[ckan-changes] [okfn/ckan] c60cbb: [#1210] Add auth_user_obj to context in check_acce...

GitHub noreply at github.com
Tue Aug 27 15:39:33 UTC 2013 

  Branch: refs/heads/1210-auth-checks-improvements
  Home:   https://github.com/okfn/ckan
  Commit: c60cbbe3fe0e2516edf57344fa7ac81d897cd080
      https://github.com/okfn/ckan/commit/c60cbbe3fe0e2516edf57344fa7ac81d897cd080
  Author: amercader <amercadero at gmail.com>
  Date:   2013-08-23 (Fri, 23 Aug 2013)

  Changed paths:
    M ckan/logic/__init__.py
    M ckan/tests/logic/test_init.py

  Log Message:
  -----------
  [#1210] Add auth_user_obj to context in check_access

If not already there or ignore_auth is True, and the context has a user
name, try to see if the user actually exists in the DB, and store the
object (or None if not found) in context['auth_user_obj']. The check if
performed only once per context object.


  Commit: 89767240d397e30597451a3f0fb267b0671d5d7b
      https://github.com/okfn/ckan/commit/89767240d397e30597451a3f0fb267b0671d5d7b
  Author: amercader <amercadero at gmail.com>
  Date:   2013-08-27 (Tue, 27 Aug 2013)

  Changed paths:
    M ckan/logic/__init__.py

  Log Message:
  -----------
  [#1210] Fix side_effect_free check

It should be in place if it is an action function from get.py and it
hasn't already been set.


  Commit: 923118ce89216bee2fb274d81f376deec97a638c
      https://github.com/okfn/ckan/commit/923118ce89216bee2fb274d81f376deec97a638c
  Author: amercader <amercadero at gmail.com>
  Date:   2013-08-27 (Tue, 27 Aug 2013)

  Changed paths:
    M ckan/logic/__init__.py
    M ckan/new_authz.py

  Log Message:
  -----------
  [#1210] Require a logged in user by default except for get actions

By default, any auth function not in get.py will not allow anonymous
access, ie will require a logged in user to be performed. Core auth
functions are automatically configured when building the `AuthFunctions`
cache, but two decorators are provided to allow defining exceptions
in both cases and extensions to define the behaviour on their own auth
functions. The decoratos are `auth_allow_anonymous_access` and
`auth_disllow_anonymous_access`.

`check_access` will check for the auth_allow_anonymous_access attribute
on the auth function, and if False and there isn't a validated user
object in the context, it will raise a NotAuthorized exception.


  Commit: 13f07b7f2a6fdfc26996a737503df11800203470
      https://github.com/okfn/ckan/commit/13f07b7f2a6fdfc26996a737503df11800203470
  Author: amercader <amercadero at gmail.com>
  Date:   2013-08-27 (Tue, 27 Aug 2013)

  Changed paths:
    M ckan/controllers/storage.py
    M ckan/logic/auth/create.py
    M ckan/logic/auth/update.py
    M ckan/tests/logic/test_init.py

  Log Message:
  -----------
  [#1210] Fix auth tests and tweak auth functions

Add the anon access decorator to some functions as they require it in
some circumstances.

The storage controller was calling `is_authorized_boolean` directly,
which should be never done (same for `is_authorized`).

It would be god to refactor password_reset out of user_update, so
user_update does not require anon access.


Compare: https://github.com/okfn/ckan/compare/c60cbbe3fe0e^...13f07b7f2a6f

More information about the ckan-changes mailing list