[ckan-changes] commit/ckan: 11 new changesets
Bitbucket
commits-noreply at bitbucket.org
Thu Aug 11 14:02:09 UTC 2011
11 new changesets in ckan:
http://bitbucket.org/okfn/ckan/changeset/596ea7fe7e14/
changeset: 596ea7fe7e14
branch: feature-1253-authz-refactor
user: amercader
date: 2011-08-10 16:27:59
summary: [auth] Refactor group controller checks
affected #: 2 files (1.1 KB)
--- a/ckan/controllers/group.py Wed Aug 10 13:33:48 2011 +0100
+++ b/ckan/controllers/group.py Wed Aug 10 15:27:59 2011 +0100
@@ -13,7 +13,7 @@
import ckan.logic.action.update as update
import ckan.logic.action.get as get
from ckan.lib.navl.dictization_functions import DataError, unflatten, validate
-from ckan.logic import NotFound, NotAuthorized, ValidationError
+from ckan.logic import NotFound, NotAuthorized, ValidationError, check_access
from ckan.logic.schema import group_form_schema
from ckan.logic import tuplize_dict, clean_dict, parse_params
import ckan.forms
@@ -34,10 +34,13 @@
c.is_sysadmin = Authorizer().is_sysadmin(c.user)
## This is messy as auths take domain object not data_dict
- group = context.get('group') or c.pkg
+ group = context.get('group') or c.group
if group:
- c.auth_for_change_state = Authorizer().am_authorized(
- c, model.Action.CHANGE_STATE, group)
+ try:
+ check_access('group_change_state',context)
+ c.auth_for_change_state = True
+ except NotAuthorized:
+ c.auth_for_change_state = False
## end hooks
@@ -99,9 +102,9 @@
'user': c.user or c.author, 'extras_as_string': True,
'schema': self._form_to_db_schema(),
'save': 'save' in request.params}
-
- auth_for_create = Authorizer().am_authorized(c, model.Action.GROUP_CREATE, model.System())
- if not auth_for_create:
+ try:
+ check_access('group_create',context)
+ except NotAuthorized:
abort(401, _('Unauthorized to create a group'))
if context['save'] and not data:
@@ -142,8 +145,9 @@
group = context.get("group")
- am_authz = self.authorizer.am_authorized(c, model.Action.EDIT, group)
- if not am_authz:
+ try:
+ check_access('group_update',context)
+ except NotAuthorized, e:
abort(401, _('User %r not authorized to edit %s') % (c.user, id))
errors = errors or {}
@@ -197,10 +201,15 @@
c.groupname = group.name
c.grouptitle = group.display_name
- c.authz_editable = self.authorizer.am_authorized(c, model.Action.EDIT_PERMISSIONS, group)
+ try:
+ context = {'model':model,'user':c.user or c.author, 'package':pkg}
+ check_access('package_edit_permissions',context)
+ c.authz_editable = True
+ except NotAuthorized:
+ c.authz_editable = False
+
if not c.authz_editable:
abort(401, gettext('User %r not authorized to edit %s authorizations') % (c.user, id))
-
#see package.py for comments
def get_userobjectroles():
--- a/ckan/logic/auth/update.py Wed Aug 10 13:33:48 2011 +0100
+++ b/ckan/logic/auth/update.py Wed Aug 10 15:27:59 2011 +0100
@@ -54,13 +54,40 @@
def group_update(context, data_dict):
model = context['model']
- id = data_dict['id']
- group = model.Group.get(id)
user = context['user']
+ if not 'group' in context:
+ id = data_dict.get('id',None)
+ group = model.Group.get(id)
+ if not group:
+ raise NotFound
+ else:
+ group = context['group']
authorized = check_access_old(group, model.Action.EDIT, context)
if not authorized:
- return {'success': False, 'msg': _('User %s not authorized to edit group %s') % (str(user),id)}
+ return {'success': False, 'msg': _('User %s not authorized to edit group %s') % (str(user),group.id)}
+ else:
+ return {'success': True}
+
+def group_change_state(context, data_dict):
+ model = context['model']
+ group = context['group']
+ user = context['user']
+
+ authorized = check_access_old(group, model.Action.CHANGE_STATE, context)
+ if not authorized:
+ return {'success': False, 'msg': _('User %s not authorized to change state of group %s') % (str(user),group.id)}
+ else:
+ return {'success': True}
+
+def group_edit_permissions(context, data_dict):
+ model = context['model']
+ group = context['group']
+ user = context['user']
+
+ authorized = check_access_old(group, model.Action.EDIT_PERMISSIONS, context)
+ if not authorized:
+ return {'success': False, 'msg': _('User %s not authorized to edit permissions of group %s') % (str(user),group.id)}
else:
return {'success': True}
http://bitbucket.org/okfn/ckan/changeset/267834dc6656/
changeset: 267834dc6656
branch: feature-1253-authz-refactor
user: amercader
date: 2011-08-10 16:34:16
summary: [auth] Remove unnecessary context declaration
affected #: 1 file (83 bytes)
--- a/ckan/controllers/package.py Wed Aug 10 15:27:59 2011 +0100
+++ b/ckan/controllers/package.py Wed Aug 10 15:34:16 2011 +0100
@@ -88,7 +88,6 @@
pkg = context.get('package') or c.pkg
if pkg:
try:
- context = {'model':model,'user':c.user or c.author, 'package':pkg}
check_access('package_change_state',context)
c.auth_for_change_state = True
except NotAuthorized:
http://bitbucket.org/okfn/ckan/changeset/97151fa7e643/
changeset: 97151fa7e643
branch: feature-1253-authz-refactor
user: amercader
date: 2011-08-10 17:25:56
summary: [auth] Fix site_read calls and bugs in package and group controllers
affected #: 7 files (292 bytes)
--- a/ckan/controllers/api.py Wed Aug 10 15:34:16 2011 +0100
+++ b/ckan/controllers/api.py Wed Aug 10 16:25:56 2011 +0100
@@ -11,7 +11,7 @@
from ckan.plugins import PluginImplementations, IGroupController
from ckan.lib.munge import munge_title_to_name
from ckan.lib.navl.dictization_functions import DataError
-from ckan.logic import get_action
+from ckan.logic import get_action, check_access
import ckan.logic.action.get as get
import ckan.logic.action.create as create
import ckan.logic.action.update as update
@@ -37,7 +37,7 @@
self._identify_user()
try:
context = {'model':model,'user': c.user or c.author}
