[ckan-changes] commit/ckan: 2 new changesets
Bitbucket
commits-noreply at bitbucket.org
Wed Jun 22 20:55:53 UTC 2011
2 new changesets in ckan:
http://bitbucket.org/okfn/ckan/changeset/373553556990/
changeset: 373553556990
branch: feature-1094-authz
user: kindly
date: 2011-06-22 22:42:08
summary: [authz] mid refactor
affected #: 6 files (3.8 KB)
--- a/ckan/authz.py Wed Jun 22 12:02:21 2011 +0100
+++ b/ckan/authz.py Wed Jun 22 21:42:08 2011 +0100
@@ -154,6 +154,8 @@
@classmethod
def is_sysadmin(cls, username):
+ return True
+
user = model.User.by_name(username, autoflush=False)
if user:
q = model.Session.query(model.SystemRole)
--- a/ckan/logic/__init__.py Wed Jun 22 12:02:21 2011 +0100
+++ b/ckan/logic/__init__.py Wed Jun 22 21:42:08 2011 +0100
@@ -1,5 +1,7 @@
import logging
import ckan.authz
+import ckan.new_authz as new_authz
+
from ckan.lib.navl.dictization_functions import flatten_dict
class ActionError(Exception):
@@ -71,21 +73,20 @@
flattented = flatten_dict(dict)
return untuplize_dict(flattented)
-def check_access(entity, action, context):
+def check_access(action, data_dict, object_id, object_type, context):
model = context["model"]
user = context.get("user")
log.debug('check access - user %r' % user)
- if action and entity and not isinstance(entity, model.PackageRelationship):
+ if action and data_dict and object_type != 'package_relationship':
if action != model.Action.READ and user in (model.PSEUDO_USER__VISITOR, ''):
log.debug("Valid API key needed to make changes")
raise NotAuthorized
-
- am_authz = ckan.authz.Authorizer().is_authorized(user, action, entity)
- if not am_authz:
- log.debug("User is not authorized to %s %s" % (action, entity))
- raise NotAuthorized
+
+ if not new_authz.check_overridden(action, object_id, object_type, context):
+ new_authz.is_authorized(action, data_dict, object_id, object_type, context)
+
elif not user:
log.debug("No valid API key provided.")
raise NotAuthorized
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/ckan/migration/versions/040_add_user_group_tables.py Wed Jun 22 21:42:08 2011 +0100
@@ -0,0 +1,67 @@
+from migrate import *
+
+def upgrade(migrate_engine):
+
+ migrate_engine.execute('''
+
+BEGIN;
+
+CREATE TABLE user_group (
+ id text NOT NULL,
+ name text NOT NULL,
+ parent_id text
+);
+
+CREATE TABLE user_group_extra (
+ id text NOT NULL,
+ user_group_id text NOT NULL,
+ "key" text NOT NULL,
+ "value" text NOT NULL
+);
+
+CREATE TABLE user_group_package (
+ id text NOT NULL,
+ user_group_id text NOT NULL,
+ package_id text NOT NULL,
+ capacity text
+);
+
+CREATE TABLE user_group_user (
+ id text NOT NULL,
+ user_group_id text NOT NULL,
+ user_id text NOT NULL,
+ capacity text
+);
+
+
+ALTER TABLE user_group
+ ADD CONSTRAINT user_group_pkey PRIMARY KEY (id);
+
+ALTER TABLE user_group_extra
+ ADD CONSTRAINT user_group_extra_pkey PRIMARY KEY (id);
+
+ALTER TABLE user_group_package
+ ADD CONSTRAINT user_group_package_pkey PRIMARY KEY (id);
+
+ALTER TABLE user_group_user
+ ADD CONSTRAINT user_group_user_pkey PRIMARY KEY (id);
+
+
+
+ALTER TABLE user_group_extra
+ ADD CONSTRAINT user_group_extra_user_group_id_fkey FOREIGN KEY (user_group_id) REFERENCES user_group(id);
+
+ALTER TABLE user_group_package
+ ADD CONSTRAINT user_group_package_package_id_fkey FOREIGN KEY (package_id) REFERENCES package(id);
+
+ALTER TABLE user_group_package
+ ADD CONSTRAINT user_group_package_user_group_id_fkey FOREIGN KEY (user_group_id) REFERENCES user_group(id);
+
+ALTER TABLE user_group_user
+ ADD CONSTRAINT user_group_user_user_group_id_fkey FOREIGN KEY (user_group_id) REFERENCES user_group(id);
+
+ALTER TABLE user_group_user
+ ADD CONSTRAINT user_group_user_user_id_fkey FOREIGN KEY (user_id) REFERENCES "user"(id);
+
+COMMIT;
+''')
--- a/ckan/migration/versions/040_auth_refactor.py Wed Jun 22 12:02:21 2011 +0100
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,115 +0,0 @@
-from migrate import *
-
-def upgrade(migrate_engine):
-
- migrate_engine.execute('''
---to drop
---DROP TABLE authorization_group;
---DROP TABLE authorization_group_role;
---DROP TABLE authorization_group_user;
---DROP TABLE user_object_role;
---DROP TABLE group_role;
---DROP TABLE package_role;
---DROP TABLE system_role;
-BEGIN;
-
-alter table group_role drop constraint group_role_group_id_fkey;
-alter table package_role drop constraint package_role_package_id_fkey;
-alter table user_object_role drop constraint user_object_role_authorized_group_id_fkey;
-alter table user_object_role drop constraint user_object_role_user_id_fkey;
-
-CREATE TABLE authorization_override (
- id text NOT NULL,
- user_id text,
- object_id text NOT NULL,
- object_type text NOT NULL,
- "role" text
