[ckan-dev] Issues with organization in CKAN 2.0b

Sean Hammond sean.hammond at okfn.org
Mon Feb 11 11:39:46 UTC 2013


> I'm now working on a CKAN version 2.0b om a debian distribution. It all
> works fine except authorization.
> 
> I have followed this page: http://docs.ckan.org/en/latest/authorization.html
> and I assume that I have to insert:

That documentation page is out of date, the authorization system it
describes has been removed from CKAN 2.0.

Proper documentation for the new organization-based authorization still
needs to be written. In the meantime, this page describes the default
behaviour:

http://docs.ckan.org/en/latest/organizations_and_groups.html?highlight=organizations

There are a number of simple True/False settings that you can put in
your ckan config file to customise the new auth (look for calls to
check_config_permission() in the source):

create_unowned_dataset
user_delete_groups
user_delete_organizations
anon_create_dataset
create_dataset_if_not_in_organization
user_create_groups
user_create_organizations
create_user_via_api

For example, to lock everything down:

ckan.auth.anon_create_dataset = False
ckan.auth.create_dataset_if_not_in_organization = False
ckan.auth.create_unowned_dataset = False
ckan.auth.user_create_groups = False
ckan.auth.user_create_organizations = False
ckan.auth.user_delete_groups = False
ckan.auth.user_delete_organizations = False
ckan.auth.create_user_via_api = False

If you want more control than that, you can implement the IAuthFunctions
plugin interface, and add your own auth functions or override existing
ones. (The existing auth functions are all defined in
ckan/logic/auth/*.py).




More information about the ckan-dev mailing list