def get_user_dataset_num(userobj): from ckan.lib.base import model from ckan.lib.search import SearchError from ckanext.bcgov.util.util import get_user_orgs user_id = userobj.id #If this is the sysadmin user then return don't filter any dataset if userobj.sysadmin == True: fq = '' else : #Include only datsset created by this user or those from the orgs that the user has the admin role. fq = ' +(edc_state:("PUBLISHED" OR "PENDING ARCHIVE")' user_orgs = ['"' + org.id + '"' for org in get_user_orgs(user_id, 'admin')] user_orgs += ['"' + org.id + '"' for org in get_user_orgs(user_id, 'editor')] if len(user_orgs) > 0: fq += ' OR owner_org:(' + ' OR '.join(user_orgs) + ')' fq += ')' try: # package search context = {'model': model, 'session': model.Session, 'user': user_id} data_dict = { 'q':'', 'fq':fq, 'facet':'false', 'rows':0, 'start':0, } query = toolkit.get_action('package_search')(context,data_dict) count = query['count'] except SearchError, se: log.error('Search error: %s', se) count = 0
def record_is_viewable(pkg_dict, userobj): ''' Checks if the user is authorized to view the dataset. Public users can only see published or pending archive records and only if the metadata-visibility is public. Government users who are not admins or editors can only see the published or pending archive records. Editors and admins can see all the records of their organizations in addition to what government users can see. ''' from ckanext.bcgov.util.util import get_user_orgs #Sysadmin can view all records if userobj and userobj.sysadmin == True : return True #Anonymous user (visitor) can only view published public records published_state = ['PUBLISHED', 'PENDING ARCHIVE'] if pkg_dict['metadata_visibility'] == 'Public' and pkg_dict['edc_state'] in published_state: return True if userobj : if pkg_dict['metadata_visibility'] == 'IDIR' and pkg_dict['edc_state'] in published_state: return True user_orgs = [org.id for org in get_user_orgs(userobj.id, 'editor') ] user_orgs += [org.id for org in get_user_orgs(userobj.id, 'admin') ] if pkg_dict['owner_org'] in user_orgs: return True return False
def before_search(self, search_params): ''' Customizes package search and applies filters based on the dataset metadata-visibility and user roles. ''' #Change the default sort order when no query passed if not search_params.get('q') and search_params.get('sort') in (None, 'rank'): search_params['sort'] = 'record_publish_date desc, metadata_modified desc' #Change the query filter depending on the user if 'fq' in search_params: fq = search_params['fq'] else: fq = '' #need to append solr param q.op to force an AND query if 'q' in search_params: q = search_params['q'] if q !='': q = '{!lucene q.op=AND}' + q search_params['q'] = q else: q = '' try : user_name = c.user or 'visitor' # There are no restrictions for sysadmin if c.userobj and c.userobj.sysadmin == True: fq += ' ' else: if user_name != 'visitor': fq += ' +(edc_state:("PUBLISHED" OR "PENDING ARCHIVE")' #IDIR users can also see private records of their organizations user_id = c.userobj.id #Get the list of orgs that the user is an admin or editor of user_orgs = ['"' + org.id + '"' for org in get_user_orgs(user_id, 'admin')] user_orgs += ['"' + org.id + '"' for org in get_user_orgs(user_id, 'editor')] if user_orgs != []: fq += ' OR ' + 'owner_org:(' + ' OR '.join(user_orgs) + ')' fq += ')' #Public user can only view public and published records else: fq += ' +(edc_state:("PUBLISHED" OR "PENDING ARCHIVE") AND metadata_visibility:("Public"))' except Exception: if 'fq' in search_params: fq = search_params['fq'] else: fq = '' fq += ' +edc_state:("PUBLISHED" OR "PENDING ARCHIVE") +metadata_visibility:("Public")' search_params['fq'] = fq return search_params
