[ckan-dev] Permissions and workflows

Pabitra Dash pkdash_reena at hotmail.com
Mon Jun 9 16:27:21 UTC 2014


Hello Alice,
We had a similar workflow issue that we solved via an extension that we implemented. Basically the extension hides the Edit button for a displayed dataset if the user is not the owner of the dataset.
Pabitra


> Date: Mon, 9 Jun 2014 17:14:17 +0100
> From: a.heaton at nhm.ac.uk
> To: ckan-dev at lists.okfn.org
> Subject: [ckan-dev] Permissions and workflows
> 
> Hello,
> 
> I notice that CKAN permissions are per-organization, and that a given 
> user will have the same permission for all the datasets within that 
> organization. I can see that this was a deliberate choice, and I was 
> wondering what the intended workflow was.
> 
> My aim was to allow users to edit only the datasets they created. As it 
> is, it seems I would need an organization per user which seems quite 
> redundant. Is this because the intended workflow excludes this approach? 
> Am I thinking about this wrongly?
> 
> Or is this the kind of things that was left for extensions to implement? 
> I can see it would be possible to implement this in an extension - by 
> implementing IAuthFunctions to override the permissions for 
> package_update, resource_update, resource_view_update, etc. The dataset 
> creator is available as creator_user_id.
> 
> Creating a new role (to differentiate these users from editors who can 
> still edit all datasets) is not as straightforward. I did not see any 
> API for this. It is possible (by adding the role in 
> new_authz.ROLE_PERMISSIONS) but that also requires injecting a function 
> in the module ckan.new_authz to provide the translated string for that 
> role (ckan.new_authz._trans_role_<role name>), which is obviously not a 
> reliable thing to do.
> 
> Any thoughts on the alternative workflows for this or implementation 
> ideas are welcome :-)
> 
> Thanks,
> Alice
> 
> _______________________________________________
> ckan-dev mailing list
> ckan-dev at lists.okfn.org
> https://lists.okfn.org/mailman/listinfo/ckan-dev
> Unsubscribe: https://lists.okfn.org/mailman/options/ckan-dev
 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.okfn.org/pipermail/ckan-dev/attachments/20140609/c772e9cc/attachment-0003.html>


More information about the ckan-dev mailing list