[ckan-dev] problem with members / organizations (2.4.0)
Koebrick, Andrew (MNIT)
andrew.koebrick at state.mn.us
Mon Dec 14 19:41:30 UTC 2015
Indeed the problem turns out to have been a part of our plugin. I was calling both get_action('dataset_follower_list') and get_action('user_list') and did not realize that dataset_follower_list would need to be overridden via IAuthFunctions.
Thanks for the write back!
Andrew
-----Original Message-----
From: ckan-dev [mailto:ckan-dev-bounces at lists.okfn.org] On Behalf Of Hendrik Bunke
Sent: Wednesday, December 09, 2015 8:16 AM
To: CKAN Development Discussions <ckan-dev at lists.okfn.org>
Subject: Re: [ckan-dev] problem with members / organizations (2.4.0)
Wild guess: are you having any plugins in place that might change the context for resource_update here?
You might place a pdb at ckan.logic.check_access and check which user context has.
good luck
hendrik
--On 2015-12-08 20:56, Koebrick, Andrew (MNIT) wrote:
> We are bumping into problems which I hope are just configuration issues rather than bugs. We have a number of organizations, each of which have users. These users are not able to update resources, and their session gets terminated. Here is a list of users in an organization. I am attempting to do the changes with the "Andrew- non sysadmin" test account:
>
> [cid:image004.jpg at 01D131C8.9F63C0B0]
>
> The organization has a few test resources:
>
> [cid:image005.jpg at 01D131C8.9F63C0B0]
>
> If a non sysadmin user goes in and attempts to edit the description(or any other metadata for a datasets, they get booted out. Here is the attempt to change the resource:
>
> [cid:image006.jpg at 01D131C8.9F63C0B0]
>
> And here is what happens which "Update Resource" is clicked:
>
> [cid:image007.jpg at 01D131C8.9F63C0B0]
>
> In case it is a problem with our .ini file, here are our settings:
>
>
> ## Authorization Settings
>
> ckan.auth.anon_create_dataset = false
> ckan.auth.create_unowned_dataset = false
> ckan.auth.create_dataset_if_not_in_organization = false
> ckan.auth.user_create_groups = false
> ckan.auth.user_create_organizations = false
> ckan.auth.user_delete_groups = true
> ckan.auth.user_delete_organizations = true
> ckan.auth.create_user_via_api = false ckan.auth.create_user_via_web =
> true ckan.auth.roles_that_cascade_to_sub_groups = admin ckan.site_url
> = https://devel.ng911.gisdata.mn.gov
>
>
> Shouldn't all Admin users of an organization have rights to edit all resources owned by the organization? Are there any other diagnostics (paster commands for example) that might shed more light on what is going wrong?
>
> Many thinks for any help you can supply.
>
>
>
>
> Andrew Koebrick | MINNESOTA GEOSPATIAL INFORMATION OFFICE Web
> Coordinator / Systems administrator / Librarian MN.IT Services @ MNGEO
> 651-201-2465 (w) | 651-296-6398 (f) | andrew.koebrick at state.mn.us<mailto:andrew.koebrick at state.mn.us>
> 658 Cedar St., Room 300, St. Paul, MN 55155,
> www.mngeo.state.mn.us<http://www.mngeo.state.mn.us/>
>
> [cid:image002.jpg at 01CE61F8.52552AE0]<http://www.mn.gov/oet>
>
> Information Technology for Minnesota Government | mn.gov/mnit<http://www.mn.gov/oet>
>
>
>
> _______________________________________________
> ckan-dev mailing list
> ckan-dev at lists.okfn.org
> https://lists.okfn.org/mailman/listinfo/ckan-dev
> Unsubscribe: https://lists.okfn.org/mailman/options/ckan-dev
--
Dr. Hendrik Bunke
http://twitter.com/hbunke
_______________________________________________
ckan-dev mailing list
ckan-dev at lists.okfn.org
https://lists.okfn.org/mailman/listinfo/ckan-dev
Unsubscribe: https://lists.okfn.org/mailman/options/ckan-dev
More information about the ckan-dev
mailing list