def before_search(self, search_params): """ Customizes package search and applies filters based on the dataset metadata-visibility and user roles. """ # Change the default sort order if search_params.get("sort") in (None, "rank"): search_params["sort"] = "record_publish_date desc, metadata_modified desc" # Change the query filter depending on the user if "fq" in search_params: fq = search_params["fq"] else: fq = "" # need to append solr param q.op to force an AND query if "q" in search_params: q = search_params["q"] if q != "": q = "{!lucene q.op=AND}" + q search_params["q"] = q else: q = "" try: user_name = c.user or "visitor" # There are no restrictions for sysadmin if c.userobj and c.userobj.sysadmin == True: fq += " " else: if user_name != "visitor": fq += ' +(edc_state:("PUBLISHED" OR "PENDING ARCHIVE")' # IDIR users can also see private records of their organizations user_id = c.userobj.id # Get the list of orgs that the user is an admin or editor of user_orgs = ['"' + org.id + '"' for org in get_user_orgs(user_id, "admin")] user_orgs += ['"' + org.id + '"' for org in get_user_orgs(user_id, "editor")] if user_orgs != []: fq += " OR " + "owner_org:(" + " OR ".join(user_orgs) + ")" fq += ")" # Public user can only view public and published records else: fq += ' +(edc_state:("PUBLISHED" OR "PENDING ARCHIVE") AND metadata_visibility:("Public"))' except Exception: if "fq" in search_params: fq = search_params["fq"] else: fq = "" fq += ' +edc_state:("PUBLISHED" OR "PENDING ARCHIVE") +metadata_visibility:("Public")' search_params["fq"] = fq return search_params
def dashboard_unpublished(self): user_id = c.userobj.id fq = ' +edc_state:("DRAFT" OR "PENDING PUBLISH" OR "REJECTED")' #Get the list of organizations that this user is the admin if not c.userobj.sysadmin : user_orgs = ['"' + org.id + '"' for org in get_user_orgs(user_id, 'admin')] user_orgs += ['"' + org.id + '"' for org in get_user_orgs(user_id, 'editor')] if len(user_orgs) > 0 : fq += ' +owner_org:(' + ' OR '.join(user_orgs) + ')' self._user_datasets('dashboard_unpublished', c.userobj.id, fq) return render('user/dashboard_unpublished.html')
def read(self, id=None): user_id = c.userobj.id if c.userobj and c.userobj.sysadmin == True: fq = '' else : fq = ' +(edc_state:("PUBLISHED" OR "PENDING ARCHIVE")' user_orgs = ['"' + org.id + '"' for org in get_user_orgs(user_id, 'admin')] user_orgs += ['"' + org.id + '"' for org in get_user_orgs(user_id, 'editor')] if len(user_orgs) > 0: fq += ' OR owner_org:(' + ' OR '.join(user_orgs) + ')' fq += ')' self._user_datasets('read',id, fq) return render('user/read.html')
def record_is_viewable(pkg_dict, userobj): ''' Checks if the user is authorized to view the dataset. Public users can only see published or pending archive records and only if the metadata-visibility is public. Government users who are not admins or editors can only see the published or pending archive records. Editors and admins can see all the records of their organizations in addition to what government users can see. ''' from ckanext.bcgov.util.util import get_user_orgs #Sysadmin can view all records if userobj and userobj.sysadmin == True : return True #Anonymous user (visitor) can only view published public records published_state = ['PUBLISHED', 'PENDING ARCHIVE'] # CITZEDC-832 # Checking in `extras` for custom schema fields metadata_visibility = '' edc_state = '' owner_org = '' if 'metadata_visibility' in pkg_dict: metadata_visibility = pkg_dict['metadata_visibility'] else: metadata_visibility = get_package_extras_by_key('metadata_visibility', pkg_dict) if 'edc_state' in pkg_dict: edc_state = pkg_dict['edc_state'] else: edc_state = get_package_extras_by_key('edc_state', pkg_dict) if 'owner_org' in pkg_dict: owner_org = pkg_dict['owner_org'] else: owner_org = get_package_extras_by_key('owner_org', pkg_dict) if metadata_visibility == 'Public' and edc_state in published_state: return True if userobj : if metadata_visibility == 'IDIR' and edc_state in published_state: return True user_orgs = [org.id for org in get_user_orgs(userobj.id, 'editor') ] user_orgs += [org.id for org in get_user_orgs(userobj.id, 'admin') ] if owner_org in user_orgs: return True return False