- get.site_read(context)
+ check_access('site_read',context)
except NotAuthorized:
response_msg = self._finish(403, _('Not authorized to see this page'))
# Call start_response manually instead of the parent __call__
--- a/ckan/controllers/authorization_group.py Wed Aug 10 15:34:16 2011 +0100
+++ b/ckan/controllers/authorization_group.py Wed Aug 10 16:25:56 2011 +0100
@@ -6,8 +6,7 @@
import ckan.authz as authz
import ckan.forms
from ckan.lib.helpers import Page
-from ckan.logic import NotAuthorized
-import ckan.logic.action.get as get
+from ckan.logic import NotAuthorized, check_access
class AuthorizationGroupController(BaseController):
@@ -18,7 +17,7 @@
from ckan.lib.helpers import Page
try:
context = {'model':model,'user': c.user or c.author}
- get.site_read(context)
+ check_access('site_read',context)
except NotAuthorized:
abort(401, _('Not authorized to see this page'))
--- a/ckan/controllers/group.py Wed Aug 10 15:34:16 2011 +0100
+++ b/ckan/controllers/group.py Wed Aug 10 16:25:56 2011 +0100
@@ -34,9 +34,12 @@
c.is_sysadmin = Authorizer().is_sysadmin(c.user)
## This is messy as auths take domain object not data_dict
- group = context.get('group') or c.group
+ context_group = context.get('group',None)
+ group = context_group or c.group
if group:
try:
+ if not context_group:
+ context['group'] = group
check_access('group_change_state',context)
c.auth_for_change_state = True
except NotAuthorized:
@@ -45,17 +48,17 @@
## end hooks
def index(self):
- try:
- context = {'model':model,'user': c.user or c.author}
- get.site_read(context)
- except NotAuthorized:
- abort(401, _('Not authorized to see this page'))
context = {'model': model, 'session': model.Session,
'user': c.user or c.author}
data_dict = {'all_fields': True}
-
+
+ try:
+ check_access('site_read',context)
+ except NotAuthorized:
+ abort(401, _('Not authorized to see this page'))
+
results = get.group_list(context,data_dict)
c.page = Page(
@@ -202,8 +205,8 @@
c.grouptitle = group.display_name
try:
- context = {'model':model,'user':c.user or c.author, 'package':pkg}
- check_access('package_edit_permissions',context)
+ context = {'model':model,'user':c.user or c.author, 'group':group}
+ check_access('group_edit_permissions',context)
c.authz_editable = True
except NotAuthorized:
c.authz_editable = False
--- a/ckan/controllers/home.py Wed Aug 10 15:34:16 2011 +0100
+++ b/ckan/controllers/home.py Wed Aug 10 16:25:56 2011 +0100
@@ -6,7 +6,7 @@
from ckan.authz import Authorizer
import ckan.logic.action.get as get
-from ckan.logic import NotAuthorized
+from ckan.logic import NotAuthorized,check_access
from ckan.i18n import set_session_locale
from ckan.lib.search import query_for, QueryOptions, SearchError
from ckan.lib.cache import proxy_cache, get_cache_expires
@@ -23,7 +23,7 @@
BaseController.__before__(self, action, **env)
try:
context = {'model':model,'user': c.user or c.author}
- get.site_read(context)
+ check_access('site_read',context)
except NotAuthorized:
abort(401, _('Not authorized to see this page'))
--- a/ckan/controllers/package.py Wed Aug 10 15:34:16 2011 +0100
+++ b/ckan/controllers/package.py Wed Aug 10 16:25:56 2011 +0100
@@ -85,9 +85,12 @@
c.resource_columns = model.Resource.get_columns()
## This is messy as auths take domain object not data_dict
- pkg = context.get('package') or c.pkg
+ context_pkg = context.get('package',None)
+ pkg = context_pkg or c.pkg
if pkg:
try:
+ if not context_pkg:
+ context['package'] = pkg
check_access('package_change_state',context)
c.auth_for_change_state = True
except NotAuthorized:
@@ -101,9 +104,10 @@
def search(self):
try:
context = {'model':model,'user': c.user or c.author}
- get.site_read(context)
+ check_access('site_read',context)
except NotAuthorized:
abort(401, _('Not authorized to see this page'))
+
q = c.q = request.params.get('q') # unicode format (decoded from utf8)
c.open_only = request.params.get('open_only')
c.downloadable_only = request.params.get('downloadable_only')
--- a/ckan/controllers/revision.py Wed Aug 10 15:34:16 2011 +0100
+++ b/ckan/controllers/revision.py Wed Aug 10 16:25:56 2011 +0100
@@ -3,8 +3,7 @@
from pylons.i18n import get_lang
-from ckan.logic import NotAuthorized
-import ckan.logic.action.get as get
+from ckan.logic import NotAuthorized, check_access
from ckan.lib.base import *
from ckan.lib.helpers import Page
@@ -23,7 +22,7 @@
)
try:
context = {'model':model,'user': c.user or c.author}
- get.site_read(context)
+ check_access('site_read',context)
except NotAuthorized:
abort(401, _('Not authorized to see this page'))
--- a/ckan/controllers/tag.py Wed Aug 10 15:34:16 2011 +0100
+++ b/ckan/controllers/tag.py Wed Aug 10 16:25:56 2011 +0100
@@ -7,7 +7,7 @@
from ckan.lib.cache import proxy_cache
from ckan.lib.helpers import AlphaPage, Page
-from ckan.logic import NotFound, NotAuthorized
+from ckan.logic import NotFound, NotAuthorized, check_access
import ckan.logic.action.get as get
LIMIT = 25
@@ -18,7 +18,7 @@
BaseController.__before__(self, action, **env)
try:
context = {'model':model,'user': c.user or c.author}
- get.site_read(context)
+ check_access('site_read',context)
except NotAuthorized:
abort(401, _('Not authorized to see this page'))
http://bitbucket.org/okfn/ckan/changeset/ba06f24de5fa/
changeset: ba06f24de5fa
branch: feature-1253-authz-refactor
user: amercader
date: 2011-08-10 18:04:58
summary: [auth] Refactor user controller checks
affected #: 1 file (2 bytes)
--- a/ckan/controllers/user.py Wed Aug 10 16:25:56 2011 +0100
+++ b/ckan/controllers/user.py Wed Aug 10 17:04:58 2011 +0100
@@ -8,7 +8,7 @@
from ckan.lib import mailer
from ckan.authz import Authorizer
from ckan.lib.navl.dictization_functions import DataError, unflatten
