def metadata_record_create(context, data_dict):
return {
'success':
check_privs(context,
require_contributor=True,
require_organization=(data_dict or {}).get('owner_org'))
}
def metadata_collection_create(context, data_dict):
return {
'success':
check_privs(context,
require_curator=True,
require_organization=(data_dict
or {}).get('organization_id'))
}
def metadata_collection_workflow_state_transition(context, data_dict):
if 'id' in (data_dict or {}):
model = context['model']
session = context['session']
metadata_collection_id = model.Group.get(data_dict['id']).id
organization_id = session.query(model.GroupExtra.value).filter_by(group_id=metadata_collection_id, key='organization_id').scalar()
else:
organization_id = None
return {'success': check_privs(context, require_curator=True, require_organization=organization_id)}
def metadata_record_workflow_annotation_create(context, data_dict):
organization_id = context['model'].Package.get(
data_dict['id']).owner_org if 'id' in (data_dict or {}) else None
return {
'success':
check_privs(context,
require_contributor=True,
require_organization=organization_id)
}
def role_validator(validator, role_name, instance, schema):
"""
"role" keyword validator function: checks that instance is the email of a user with the named role,
and that the role is applicable to the metadata record being validated.
"""
if validator.is_type(instance, 'string'):
metadata_record_id = validator.object_id
organization_id = ckan_model.Package.get(metadata_record_id).owner_org
users = ckan_model.User.by_email(instance)
user = users[0] if users else None
if not user:
yield jsonschema.ValidationError(
_("User not found for email %s") % instance)
return
check_context = {'user': user.name, 'model': ckan_model}
if role_name == config.get('ckan.metadata.admin_role'):
valid = check_privs(check_context, require_admin=True)
elif role_name == config.get('ckan.metadata.curator_role'):
valid = check_privs(check_context,
require_curator=True,
require_organization=organization_id)
elif role_name == config.get('ckan.metadata.harvester_role'):
valid = check_privs(check_context,
require_harvester=True,
require_organization=organization_id)
elif role_name == config.get('ckan.metadata.contributor_role'):
valid = check_privs(check_context,
require_contributor=True,
require_organization=organization_id)
else:
yield jsonschema.ValidationError(
_("Role %s is not supported by this keyword") % role_name)
return
if not valid:
yield jsonschema.ValidationError(
_("User %s does not have the %s role within the applicable organizational context"
) % (instance, role_name))
def metadata_record_index_update(context, data_dict):
organization_id = context['model'].Package.get(data_dict['id']).owner_org if 'id' in (data_dict or {}) else None
return {'success': check_privs(context, require_curator=True, require_organization=organization_id)}
def metadata_record_workflow_state_override(context, data_dict):
return {'success': check_privs(context, require_admin=True)}
def metadata_json_attr_map_update(context, data_dict):
return {'success': check_privs(context, require_admin=True)}
def workflow_annotation_update(context, data_dict):
return {'success': check_privs(context, require_admin=True)}
def organization_update(context, data_dict):
return {'success': check_privs(context, require_admin=True)}
def infrastructure_update(context, data_dict):
return {'success': check_privs(context, require_admin=True)}
def metadata_schema_update(context, data_dict):
return {'success': check_privs(context, require_admin=True)}
def metadata_record_workflow_state_transition(context, data_dict):
organization_id = context['model'].Package.get(data_dict['id']).owner_org if 'id' in (data_dict or {}) else None
return {'success': check_privs(context, require_harvester=True, require_organization=organization_id)}
def metadata_standard_index_create(context, data_dict):
return {'success': check_privs(context, require_admin=True)}
def workflow_transition_create(context, data_dict):
return {'success': check_privs(context, require_admin=True)}
def workflow_state_delete(context, data_dict):
return {'success': check_privs(context, require_admin=True)}