-);
-
-insert into authorization_override
-select
- user_object_role.id,
- user_object_role.user_id,
- package_id,
- 'package',
- user_object_role.role
-from
- user_object_role
-join
- package_role on package_role.user_object_role_id = user_object_role.id;
-
-insert into authorization_override
-select
- user_object_role.id,
- user_object_role.user_id,
- group_id,
- 'group',
- user_object_role.role
-from
- user_object_role
-join
- group_role on group_role.user_object_role_id = user_object_role.id;
-
-
-CREATE TABLE user_group (
- id text NOT NULL,
- name text NOT NULL,
- parent_id text
-);
-
-CREATE TABLE user_group_extra (
- id text NOT NULL,
- user_group_id text NOT NULL,
- "key" text NOT NULL,
- "value" text NOT NULL
-);
-
-CREATE TABLE user_group_package (
- id text NOT NULL,
- user_group_id text NOT NULL,
- package_id text NOT NULL,
- capacity text
-);
-
-CREATE TABLE user_group_user (
- id text NOT NULL,
- user_group_id text NOT NULL,
- user_id text NOT NULL,
- capacity text
-);
-
-ALTER TABLE authorization_override
- ADD CONSTRAINT authorization_override_pkey PRIMARY KEY (id);
-
-ALTER TABLE user_group
- ADD CONSTRAINT user_group_pkey PRIMARY KEY (id);
-
-ALTER TABLE user_group_extra
- ADD CONSTRAINT user_group_extra_pkey PRIMARY KEY (id);
-
-ALTER TABLE user_group_package
- ADD CONSTRAINT user_group_package_pkey PRIMARY KEY (id);
-
-ALTER TABLE user_group_user
- ADD CONSTRAINT user_group_user_pkey PRIMARY KEY (id);
-
-ALTER TABLE authorization_override
- ADD CONSTRAINT authorization_override_user_id_fkey FOREIGN KEY (user_id) REFERENCES "user"(id);
-
-ALTER TABLE user_group_extra
- ADD CONSTRAINT user_group_extra_user_group_id_fkey FOREIGN KEY (user_group_id) REFERENCES user_group(id);
-
-ALTER TABLE user_group_package
- ADD CONSTRAINT user_group_package_package_id_fkey FOREIGN KEY (package_id) REFERENCES package(id);
-
-ALTER TABLE user_group_package
- ADD CONSTRAINT user_group_package_user_group_id_fkey FOREIGN KEY (user_group_id) REFERENCES user_group(id);
-
-ALTER TABLE user_group_user
- ADD CONSTRAINT user_group_user_user_group_id_fkey FOREIGN KEY (user_group_id) REFERENCES user_group(id);
-
-ALTER TABLE user_group_user
- ADD CONSTRAINT user_group_user_user_id_fkey FOREIGN KEY (user_id) REFERENCES "user"(id);
-
-COMMIT;
-''')
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/ckan/migration/versions/041_auth_refactor.py Wed Jun 22 21:42:08 2011 +0100
@@ -0,0 +1,62 @@
+from migrate import *
+
+def upgrade(migrate_engine):
+
+ migrate_engine.execute('''
+
+--to drop
+--DROP TABLE authorization_group;
+--DROP TABLE authorization_group_role;
+--DROP TABLE authorization_group_user;
+--DROP TABLE user_object_role;
+--DROP TABLE group_role;
+--DROP TABLE package_role;
+--DROP TABLE system_role;
+BEGIN;
+
+alter table group_role drop constraint group_role_group_id_fkey;
+alter table package_role drop constraint package_role_package_id_fkey;
+alter table user_object_role drop constraint user_object_role_authorized_group_id_fkey;
+alter table user_object_role drop constraint user_object_role_user_id_fkey;
+
+CREATE TABLE authorization_override (
+ id text NOT NULL,
+ user_id text,
+ object_id text NOT NULL,
+ object_type text NOT NULL,
+ "role" text
+);
+
+insert into authorization_override
+select
+ user_object_role.id,
+ user_object_role.user_id,
+ package_id,
+ 'package',
+ user_object_role.role
+from
+ user_object_role
+join
+ package_role on package_role.user_object_role_id = user_object_role.id;
+
+insert into authorization_override
+select
+ user_object_role.id,
+ user_object_role.user_id,
+ group_id,
+ 'group',
+ user_object_role.role
+from
+ user_object_role
+join
+ group_role on group_role.user_object_role_id = user_object_role.id;
+
+ALTER TABLE authorization_override
+ ADD CONSTRAINT authorization_override_pkey PRIMARY KEY (id);
+
+ALTER TABLE authorization_override
+ ADD CONSTRAINT authorization_override_user_id_fkey FOREIGN KEY (user_id) REFERENCES "user"(id);
+
+COMMIT;
+'''
+)
--- a/ckan/new_authz.py Wed Jun 22 12:02:21 2011 +0100
+++ b/ckan/new_authz.py Wed Jun 22 21:42:08 2011 +0100
@@ -45,13 +45,13 @@
# be accessed directly
_fetched_auth_functions = None
-def is_authorized(logic_function_name, data_dict, context):
- auth_function = _get_auth_function(logic_function_name)
+def is_authorized(context, action=None, data_dict=None, object_id=None, object_type=None):
+ auth_function = _get_auth_function(action)
return auth_function(data_dict, context)
-def _get_auth_function(logic_function_name):
+def _get_auth_function(action):
if _fetched_auth_functions is not None:
- return _fetched_auth_functions[logic_function_name]
+ return _fetched_auth_functions[action]
