[ckan-dev] CKAN 2 permissions / publisher mode question

Sean Hammond sean.hammond at okfn.org
Wed Feb 6 10:31:12 UTC 2013


Thanks for the pull request, we'll take a look at it.

Yes, the new ckan.auth.* options still need to be documented for CKAN
2.0.

Keep in mind that the IAuth plugin interfaces allows a CKAN plugin to
override any of CKAN's authorization functions (or to add its own), so
even without your pull request in core you can still use a ckan
extension to get the "locked down" behaviour that you want for your
site.

On Tue, Feb 05, 2013 at 09:05:00AM -0500, Joshua Tauberer wrote:
> On 02/04/2013 06:57 AM, Sean Hammond wrote:
> >This publisher mode is no longer used in CKAN 2.0. 2.0 has a new
> >"organizations" feature, enabled by default, that does what the
> >publisher mode did and more.
> 
> Hi, Sean. This is great, and much better/easier than the old auth system.
> 
> After some digging I saw some options that are also critical for a
> publisher mode that would need to be set to false:
> 
>     ckan.auth.create_dataset_if_not_in_organization = false
>     ckan.auth.user_create_organizations = false
> 
> I think these two would be enough to prevent anonymous users from
> registering and creating datasets.
> 
> But I don't know if there are other things registered user can do,
> or will be able to do in the future. So I really don't want users
> registering at all.
> 
> So I just submitted a pull request to create a new option
> ckan.auth.create_user that would prevent all new user registrations.
> The idea would be that in a locked-down publisher mode, you would
> create the users you need first and then set this option to false to
> prevent further users from being created.
> 
> This is pretty important for us at hub.healthdata.gov, so I hope
> you'll consider it for 2.0.
> 
> https://github.com/okfn/ckan/pull/356
> 
> Thanks,
> 
> -- 
> - Joshua Tauberer
> - http://razor.occams.info
> 

> _______________________________________________
> ckan-dev mailing list
> ckan-dev at lists.okfn.org
> http://lists.okfn.org/mailman/listinfo/ckan-dev
> Unsubscribe: http://lists.okfn.org/mailman/options/ckan-dev





More information about the ckan-dev mailing list