, sysadmin , administrator, and another
# one authzgroup, one group, one package
# and administrator is admin on all three
# one extra authzgroup, authzgroup2, with no permissions to start with
model.repo.init_db()
model.repo.new_revision()
self.sysadmin = 'sysadmin'
sysadmin_user = model.User(name=unicode(self.sysadmin))
self.admin = 'administrator'
admin_user = model.User(name=unicode(self.admin))
self.another = 'another'
another_user = model.User(name=unicode(self.another))
self.authzgroup = 'authzgroup'
authzgroup = model.AuthorizationGroup(name=unicode(self.authzgroup))
self.group = 'group'
group = model.Group(name=unicode(self.group))
self.authzgroup2 = 'authzgroup2'
authzgroup2 = model.AuthorizationGroup(name=unicode(self.authzgroup2))
for obj in sysadmin_user, admin_user, another_user, authzgroup, group, authzgroup2:
model.Session.add(obj)
model.add_user_to_role(sysadmin_user, model.Role.ADMIN, model.System())
model.repo.commit_and_remove()
model.repo.new_revision()
self.pkg = u'dataset'
pkg = model.Package(name=self.pkg)
model.Session.add(pkg)
admin_user = model.User.by_name(unicode(self.admin))
assert admin_user
# setup all three authorization objects to have logged in and visitor as editors, and the admin as admin
model.setup_user_roles(pkg, ['editor'], ['editor'], [admin_user])
model.setup_user_roles(authzgroup, ['editor'], ['editor'],
[admin_user])
model.setup_user_roles(group, ['editor'], ['editor'], [admin_user])
model.repo.commit_and_remove()
def setup_class(self):
CreateTestData.create()
model.repo.new_revision()
model.Session.add(model.Package(name=u'testpkg'))
model.Session.add(model.Package(name=u'testpkg2'))
model.Session.add(model.Package(name=u'private_pkg'))
model.Session.add(model.User(name=u'testadmin'))
# Cannot setup testsysadmin user as it is alreade done in
# the default test data.
#model.Session.add(model.User(name=u'testsysadmin'))
model.Session.add(model.User(name=u'notadmin'))
model.Session.add(model.Group(name=u'testgroup'))
model.Session.add(model.Group(name=u'testgroup2'))
model.repo.commit_and_remove()
model.repo.new_revision()
pkg = model.Package.by_name(u'testpkg')
pkg2 = model.Package.by_name(u'testpkg2')
private_pkg = model.Package.by_name(u'private_pkg')
pkg.add_relationship(u'depends_on', pkg2)
pkg.add_relationship(u'depends_on', private_pkg)
model.repo.commit_and_remove()
pkg = model.Package.by_name(u'testpkg')
grp = model.Group.by_name(u'testgroup')
admin = model.User.by_name(u'testadmin')
sysadmin = model.User.by_name(u'testsysadmin')
notadmin = model.User.by_name(u'notadmin')
model.add_user_to_role(admin, model.Role.ADMIN, pkg)
model.add_user_to_role(admin, model.Role.ADMIN, grp)
model.add_user_to_role(sysadmin, model.Role.ADMIN, model.System())
model.add_user_to_role(notadmin, model.Role.READER, pkg)
model.add_user_to_role(notadmin, model.Role.READER, pkg2)
model.repo.commit_and_remove()
self.authorizer = ckan.authz.Authorizer()
self.pkg = model.Package.by_name(u'testpkg')
self.pkg2 = model.Package.by_name(u'testpkg2')
self.private_pkg = model.Package.by_name(u'private_pkg')
self.grp = model.Group.by_name(u'testgroup')
self.grp2 = model.Group.by_name(u'testgroup2')
self.admin = model.User.by_name(u'testadmin')
self.sysadmin = model.User.by_name(u'testsysadmin')
self.notadmin = model.User.by_name(u'notadmin')
def list(self, args):
from ckan import model
q = model.Session.query(model.UserObjectRole)
q = self._filter_query(q, args)
if q.count() == 0:
print 'No results'
else:
print '%i results' % q.count()
for uor in q:
if uor.name:
try:
obj = getattr(uor, uor.name)
except ObjectDeletedError, e:
print '! ERROR accessing uor id: ', uor.id
continue
else:
obj = model.System()
print RightsTool.get_printable_row(uor.user if uor.user else '',
uor.role, obj)
def anon_editor_role_delete(context, data_dict):
'''
Deletes reader role for the given user
who gets editor role
:returns: on success True otherwise False
:rtype: string