-from ckan.logic import NotFound, NotAuthorized, ValidationError
+from ckan.logic import NotFound, NotAuthorized, ValidationError, check_access
from ckan.logic import tuplize_dict, clean_dict, parse_params
from ckan.logic.schema import user_new_form_schema, user_edit_form_schema
@@ -49,9 +49,6 @@
def index(self):
LIMIT = 20
- if not self.authorizer.am_authorized(c, model.Action.USER_READ, model.System):
- abort(401, _('Not authorized to see this page'))
-
page = int(request.params.get('page', 1))
c.q = request.params.get('q', '')
c.order_by = request.params.get('order_by', 'name')
@@ -61,6 +58,10 @@
data_dict = {'q':c.q,
'order_by':c.order_by}
+ try:
+ check_access('user_list',context, data_dict)
+ except NotAuthorized:
+ abort(401, _('Not authorized to see this page'))
users_list = get.user_list(context,data_dict)
@@ -73,14 +74,18 @@
return render('user/list.html')
def read(self, id=None):
- if not self.authorizer.am_authorized(c, model.Action.USER_READ, model.System):
- abort(401, _('Not authorized to see this page'))
context = {'model': model,
'user': c.user or c.author}
data_dict = {'id':id,
'user_obj':c.userobj}
+
+ try:
+ check_access('user_show',context, data_dict)
+ except NotAuthorized:
+ abort(401, _('Not authorized to see this page'))
+
try:
user_dict = get.user_show(context,data_dict)
except NotFound:
@@ -107,8 +112,9 @@
'schema': self._new_form_to_db_schema(),
'save': 'save' in request.params}
- auth_for_create = Authorizer().am_authorized(c, model.Action.USER_CREATE, model.System())
- if not auth_for_create:
+ try:
+ check_access('user_create',context)
+ except NotAuthorized:
abort(401, _('Unauthorized to create a user'))
if context['save'] and not data:
http://bitbucket.org/okfn/ckan/changeset/3eaae9bb46f5/
changeset: 3eaae9bb46f5
branch: feature-1253-authz-refactor
user: amercader
date: 2011-08-10 18:36:00
summary: [auth] Refactor revision controller checks
affected #: 2 files (510 bytes)
--- a/ckan/controllers/revision.py Wed Aug 10 17:04:58 2011 +0100
+++ b/ckan/controllers/revision.py Wed Aug 10 17:36:00 2011 +0100
@@ -15,11 +15,15 @@
def __before__(self, action, **env):
BaseController.__before__(self, action, **env)
- c.revision_change_state_allowed = (
- c.user and
- self.authorizer.is_authorized(c.user, model.Action.CHANGE_STATE,
- model.Revision)
- )
+ if c.user:
+ try:
+ check_access('revision_change_state',context)
+ c.revision_change_state_allowed = True
+ except NotAuthorized:
+ c.revision_change_state_allowed = False
+ else:
+ c.revision_change_state_allowed = False
+
try:
context = {'model':model,'user': c.user or c.author}
check_access('site_read',context)
--- a/ckan/logic/auth/update.py Wed Aug 10 17:04:58 2011 +0100
+++ b/ckan/logic/auth/update.py Wed Aug 10 17:36:00 2011 +0100
@@ -103,6 +103,15 @@
return {'success': True}
+def revision_change_state(context, data_dict):
+ model = context['model']
+ user = context['user']
+
+ authorized = Authorizer().is_authorized(user, model.Action.CHANGE_STATE, model.Revision)
+ if not authorized:
+ return {'success': False, 'msg': _('User %s not authorized to change state of revision %s') % (str(user),revision.id)}
+ else:
+ return {'success': True}
## Modifications for rest api
http://bitbucket.org/okfn/ckan/changeset/b17250594b0e/
changeset: b17250594b0e
branch: feature-1253-authz-refactor
user: amercader
date: 2011-08-10 18:36:19
summary: [auth] Refactor old formalchemy controllers checks
affected #: 2 files (421 bytes)
--- a/ckan/controllers/group_formalchemy.py Wed Aug 10 17:36:00 2011 +0100
+++ b/ckan/controllers/group_formalchemy.py Wed Aug 10 17:36:19 2011 +0100
@@ -7,7 +7,7 @@
import ckan.logic.action.update as update
import ckan.logic.action.get as get
from ckan.lib.navl.dictization_functions import DataError, unflatten
-from ckan.logic import NotFound, NotAuthorized, ValidationError
+from ckan.logic import NotFound, NotAuthorized, ValidationError, check_access
from ckan.logic.schema import group_form_schema
from ckan.logic import tuplize_dict, clean_dict
from ckan.authz import Authorizer
@@ -24,8 +24,10 @@
record = model.Group
c.error = ''
- auth_for_create = self.authorizer.am_authorized(c, model.Action.GROUP_CREATE, model.System())
- if not auth_for_create:
+ try:
+ context = {'model': model, 'user': c.user or c.author}
+ check_access('group_create',context)
+ except NotAuthorized:
abort(401, _('Unauthorized to create a group'))
is_admin = self.authorizer.is_sysadmin(c.user)
@@ -78,11 +80,17 @@
group = model.Group.get(id)
if group is None:
abort(404, '404 Not Found')
- am_authz = self.authorizer.am_authorized(c, model.Action.EDIT, group)
- if not am_authz:
- abort(401, _('User %r not authorized to edit %r') % (c.user, id))
-
- auth_for_change_state = self.authorizer.am_authorized(c, model.Action.CHANGE_STATE, group)
+
+ context = {'model': model, 'user': c.user or c.author, 'group':group}
+ try:
+ check_access('group_update',context)
+ except NotAuthorized:
+ abort(401, _('User %r not authorized to edit %s') % (c.user, group.id))
+ try:
+ check_access('group_change_state',context)
+ auth_for_change_state = True
+ except NotAuthorized:
+ auth_for_change_state = False
if not 'save' in request.params:
c.group = group
--- a/ckan/controllers/package_formalchemy.py Wed Aug 10 17:36:00 2011 +0100
+++ b/ckan/controllers/package_formalchemy.py Wed Aug 10 17:36:19 2011 +0100
@@ -7,6 +7,8 @@
from ckan.controllers.package import PackageController
import ckan.forms
from pylons.i18n import get_lang, _
+from ckan.logic import check_access, NotAuthorized
+
log = logging.getLogger(__name__)
@@ -18,8 +20,10 @@
c.package_create_slug_api_url = api_url+h.url_for(controller='api', action='create_slug')
is_admin = self.authorizer.is_sysadmin(c.user)
