[ckan-dev] Auth changes - branch 2939
Sean Hammond
sean.hammond at okfn.org
Fri Oct 12 14:46:19 UTC 2012
> > - We still seem to be using the roles, rights and actions
> >
> > could you clarify? Do you meant the ones in new_authz?
Ah, I think the ROLE_PERMISSIONS dict in new_authz.py with admin, editor
and member roles and read, update, delete_dataset etc. actions fooled
me. But now that I look more closely, it looks like these are only used
for a couple of groups and orgs auth functions.
So I think we need to remove the chapter in the docs about the old
roles/actions/objects then, since ckan/authz.py is gone now. And
probably need to write a chapter about the new system.
I think maybe ckan/new_authz.py should be ckan/logic/auth/__init__.py,
and some of the functions could be in ckan/logic/auth/helpers.py or
somewhere like that, because they seem like helper functions for the
auth functions. Except for is_authorized() itself and its helper
is_sysadmin(), and maybe a couple of others.
P.S. I think we could also do away with the concept of 'auth profiles'
if it is not gone already. I saw that the publisher auth profile is
gone. It just seems that if we have IAuthFunctions then an auth profile
could just be an IAuthFunctions plugin that overrides all the auth
functions. So do we need auth profiles?
More information about the ckan-dev
mailing list