# Otherwise look in all the plugins to resolve all possible
global _fetched_auth_functions
# First get the default ones in the ckan/logic/auth directory
@@ -85,5 +85,26 @@
_fetched_auth_functions[name] = auth_function
# Use the updated ones in preference to the originals.
_fetched_auth_functions.update(default_auth_functions)
- return _fetched_auth_functions[logic_function_name]
+ return _fetched_auth_functions[action]
+def check_overridden(context, action, object_id, object_type):
+
+ model = context["model"]
+ user = context["user"]
+ session = model.Session
+
+ if not object_id or not object_type:
+ return False
+ user = session.query(model.User).filter_by(name=user).first()
+ q = session.query(model.AuthorizationOverride).filter_by(user=user.id,
+ object_id=object_id,
+ object_type=object_type)
+ roles = [override.role for override in q.all()]
+ if not roles:
+ return False
+
+ ra = session.query(model.RoleAction).filter(
+ model.RoleAction.role.in_(roles)).filter_by(action=action).first()
+ if ra:
+ return True
+ return False
http://bitbucket.org/okfn/ckan/changeset/2017504f420d/
changeset: 2017504f420d
branch: feature-1141-moderated-edits-ajax
user: kindly
date: 2011-06-22 22:54:40
summary: backport of user group tables
affected #: 1 file (1.5 KB)
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/ckan/migration/versions/040_add_user_group_tables.py Wed Jun 22 21:54:40 2011 +0100
@@ -0,0 +1,67 @@
+from migrate import *
+
+def upgrade(migrate_engine):
+
+ migrate_engine.execute('''
+
+BEGIN;
+
+CREATE TABLE user_group (
+ id text NOT NULL,
+ name text NOT NULL,
+ parent_id text
+);
+
+CREATE TABLE user_group_extra (
+ id text NOT NULL,
+ user_group_id text NOT NULL,
+ "key" text NOT NULL,
+ "value" text NOT NULL
+);
+
+CREATE TABLE user_group_package (
+ id text NOT NULL,
+ user_group_id text NOT NULL,
+ package_id text NOT NULL,
+ capacity text
+);
+
+CREATE TABLE user_group_user (
+ id text NOT NULL,
+ user_group_id text NOT NULL,
+ user_id text NOT NULL,
+ capacity text
+);
+
+
+ALTER TABLE user_group
+ ADD CONSTRAINT user_group_pkey PRIMARY KEY (id);
+
+ALTER TABLE user_group_extra
+ ADD CONSTRAINT user_group_extra_pkey PRIMARY KEY (id);
+
+ALTER TABLE user_group_package
+ ADD CONSTRAINT user_group_package_pkey PRIMARY KEY (id);
+
+ALTER TABLE user_group_user
+ ADD CONSTRAINT user_group_user_pkey PRIMARY KEY (id);
+
+
+
+ALTER TABLE user_group_extra
+ ADD CONSTRAINT user_group_extra_user_group_id_fkey FOREIGN KEY (user_group_id) REFERENCES user_group(id);
+
+ALTER TABLE user_group_package
+ ADD CONSTRAINT user_group_package_package_id_fkey FOREIGN KEY (package_id) REFERENCES package(id);
+
+ALTER TABLE user_group_package
+ ADD CONSTRAINT user_group_package_user_group_id_fkey FOREIGN KEY (user_group_id) REFERENCES user_group(id);
+
+ALTER TABLE user_group_user
+ ADD CONSTRAINT user_group_user_user_group_id_fkey FOREIGN KEY (user_group_id) REFERENCES user_group(id);
+
+ALTER TABLE user_group_user
+ ADD CONSTRAINT user_group_user_user_id_fkey FOREIGN KEY (user_id) REFERENCES "user"(id);
+
+COMMIT;
+''')
Repository URL: https://bitbucket.org/okfn/ckan/
--
This is a commit notification from bitbucket.org. You are receiving
this because you have the service enabled, addressing the recipient of
this email.
More information about the ckan-changes
mailing list