# Check access control for user to create a package.
- auth_for_create = self.authorizer.am_authorized(c, model.Action.PACKAGE_CREATE, model.System())
- if not auth_for_create:
+ try:
+ context = {'model': model, 'user': c.user or c.author}
+ check_access('package_create',context)
+ except NotAuthorized:
abort(401, _('Unauthorized to create a package'))
# Get the name of the package form.
try:
@@ -97,11 +101,18 @@
if pkg is None:
abort(404, '404 Not Found')
model.Session().autoflush = False
- am_authz = self.authorizer.am_authorized(c, model.Action.EDIT, pkg)
- if not am_authz:
- abort(401, _('User %r not authorized to edit %s') % (c.user, id))
- auth_for_change_state = self.authorizer.am_authorized(c, model.Action.CHANGE_STATE, pkg)
+ context = {'model': model, 'user': c.user or c.author, 'package':pkg}
+ try:
+ check_access('package_update',context)
+ except NotAuthorized:
+ abort(401, _('User %r not authorized to edit %s') % (c.user, pkg.id))
+ try:
+ check_access('package_change_state',context)
+ auth_for_change_state = True
+ except NotAuthorized:
+ auth_for_change_state = False
+
try:
fs = self._get_package_fieldset(is_admin=auth_for_change_state)
except ValueError, e:
http://bitbucket.org/okfn/ckan/changeset/1a5927f93ba2/
changeset: 1a5927f93ba2
branch: feature-1253-authz-refactor
user: amercader
date: 2011-08-10 18:51:15
summary: [auth] Refactor check in validators
affected #: 1 file (190 bytes)
--- a/ckan/logic/validators.py Wed Aug 10 17:36:19 2011 +0100
+++ b/ckan/logic/validators.py Wed Aug 10 17:51:15 2011 +0100
@@ -2,6 +2,8 @@
from pylons.i18n import _, ungettext, N_, gettext
from ckan.lib.navl.dictization_functions import Invalid, Missing, missing, unflatten
from ckan.authz import Authorizer
+from ckan.logic import check_access, NotAuthorized
+
def package_id_not_changed(value, context):
@@ -161,9 +163,16 @@
if user and Authorizer.is_sysadmin(user):
return
+ authorized = False
pkg = context.get('package')
- if (user and pkg and
- Authorizer().is_authorized(user, model.Action.CHANGE_STATE, pkg)):
+ if pkg:
+ try:
+ check_access('package_change_state',context)
+ authorized = True
+ except NotAuthorized:
+ authorized = False
+
+ if (user and pkg and authorized):
return
data.pop(key)
http://bitbucket.org/okfn/ckan/changeset/47dda9d1311f/
changeset: 47dda9d1311f
branch: feature-1253-authz-refactor
user: amercader
date: 2011-08-10 19:14:48
summary: [auth] Fix revision checks
affected #: 2 files (20 bytes)
--- a/ckan/controllers/revision.py Wed Aug 10 17:51:15 2011 +0100
+++ b/ckan/controllers/revision.py Wed Aug 10 18:14:48 2011 +0100
@@ -15,6 +15,8 @@
def __before__(self, action, **env):
BaseController.__before__(self, action, **env)
+
+ context = {'model':model,'user': c.user or c.author}
if c.user:
try:
check_access('revision_change_state',context)
@@ -23,9 +25,7 @@
c.revision_change_state_allowed = False
else:
c.revision_change_state_allowed = False
-
try:
- context = {'model':model,'user': c.user or c.author}
check_access('site_read',context)
except NotAuthorized:
abort(401, _('Not authorized to see this page'))
--- a/ckan/logic/auth/update.py Wed Aug 10 17:51:15 2011 +0100
+++ b/ckan/logic/auth/update.py Wed Aug 10 18:14:48 2011 +0100
@@ -109,7 +109,7 @@
authorized = Authorizer().is_authorized(user, model.Action.CHANGE_STATE, model.Revision)
if not authorized:
- return {'success': False, 'msg': _('User %s not authorized to change state of revision %s') % (str(user),revision.id)}
+ return {'success': False, 'msg': _('User %s not authorized to change state of revision' ) % str(user)}
else:
return {'success': True}
http://bitbucket.org/okfn/ckan/changeset/ddf6e30c541e/
changeset: ddf6e30c541e
branch: feature-1253-authz-refactor
user: amercader
date: 2011-08-11 11:17:27
summary: [auth] Add site read check to use controller
affected #: 2 files (503 bytes)
--- a/ckan/controllers/user.py Wed Aug 10 18:14:48 2011 +0100
+++ b/ckan/controllers/user.py Thu Aug 11 10:17:27 2011 +0100
@@ -23,6 +23,15 @@
class UserController(BaseController):
+ def __before__(self, action, **env):
+ BaseController.__before__(self, action, **env)
+ try:
+ context = {'model':model,'user': c.user or c.author}
+ check_access('site_read',context)
+ except NotAuthorized:
+ if c.action not in ('login','request_reset','perform_reset',):
+ abort(401, _('Not authorized to see this page'))
+
## hooks for subclasses
new_user_form = 'user/new_user_form.html'
edit_user_form = 'user/edit_user_form.html'
--- a/ckan/tests/functional/test_authz.py Wed Aug 10 18:14:48 2011 +0100
+++ b/ckan/tests/functional/test_authz.py Thu Aug 11 10:17:27 2011 +0100
@@ -616,8 +616,6 @@
self._check_logged_in_users_authorized_only('/user/' + self.user_name)
res = self.app.get('/user/login', extra_environ={})
assert res.status in [200], res.status
- #res = self.app.get('/user/register', extra_environ={})
- #assert res.status in [200], res.status
def test_new_package(self):
offset = url_for(controller='package', action='new')
http://bitbucket.org/okfn/ckan/changeset/e908c0c586ec/
changeset: e908c0c586ec
branch: feature-1253-authz-refactor
user: amercader
date: 2011-08-11 15:06:21
summary: [auth] Template level auth checks
Old h.am_authorized function is deprecated. Some changes in authentication
groups auth functions and handling of previews.
