[ckan-dev] dataset permission

Khalegh Mamakani khalegh at highwaythreesolutions.com
Tue Mar 24 22:03:26 UTC 2015


Hi Pabitra,

Is it possible to create a special group  and add all special private records to the group? Tthen you need to add all the editors that can edit those records to the group as well. 
If that works, then all you need to to do in the auth function, is to check if both the dataset and the user belong to the same group.

Or, as you said, you can add a custom field to specify the special records. But, again you need a way to define who can edit those specific records. So, either you need to do that by adding a new role or by adding the user to a specific group.


-Khalegh
   
On Mar 23, 2015, at 11:10 PM, Pabitra Dash <pkdash_reena at hotmail.com> wrote:

> 
> Thanks Khalegh for your response. I have looked at the IAuthFunctions interface but still not sure how I will implement it to meet our requirements. We want only the editors who have been given editing permission to only specific private datatsets by the organization admin should be able to edit those datasets. We have not yet worked out a way first how an admin will give edit permission to  a selected user with editor role to edit a specific private dataset. I am thinking this can be somehow be implemented as dataset extra metadata where I should be able to store user ids for those users who have edit permission for that dataset. Then when implementing the IAuthFunction interface for 'pkg_update' I am assuming I can check if the current user is one of the users in the dataset metadata and accordingly return True or False.
> 
> Not sure if there is a better way to do this.
> 
> Pabitra
> 
> 
> From: khalegh at highwaythreesolutions.com
> Date: Mon, 23 Mar 2015 09:37:10 -0700
> To: ckan-dev at lists.okfn.org
> Subject: Re: [ckan-dev] dataset permission
> 
> Hi Pabitra,
> 
> You can achieve that by implementing IAuthFunctions interface : http://docs.ckan.org/en/latest/extensions/plugin-interfaces.html?highlight=iauth#ckan.plugins.interfaces.IAuthFunctions
> 
> Implement a custom auth function for package_update action and change the access rules based on the package private field.
> 
> -Khalegh
> 
> On Mar 23, 2015, at 9:27 AM, Pabitra Dash <pkdash_reena at hotmail.com> wrote:
> 
> 
> Hello All,
> 
> We have a requirement where an user with 'editor' role should be able to edit a dataset that is private. Any suggestions how we can achieve this?
> 
> Thanks,
> Pabitra
> Utah State University
> Logan, USA
> 
> _______________________________________________
> ckan-dev mailing list
> ckan-dev at lists.okfn.org
> https://lists.okfn.org/mailman/listinfo/ckan-dev
> Unsubscribe: https://lists.okfn.org/mailman/options/ckan-dev
> 
> 
> _______________________________________________ ckan-dev mailing list ckan-dev at lists.okfn.orghttps://lists.okfn.org/mailman/listinfo/ckan-dev Unsubscribe: https://lists.okfn.org/mailman/options/ckan-dev
> _______________________________________________
> ckan-dev mailing list
> ckan-dev at lists.okfn.org
> https://lists.okfn.org/mailman/listinfo/ckan-dev
> Unsubscribe: https://lists.okfn.org/mailman/options/ckan-dev

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.okfn.org/pipermail/ckan-dev/attachments/20150324/d7a090a6/attachment-0003.html>


More information about the ckan-dev mailing list