'''
if (check_access('admin_role_create', context, data_dict) == True):
user_name = data_dict.get('user_name')
log.info('Creating reader role for user: %r', user_name)
try:
user = model.User.get(user_name)
authz.remove_user_from_role(user, u'anon_editor', model.System())
model.Session.commit()
return {'success': True}
except:
return {'success': False, 'error': traceback.print_exc()}
else:
return {'success': False, 'msg': 'authentication failed'}
def setup_class(self):
CreateTestData.create()
q = model.Session.query(model.UserObjectRole).filter(
sa.or_(model.UserObjectRole.role == Role.EDITOR,
model.UserObjectRole.role == Role.ANON_EDITOR,
model.UserObjectRole.role == Role.READER))
q = q.filter(
model.UserObjectRole.user == model.User.by_name(u"visitor"))
for role in q:
model.Session.delete(role)
model.repo.commit_and_remove()
model.repo.new_revision()
model.Session.add(model.Package(name=u'testpkg'))
model.Session.add(model.Package(name=u'testpkg2'))
model.Session.add(model.User(name=u'testadmin'))
# Cannot setup testsysadmin user as it is alreade done in
# the default test data.
#model.Session.add(model.User(name=u'testsysadmin'))
model.Session.add(model.User(name=u'notadmin'))
model.Session.add(model.Group(name=u'testgroup'))
model.Session.add(model.Group(name=u'testgroup2'))
model.repo.commit_and_remove()
pkg = model.Package.by_name(u'testpkg')
grp = model.Group.by_name(u'testgroup')
admin = model.User.by_name(u'testadmin')
sysadmin = model.User.by_name(u'testsysadmin')
model.add_user_to_role(admin, model.Role.ADMIN, pkg)
model.add_user_to_role(admin, model.Role.ADMIN, grp)
model.add_user_to_role(sysadmin, model.Role.ADMIN, model.System())
model.repo.commit_and_remove()
self.authorizer = ckan.authz.Authorizer()
self.pkg = model.Package.by_name(u'testpkg')
self.pkg2 = model.Package.by_name(u'testpkg2')
self.grp = model.Group.by_name(u'testgroup')
self.grp2 = model.Group.by_name(u'testgroup2')
self.admin = model.User.by_name(u'testadmin')
self.sysadmin = model.User.by_name(u'testsysadmin')
self.notadmin = model.User.by_name(u'notadmin')
def add(self):
from ckan import model
if len(self.args) < 2:
print 'Need name of the user to be made sysadmin.'
return
username = self.args[1]
user = model.User.by_name(unicode(username))
if not user:
print 'User "%s" not found' % username
makeuser = raw_input('Create new user: %s? [y/n]' % username)
if makeuser == 'y':
password = UserCmd.password_prompt()
print('Creating %s user' % username)
user = model.User(name=unicode(username), password=password)
else:
print 'Exiting ...'
return
model.add_user_to_role(user, model.Role.ADMIN, model.System())
model.repo.commit_and_remove()
print 'Added %s as sysadmin' % username
def editor_role_create(context, data_dict):
'''
Creates a new editor role for the given user
:param user_name: the name of the user who gets editor role
:returns: on success True otherwise False
:rtype: string
'''
if (check_access('editor_role_create', context, data_dict) == True):
user_name = data_dict.get('user_name')
log.info('Creating editor role for user: %r', user_name)
try:
user = model.User.get(user_name)
authz.add_user_to_role(user, u'editor', model.System())
model.Session.commit()
return {'success': True}
except:
return {'success': False, 'msg': traceback.print_exc()}
else:
return {'success': False, 'msg': 'authentication failed'}
def admin_role_delete(context, data_dict):
'''
Deletes admin role for the given user
:param user_name: the name of the user
:returns: on success True otherwise False
:rtype: string
'''
if (check_access('admin_role_create', context, data_dict) == True):
user_name = data_dict.get('user_name')
log.info('Creating admin role for user: %r', user_name)
try:
user = model.User.get(user_name)
authz.remove_user_from_role(user, u'admin', model.System())
model.Session.commit()
return {'success': True}
except:
return {'success': False}
else:
return {'success': False, 'msg': 'authentication failed'}