affected #: 12 files (3.4 KB)
--- a/ckan/controllers/package.py Thu Aug 11 10:17:27 2011 +0100
+++ b/ckan/controllers/package.py Thu Aug 11 14:06:21 2011 +0100
@@ -339,10 +339,12 @@
'preview': 'preview' in request.params,
'save': 'save' in request.params,
'schema': self._form_to_db_schema()}
- try:
- check_access('package_create',context)
- except NotAuthorized:
- abort(401, _('Unauthorized to create a package'))
+
+ if not context['preview']:
+ try:
+ check_access('package_create',context)
+ except NotAuthorized:
+ abort(401, _('Unauthorized to create a package'))
if (context['save'] or context['preview']) and not data:
return self._save_new(context)
--- a/ckan/lib/helpers.py Thu Aug 11 10:17:27 2011 +0100
+++ b/ckan/lib/helpers.py Thu Aug 11 14:06:21 2011 +0100
@@ -21,6 +21,8 @@
from lxml.html import fromstring
from ckan.i18n import get_available_locales
+
+
try:
from collections import OrderedDict # from python 2.7
except ImportError:
@@ -147,12 +149,29 @@
return config.get('search.facets.%s.title' % name, name.capitalize())
def am_authorized(c, action, domain_object=None):
+ ''' Deprecated. Please use check_access instead'''
from ckan.authz import Authorizer
if domain_object is None:
from ckan import model
domain_object = model.System()
return Authorizer.am_authorized(c, action, domain_object)
+def check_access(action,data_dict=None):
+ from ckan import model
+ from ckan.lib.base import c
+ from ckan.logic import check_access as check_access_logic,NotAuthorized
+
+ context = {'model': model,
+ 'user': c.user or c.author}
+
+ try:
+ check_access_logic(action,context,data_dict)
+ authorized = True
+ except NotAuthorized:
+ authorized = False
+
+ return authorized
+
def linked_user(user, maxlength=0):
from ckan import model
from urllib import quote
--- a/ckan/logic/action/create.py Thu Aug 11 10:17:27 2011 +0100
+++ b/ckan/logic/action/create.py Thu Aug 11 14:06:21 2011 +0100
@@ -41,7 +41,8 @@
model.Session.remove()
model.Session()._context = context
- check_access('package_create',context,data_dict)
+ if not preview:
+ check_access('package_create',context,data_dict)
data, errors = validate(data_dict, schema, context)
--- a/ckan/logic/auth/create.py Thu Aug 11 10:17:27 2011 +0100
+++ b/ckan/logic/auth/create.py Thu Aug 11 14:06:21 2011 +0100
@@ -49,6 +49,16 @@
else:
return {'success': True}
+def authorization_group_create(context, data_dict=None):
+ model = context['model']
+ user = context['user']
+
+ authorized = check_access_old(model.System(), model.Action.AUTHZ_GROUP_CREATE, context)
+ if not authorized:
+ return {'success': False, 'msg': _('User %s not authorized to create authorization groups') % str(user)}
+ else:
+ return {'success': True}
+
def rating_create(context, data_dict):
# No authz check in the logic function
return {'success': True}
--- a/ckan/logic/auth/update.py Thu Aug 11 10:17:27 2011 +0100
+++ b/ckan/logic/auth/update.py Thu Aug 11 14:06:21 2011 +0100
@@ -1,4 +1,4 @@
-from ckan.logic import check_access_old
+from ckan.logic import check_access_old, NotFound
from ckan.logic.auth.create import check_group_auth, package_relationship_create
from ckan.authz import Authorizer
from ckan.lib.base import _
@@ -32,8 +32,14 @@
def package_change_state(context, data_dict):
model = context['model']
- package = context['package']
user = context['user']
+ if not 'package' in context:
+ id = data_dict.get('id',None)
+ package = model.Package.get(id)
+ if not package:
+ raise NotFound
+ else:
+ package = context['package']
authorized = check_access_old(package, model.Action.CHANGE_STATE, context)
if not authorized:
@@ -43,8 +49,14 @@
def package_edit_permissions(context, data_dict):
model = context['model']
- package = context['package']
user = context['user']
+ if not 'package' in context:
+ id = data_dict.get('id',None)
+ package = model.Package.get(id)
+ if not package:
+ raise NotFound
+ else:
+ package = context['package']
authorized = check_access_old(package, model.Action.EDIT_PERMISSIONS, context)
if not authorized:
@@ -71,8 +83,14 @@
def group_change_state(context, data_dict):
model = context['model']
- group = context['group']
user = context['user']
+ if not 'group' in context:
+ id = data_dict.get('id',None)
+ group = model.Group.get(id)
+ if not group:
+ raise NotFound
+ else:
+ group = context['group']
authorized = check_access_old(group, model.Action.CHANGE_STATE, context)
if not authorized:
@@ -82,8 +100,14 @@
def group_edit_permissions(context, data_dict):
model = context['model']
- group = context['group']
user = context['user']
+ if not 'group' in context:
+ id = data_dict.get('id',None)
+ group = model.Group.get(id)
+ if not group:
+ raise NotFound
+ else:
+ group = context['group']
authorized = check_access_old(group, model.Action.EDIT_PERMISSIONS, context)
if not authorized:
@@ -91,6 +115,42 @@
else:
return {'success': True}
+def authorization_group_update(context, data_dict):
+ model = context['model']
+ user = context['user']
+ if not 'authorization_group' in context:
+ id = data_dict.get('id',None)
+ # Auth groups don't have get method
+ authorization_group = model.Session.query(model.AuthorizationGroup).filter(model.AuthorizationGroup.id==id).first()
+ if not authorization_group:
+ raise NotFound
+ else:
+ authorization_group = context['authorization_group']
+
+ authorized = check_access_old(authorization_group, model.Action.EDIT, context)
+ if not authorized:
+ return {'success': False, 'msg': _('User %s not authorized to edit permissions of authorization group %s') % (str(user),authorization_group.id)}
+ else:
+ return {'success': True}
+
+def authorization_group_edit_permissions(context, data_dict):
+ model = context['model']
+ user = context['user']
+ if not 'authorization_group' in context:
+ id = data_dict.get('id',None)
+ # Auth groups don't have get method
+ authorization_group = model.Session.query(model.AuthorizationGroup).filter(model.AuthorizationGroup.id==id).first()
+ if not authorization_group:
+ raise NotFound
+ else:
+ authorization_group = context['authorization_group']
+
+ authorized = check_access_old(authorization_group, model.Action.EDIT_PERMISSIONS, context)
+ if not authorized:
+ return {'success': False, 'msg': _('User %s not authorized to edit permissions of authorization group %s') % (str(user),authorization_group.id)}
+ else:
+ return {'success': True}
+
def user_update(context, data_dict):
model = context['model']
user = context['user']
