[ckan-changes] commit/ckan: kindly: [authz] add overridden

Bitbucket commits-noreply at bitbucket.org
Thu Jun 23 10:36:02 UTC 2011 

1 new changeset in ckan:

http://bitbucket.org/okfn/ckan/changeset/e3a7443f4863/
changeset:   e3a7443f4863
branch:      feature-1094-authz
user:        kindly
date:        2011-06-23 12:29:48
summary:     [authz] add overridden
affected #:  4 files (172 bytes)

--- a/ckan/logic/__init__.py	Wed Jun 22 21:42:08 2011 +0100
+++ b/ckan/logic/__init__.py	Thu Jun 23 11:29:48 2011 +0100
@@ -73,7 +73,7 @@
     flattented = flatten_dict(dict)
     return untuplize_dict(flattented)
 
-def check_access(action, data_dict, object_id, object_type, context):
+def check_access(context, action=None, data_dict=None, object_id=None, object_type=None):
     model = context["model"]
     user = context.get("user")
 
@@ -84,8 +84,8 @@
             log.debug("Valid API key needed to make changes")
             raise NotAuthorized
 
-        if not new_authz.check_overridden(action, object_id, object_type, context):
-            new_authz.is_authorized(action, data_dict, object_id, object_type, context)
+        if not new_authz.check_overridden(context, action, object_id, object_type):
+            new_authz.is_authorized(context, action, data_dict, object_id, object_type)
 
     elif not user:
         log.debug("No valid API key provided.")


--- a/ckan/logic/action/get.py	Wed Jun 22 21:42:08 2011 +0100
+++ b/ckan/logic/action/get.py	Thu Jun 23 11:29:48 2011 +0100
@@ -165,10 +165,11 @@
 
     if pkg is None:
         raise NotFound
-    check_access(pkg, model.Action.READ, context)
 
     package_dict = package_dictize(pkg, context)
 
+    check_access(context, 'package_show', package_dict)
+
     for item in PluginImplementations(IPackageController):
         item.read(pkg)
 


--- a/ckan/logic/action/update.py	Wed Jun 22 21:42:08 2011 +0100
+++ b/ckan/logic/action/update.py	Thu Jun 23 11:29:48 2011 +0100
@@ -155,7 +155,10 @@
     if pkg is None:
         raise NotFound(_('Package was not found.'))
 
-    check_access(pkg, model.Action.EDIT, context)
+    import ckan.new_authz as new_authz
+    new_authz.is_authorized(context, 'edit', data_dict, id, 'package')
+
+    check_access(context, 'edit', data_dict, id, 'package')
 
     data, errors = validate(data_dict, schema, context)
 


--- a/ckan/new_authz.py	Wed Jun 22 21:42:08 2011 +0100
+++ b/ckan/new_authz.py	Thu Jun 23 11:29:48 2011 +0100
@@ -43,19 +43,21 @@
 
 # This is a private cache used by get_auth_function() and should never
 # be accessed directly
-_fetched_auth_functions = None
+_auth_functions = {}
 
 def is_authorized(context, action=None, data_dict=None, object_id=None, object_type=None):
     auth_function = _get_auth_function(action)
-    return auth_function(data_dict, context)
+    if auth_function:
+        return auth_function(data_dict, context)
+    else:
+        return True
 
 def _get_auth_function(action):
-    if _fetched_auth_functions is not None:
-        return _fetched_auth_functions[action]
+    if _auth_functions:
+        return _auth_functions.get('action')
     # Otherwise look in all the plugins to resolve all possible
-    global _fetched_auth_functions
+    global _auth_functions
     # First get the default ones in the ckan/logic/auth directory
-    default_auth_functions = {}
     # Rather than writing them out in full will use __import__
     # to load anything from ckan.auth that looks like it might
     # be an authorisation function
@@ -66,10 +68,10 @@
             module = getattr(module, part)
         for k, v in module.__dict__.items():
             if not k.startswith('_'):
-                default_auth_functions[k] = v
+                _auth_functions[k] = v
     # Then overwrite them with any specific ones in the plugins:
     resolved_auth_function_plugins = {}
-    _fetched_auth_functions = {}
+    fetched_auth_functions = {}
     for plugin in PluginImplementations(IAuthFunctions):
         for name, auth_function in plugin.get_auth_functions().items():
             if name in resolved_auth_function_plugins:
@@ -79,13 +81,12 @@
                         resolved_auth_function_plugins[name]
                     )
                 )
-            else:
-                log.debug('Auth function %r was inserted', plugin.name)
-                resolved_auth_function_plugins[name] = plugin.name
-                _fetched_auth_functions[name] = auth_function
+            log.debug('Auth function %r was inserted', plugin.name)
+            resolved_auth_function_plugins[name] = plugin.name
+            fetched_auth_functions[name] = auth_function
     # Use the updated ones in preference to the originals.
-    _fetched_auth_functions.update(default_auth_functions)
-    return _fetched_auth_functions[action]
+    _auth_functions.update(fetched_auth_functions)
+    return _auth_functions.get('action')
 
 def check_overridden(context, action, object_id, object_type):
 
@@ -96,7 +97,9 @@
     if not object_id or not object_type:
         return False
     user = session.query(model.User).filter_by(name=user).first()
-    q = session.query(model.AuthorizationOverride).filter_by(user=user.id,
+    if not user:
+        return False
+    q = session.query(model.AuthorizationOverride).filter_by(user_id=user.id,
                                                          object_id=object_id,
                                                          object_type=object_type)
     roles = [override.role for override in q.all()]

Repository URL: https://bitbucket.org/okfn/ckan/

--

This is a commit notification from bitbucket.org. You are receiving
this because you have the service enabled, addressing the recipient of
this email.

More information about the ckan-changes mailing list