[ckan-dev] Sysadmin auth checks
Toby Dacre
toby.okfn at gmail.com
Wed Sep 5 14:45:23 UTC 2012
On 5 September 2012 14:48, Ross Jones <ross.jones at okfn.org> wrote:
> Hi,
>
> As the logic.auth functions are littered with checks along the lines of
>
> if Authorizer().is_sysadmin(unicode(user)):
> return {'success': True}
>
> I wondered if it would make more sense to move this check up into
> check_access()
> instead of in each individual function. It does mean that sysadmin's can
> do anything
> but this shouldn't be too controversial.
>
> That would seem sensible to me but I'd do it as a separate branch to keep
things easier to review
> Can anyone see, or suggest, any reasons why I shouldn't do this?
>
> Ross
>
>
> _______________________________________________
> ckan-dev mailing list
> ckan-dev at lists.okfn.org
> http://lists.okfn.org/mailman/listinfo/ckan-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.okfn.org/pipermail/ckan-dev/attachments/20120905/94396ef8/attachment-0001.html>
More information about the ckan-dev
mailing list