--- a/ckan/templates/authorization_group/layout.html Thu Aug 11 10:17:27 2011 +0100
+++ b/ckan/templates/authorization_group/layout.html Thu Aug 11 14:06:21 2011 +0100
@@ -9,10 +9,10 @@
<py:match path="minornavigation" py:if="c.authorization_group"><ul class="tabbed"><li>${h.subnav_link(c, h.icon('authorization_group') + _('View'), controller='authorization_group', action='read', id=c.authorization_group.name)}</li>
- <li py:if="h.am_authorized(c, actions.EDIT, c.authorization_group)">
+ <li py:if="h.check_access('authorization_group_update',{'id':c.authorization_group.id})">
${h.subnav_link(c, h.icon('authorization_group_edit') + _('Edit'), controller='authorization_group', action='edit', id=c.authorization_group.name)}
</li>
- <li py:if="h.am_authorized(c, actions.EDIT_PERMISSIONS, c.authorization_group)">
+ <li py:if="h.check_access('authorization_group_edit_permissions',{'id':c.authorization_group.id})">
${h.subnav_link(c, h.icon('lock') + _('Authorization'), controller='authorization_group', action='authz', id=c.authorization_group.name)}
</li></ul>
--- a/ckan/templates/group/layout.html Thu Aug 11 10:17:27 2011 +0100
+++ b/ckan/templates/group/layout.html Thu Aug 11 14:06:21 2011 +0100
@@ -24,11 +24,11 @@
<py:match path="minornavigation" py:if="c.group"><ul class="tabbed"><li>${h.subnav_link(c, h.icon('group') + _('View'), controller='group', action='read', id=c.group.name)}</li>
- <li py:if="h.am_authorized(c, actions.EDIT, c.group)">
+ <li py:if="h.check_access('group_edit',{'id':c.group.id})">
${h.subnav_link(c, h.icon('group_edit') + _('Edit'), controller='group', action='edit', id=c.group.name)}
</li><li>${h.subnav_link(c, h.icon('page_white_stack') + _('History'), controller='group', action='history', id=c.group.name)}</li>
- <li py:if="h.am_authorized(c, actions.EDIT_PERMISSIONS, c.group)">
+ <li py:if="h.check_access('group_edit_permissions',{'id':c.group.id})">
${h.subnav_link(c, h.icon('lock') + _('Authorization'), controller='group', action='authz', id=c.group.name)}
</li></ul>
--- a/ckan/templates/layout_base.html Thu Aug 11 10:17:27 2011 +0100
+++ b/ckan/templates/layout_base.html Thu Aug 11 14:06:21 2011 +0100
@@ -98,9 +98,9 @@
<li>${h.nav_link(c, _('Home'), controller='home', action='index', id=None)}</li><li>${h.nav_link(c, _('Search'), controller='package', action='index', id=None, highlight_actions = 'search index')}</li><?python
- am_authorized_package_create = h.am_authorized(c, actions.PACKAGE_CREATE)
+access_package_create = h.check_access('package_create')
?>
- <li py:if="am_authorized_package_create">${h.nav_link(c, _('Add a package'), controller='package', action='new', id=None)}</li>
+ <li py:if="access_package_create">${h.nav_link(c, _('Add a package'), controller='package', action='new', id=None)}</li><li>${h.nav_link(c, _('Tags'), controller='tag', action='index', id=None)}</li><li>${h.nav_link(c, _('Groups'), controller='group', action='index', id=None, highlight_actions = 'new index')}</li><li>${h.nav_link(c, _('About'), controller='home', action='about', id=None)}</li>
@@ -167,7 +167,7 @@
<div class="textwidget"><ul><li>${h.nav_link(c, _('Search'), controller='package', action='search', id=None)}</li>
- <li py:if="am_authorized_package_create">${h.nav_link(c, _('Register a new Package'), controller='package', action='new', id=None)}</li>
+ <li py:if="access_package_create">${h.nav_link(c, _('Register a new Package'), controller='package', action='new', id=None)}</li><li>${h.nav_link(c, _('Revision History'), controller='revision', action='index', id=None)}</li><li>${h.link_to(_('API'), h.url_for(controller='api', action='get_api', id=None))}</li><li>${h.link_to(_('API Docs'), 'http://wiki.ckan.net/API')}</li>
@@ -188,9 +188,9 @@
<ul><li>${h.nav_link(c, _('Tags'), controller='tag', action='index', id=None)}</li><li>${h.nav_link(c, _('Groups'), controller='group', action='index', id=None)}</li>
- <li py:if="h.am_authorized(c, actions.GROUP_CREATE)">${h.nav_link(c, _('Create a new Group'), controller='group', action='new', id=None)}</li>
+ <li py:if="h.check_access('group_create')">${h.nav_link(c, _('Create a new Group'), controller='group', action='new', id=None)}</li><li>${h.nav_link(c, _('Authorization Groups'), controller='authorization_group', action='index', id=None)}</li>
- <li class="page_item" py:if="h.am_authorized(c, actions.AUTHZ_GROUP_CREATE)">${h.nav_link(c, _('Create a new Authorization Group'), controller='authorization_group', action='new', id=None)}</li>
+ <li class="page_item" py:if="h.check_access('authorization_group_create')">${h.nav_link(c, _('Create a new Authorization Group'), controller='authorization_group', action='new', id=None)}</li></ul></div></li>
--- a/ckan/templates/package/layout.html Thu Aug 11 10:17:27 2011 +0100
+++ b/ckan/templates/package/layout.html Thu Aug 11 14:06:21 2011 +0100
@@ -6,14 +6,14 @@
><py:match path="minornavigation">
- <py:if test="c.pkg">
+ <py:if test="c.pkg and not c.is_preview"><ul class="tabbed"><li>${h.subnav_link(c, h.icon('package') + _('View'), controller='package', action='read', id=c.pkg.name)}</li>
- <li py:if="h.am_authorized(c, actions.EDIT, c.pkg)">
+ <li py:if="h.check_access('package_update',{'id':c.pkg.id})">
${h.subnav_link(c, h.icon('package_edit') + _('Edit'), controller='package', action='edit', id=c.pkg.name)}
</li><li>${h.subnav_link(c, h.icon('page_stack') + _('History'), controller='package', action='history', id=c.pkg.name)}</li>
- <li py:if="h.am_authorized(c, actions.EDIT_PERMISSIONS, c.pkg)">
+ <li py:if="h.check_access('package_edit_permissions',{'id':c.pkg.id})">
${h.subnav_link(c, h.icon('lock') + _('Authorization'), controller='package', action='authz', id=c.pkg.name)}
</li></ul>
--- a/ckan/templates/package/read.html Thu Aug 11 10:17:27 2011 +0100
+++ b/ckan/templates/package/read.html Thu Aug 11 14:06:21 2011 +0100
@@ -17,7 +17,7 @@
<li class="widget-container widget_text"><h3>Tags</h3>
${tag_list(c.pkg_dict.get('tags', ''))}
- <p class="widget_action" py:if="h.am_authorized(c, actions.EDIT, c.pkg)">
+ <p class="widget_action" py:if="h.check_access('package_update',{'id':c.pkg.id})">
${h.subnav_link(c, 'Add a new Tag', controller='package', action='edit', id=c.pkg.name)}
</p></li>
@@ -34,7 +34,7 @@
<py:if test="not c.pkg.groups">
Groups are collections of packages maintained by users of ${g.site_title}. This package has not been added to any groups yet.
