[ckan-dev] Review request + Import info regarding authorization

Adrià Mercader adria.mercader at okfn.org
Mon Jul 9 15:55:11 UTC 2012


Hi all,

I've just pushed a new branch meant to be in 1.8, which includes
changes regarding the default authorization settings for new datasets:

https://github.com/okfn/ckan/pull/56

It would be great if someone could have a look at it.

The actual update involves literally some small changes in a couple of
lines, but they have big repercussions on how authorization is
handled. That's why most of the changes are related to fixing auth
tests.

Basically the auth changes are:

    * Only logged in users are able to create datasets and upload files
    * Only the user that created the dataset can edit it by default

Please bear those in mind from now on (or when this gets merged into
master), specially when writing tests. In a nutshell, every time some
editing is tested, either via wui or api, a valid user with
permissions on the dataset must be provided, e.g.:

        offset = url_for(controller='package', action='edit', id=myid)
        self.app.get(offset,extra_environ={'REMOTE_USER': 'russianfan'})

    or:

        res = self.app.post('/api/action/resource_create', params=postparams,
                             extra_environ={'Authorization': api_key })


Although I manage to get all tests working again, this can potentially
cause issues in different areas of the code that the tests may be
missing (storage, datastore, activity streams...), so I you think that
may affect them, please give it a test.

Let me know any comments or doubts.


Cheers,

Adrià




More information about the ckan-dev mailing list