[ckan-dev] Groups and permissions
Friedrich Lindenberg
friedrich.lindenberg at okfn.org
Fri Feb 25 13:02:59 UTC 2011
Hi Seb,
On Fri, Feb 25, 2011 at 12:43 PM, Seb Bacon <seb.bacon at okfn.org> wrote:
> I understand you did something like this for IATA, where a Department
> is mapped onto a Group, and the authorisation is somehow restricted to
> groups?
Yes, the setup there is interesting/awkward: Each department is
implemented as a (package) group with an attached "shadow"
authorization group. Changes to the pkg group - such as new members -
are partially passed on to the authz group which is also made the
owner of any new package that is created by members of the group. This
way, we can establish "collective ownership" of packages: normal users
cannot edit packages but any member of the same AuthzGroup/Group can.
> If you could point me at any code / documentation or perhaps we should
> have a chat next week, that would be great
The relevant code for this is
https://bitbucket.org/okfn/ckanextiati/src/b2aa3a72c482/ckanext/iati/authz.py
- and I'd be happy to walk you through it next week - just ping me on
Skype.
- Friedrich
More information about the ckan-dev
mailing list