</py:if>
- <p class="widget_action" py:if="h.am_authorized(c, actions.EDIT, c.pkg)">
+ <p class="widget_action" py:if="h.check_access('package_update',{'id':c.pkg.id})">
${h.subnav_link(c, 'Add to a Group', controller='package', action='edit', id=c.pkg.name)}
</p></li>
--- a/ckan/templates/package/read_core.html Thu Aug 11 10:17:27 2011 +0100
+++ b/ckan/templates/package/read_core.html Thu Aug 11 14:06:21 2011 +0100
@@ -103,7 +103,7 @@
<td class="package-details">${value}</td></tr></tbody>
- <caption py:if="h.am_authorized(c, actions.EDIT, c.pkg)">
+ <caption py:if="not c.is_preview and h.check_access('package_update',{'id':c.pkg.id})">
Something missing? ${h.subnav_link(c, 'Please help improve this page by adding more information', controller='package', action='edit', id=c.pkg.name)}.
</caption></table>
@@ -146,7 +146,7 @@
</div><ul>
- <py:if test="h.am_authorized(c, actions.CHANGE_STATE, c.pkg)">
+ <py:if test="not c.is_preview and h.check_access('package_change_state',{'id':c.pkg.id})"><li><strong>State:</strong> ${c.pkg_dict.get('state', '')}</li></py:if></ul>
--- a/ckan/templates/package/search.html Thu Aug 11 10:17:27 2011 +0100
+++ b/ckan/templates/package/search.html Thu Aug 11 14:06:21 2011 +0100
@@ -10,7 +10,7 @@
<py:match path="primarysidebar">
- <li class="widget-container widget_text" py:if="h.am_authorized(c, actions.PACKAGE_CREATE)">
+ <li class="widget-container widget_text" py:if="h.check_access('package_create')"><h4>Add a package</h4><p>
Do you know of a dataset that should be added to ${g.site_title}?
http://bitbucket.org/okfn/ckan/changeset/3929c9fd4865/
changeset: 3929c9fd4865
branch: feature-1253-authz-refactor
user: amercader
date: 2011-08-11 15:59:19
summary: [auth] Add helper functions for auth checks
affected #: 4 files (3.6 KB)
--- a/ckan/logic/auth/__init__.py Thu Aug 11 14:06:21 2011 +0100
+++ b/ckan/logic/auth/__init__.py Thu Aug 11 14:59:19 2011 +0100
@@ -0,0 +1,54 @@
+'''
+Helper functions to be used in the auth check functions
+'''
+
+from ckan.logic import NotFound
+
+def get_package_object(context, data_dict = {}):
+ if not 'package' in context:
+ model = context['model']
+ id = data_dict.get('id',None)
+ package = model.Package.get(id)
+ if not package:
+ raise NotFound
+ else:
+ package = context['package']
+
+ return package
+
+def get_group_object(context, data_dict={}):
+ if not 'group' in context:
+ model = context['model']
+ id = data_dict.get('id',None)
+ group = model.Group.get(id)
+ if not group:
+ raise NotFound
+ else:
+ group = context['group']
+
+ return group
+
+def get_user_object(context, data_dict={}):
+ if not 'user_obj' in context:
+ model = context['model']
+ id = data_dict.get('id',None)
+ user_obj = model.User.get(id)
+ if not user_obj:
+ raise NotFound
+ else:
+ user_obj = context['user_obj']
+
+ return user_obj
+
+def get_authorization_group_object(context, data_dict={}):
+ if not 'authorization_group' in context:
+ model = context['model']
+ id = data_dict.get('id',None)
+ # Auth groups don't have get method
+ authorization_group = model.Session.query(model.AuthorizationGroup).filter(model.AuthorizationGroup.id==id).first()
+ if not authorization_group:
+ raise NotFound
+ else:
+ authorization_group = context['authorization_group']
+
+ return authorization_group
--- a/ckan/logic/auth/delete.py Thu Aug 11 14:06:21 2011 +0100
+++ b/ckan/logic/auth/delete.py Thu Aug 11 14:59:19 2011 +0100
@@ -1,4 +1,5 @@
from ckan.logic import check_access_old
+from ckan.logic.auth import get_package_object, get_group_object
from ckan.logic.auth.create import package_relationship_create
from ckan.authz import Authorizer
from ckan.lib.base import _
@@ -6,15 +7,8 @@
def package_delete(context, data_dict):
model = context['model']
user = context['user']
- if not 'package' in context:
- id = data_dict.get('id',None)
- package = model.Package.get(id)
- if not package:
- raise NotFound
- else:
- package = context['package']
+ package = get_package_object(context, data_dict)
- #TODO: model.Action.CHANGE_STATE or model.Action.PURGE?
authorized = check_access_old(package, model.Action.PURGE, context)
if not authorized:
return {'success': False, 'msg': _('User %s not authorized to delete package %s') % (str(user),package.id)}
@@ -38,13 +32,7 @@
def group_delete(context, data_dict):
model = context['model']
user = context['user']
- if not 'group' in context:
- id = data_dict.get('id',None)
- group = model.Group.get(id)
- if not group:
- raise NotFound
- else:
- group = context['group']
+ group = get_group_object(context, data_dict)
authorized = check_access_old(group, model.Action.PURGE, context)
if not authorized:
--- a/ckan/logic/auth/get.py Thu Aug 11 14:06:21 2011 +0100
+++ b/ckan/logic/auth/get.py Thu Aug 11 14:59:19 2011 +0100
@@ -1,7 +1,7 @@
from ckan.logic import check_access_old, NotFound
from ckan.authz import Authorizer
from ckan.lib.base import _
-
+from ckan.logic.auth import get_package_object, get_group_object
def site_read(context, data_dict):
@@ -30,11 +30,6 @@
return package_list(context, data_dict)
def revision_list(context, data_dict):
- """\
- from controller/revision __before__
- if not self.authorizer.am_authorized(c, model.Action.SITE_READ, model.System): abort
- -> In our new model everyone can read the revison list
- """
# In our new model everyone can read the revison list
return {'success': True}
@@ -87,13 +82,7 @@
def package_show(context, data_dict):
model = context['model']
user = context['user']
- if not 'package' in context:
- id = data_dict.get('id',None)
- package = model.Package.get(id)
- if not package:
- raise NotFound
- else:
- package = context['package']
+ package = get_package_object(context, data_dict)
authorized = check_access_old(package, model.Action.READ, context)
if not authorized:
@@ -108,13 +97,7 @@
def group_show(context, data_dict):
model = context['model']
user = context['user']
- if not 'group' in context:
- id = data_dict.get('id',None)
- group = model.Group.get(id)
- if not group:
- raise NotFound
- else:
- group = context['group']
+ group = get_group_object(context, data_dict)
authorized = check_access_old(group, model.Action.READ, context)
if not authorized:
--- a/ckan/logic/auth/update.py Thu Aug 11 14:06:21 2011 +0100
+++ b/ckan/logic/auth/update.py Thu Aug 11 14:59:19 2011 +0100
@@ -1,4 +1,5 @@
from ckan.logic import check_access_old, NotFound
+from ckan.logic.auth import get_package_object, get_group_object, get_authorization_group_object, get_user_object
from ckan.logic.auth.create import check_group_auth, package_relationship_create
from ckan.authz import Authorizer
from ckan.lib.base import _
@@ -9,13 +10,7 @@
def package_update(context, data_dict):
model = context['model']
user = context.get('user')
- if not 'package' in context:
- id = data_dict.get('id',None)
- package = model.Package.get(id)
- if not package:
- raise NotFound
- else:
- package = context['package']
+ package = get_package_object(context, data_dict)
check1 = check_access_old(package, model.Action.EDIT, context)
if not check1:
@@ -33,13 +28,7 @@
def package_change_state(context, data_dict):
model = context['model']
user = context['user']
- if not 'package' in context:
- id = data_dict.get('id',None)
- package = model.Package.get(id)
- if not package:
- raise NotFound
- else:
- package = context['package']
+ package = get_package_object(context, data_dict)
authorized = check_access_old(package, model.Action.CHANGE_STATE, context)
if not authorized:
@@ -50,13 +39,7 @@
def package_edit_permissions(context, data_dict):
model = context['model']
user = context['user']
- if not 'package' in context:
- id = data_dict.get('id',None)
- package = model.Package.get(id)
- if not package:
- raise NotFound
- else:
- package = context['package']
+ package = get_package_object(context, data_dict)
authorized = check_access_old(package, model.Action.EDIT_PERMISSIONS, context)
if not authorized:
@@ -67,13 +50,7 @@
def group_update(context, data_dict):
model = context['model']
user = context['user']
- if not 'group' in context:
- id = data_dict.get('id',None)
- group = model.Group.get(id)
- if not group:
- raise NotFound
- else:
- group = context['group']
+ group = get_group_object(context, data_dict)
authorized = check_access_old(group, model.Action.EDIT, context)
if not authorized:
@@ -84,13 +61,7 @@
def group_change_state(context, data_dict):
model = context['model']
user = context['user']
- if not 'group' in context:
- id = data_dict.get('id',None)
- group = model.Group.get(id)
- if not group:
- raise NotFound
- else:
- group = context['group']
+ group = get_group_object(context, data_dict)
authorized = check_access_old(group, model.Action.CHANGE_STATE, context)
if not authorized:
@@ -101,13 +72,7 @@
def group_edit_permissions(context, data_dict):
model = context['model']
user = context['user']
- if not 'group' in context:
- id = data_dict.get('id',None)
- group = model.Group.get(id)
- if not group:
- raise NotFound
- else:
- group = context['group']
+ group = get_group_object(context, data_dict)
authorized = check_access_old(group, model.Action.EDIT_PERMISSIONS, context)
if not authorized:
@@ -118,14 +83,7 @@
def authorization_group_update(context, data_dict):
model = context['model']
user = context['user']
- if not 'authorization_group' in context:
- id = data_dict.get('id',None)
- # Auth groups don't have get method
- authorization_group = model.Session.query(model.AuthorizationGroup).filter(model.AuthorizationGroup.id==id).first()
- if not authorization_group:
- raise NotFound
- else:
- authorization_group = context['authorization_group']
+ authorization_group = get_authorization_group_object(context, data_dict)
authorized = check_access_old(authorization_group, model.Action.EDIT, context)
if not authorized:
@@ -136,14 +94,7 @@
def authorization_group_edit_permissions(context, data_dict):
model = context['model']
user = context['user']
- if not 'authorization_group' in context:
- id = data_dict.get('id',None)
- # Auth groups don't have get method
- authorization_group = model.Session.query(model.AuthorizationGroup).filter(model.AuthorizationGroup.id==id).first()
- if not authorization_group:
- raise NotFound
- else:
- authorization_group = context['authorization_group']
+ authorization_group = get_authorization_group_object(context, data_dict)
authorized = check_access_old(authorization_group, model.Action.EDIT_PERMISSIONS, context)
if not authorized:
@@ -154,12 +105,11 @@
def user_update(context, data_dict):
model = context['model']
user = context['user']
- id = data_dict['id']
- user_obj = model.User.get(id)
+ user_obj = get_user_object(context, data_dict)
if not (Authorizer().is_sysadmin(unicode(user)) or user == user_obj.name) and \
not ('reset_key' in data_dict and data_dict['reset_key'] == user_obj.reset_key):
- return {'success': False, 'msg': _('User %s not authorized to edit user %s') % (str(user), id)}
+ return {'success': False, 'msg': _('User %s not authorized to edit user %s') % (str(user), user_obj.id)}
return {'success': True}
Repository URL: https://bitbucket.org/okfn/ckan/
--
This is a commit notification from bitbucket.org. You are receiving
this because you have the service enabled, addressing the recipient of
this email.
More information about the ckan-changes
mailing list