[ckan-dev] dataset permission

Wed Mar 25 03:59:09 UTC 2015

Hi Khalegh,
The first option you have suggested (the datatset group) seems to be the easier option for me to try.
Thanks again.Pabitra

From: khalegh at highwaythreesolutions.com
Date: Tue, 24 Mar 2015 15:03:26 -0700
To: ckan-dev at lists.okfn.org
Subject: Re: [ckan-dev] dataset permission

Hi Pabitra,
Is it possible to create a special group  and add all special private records to the group? Tthen you need to add all the editors that can edit those records to the group as well. If that works, then all you need to to do in the auth function, is to check if both the dataset and the user belong to the same group.
Or, as you said, you can add a custom field to specify the special records. But, again you need a way to define who can edit those specific records. So, either you need to do that by adding a new role or by adding the user to a specific group.

-Khalegh   
On Mar 23, 2015, at 11:10 PM, Pabitra Dash <pkdash_reena at hotmail.com> wrote:
Thanks Khalegh for your response. I have looked at the IAuthFunctions interface but still not sure how I will implement it to meet our requirements. We want only the editors who have been given editing permission to only specific private datatsets by the organization admin should be able to edit those datasets. We have not yet worked out a way first how an admin will give edit permission to  a selected user with editor role to edit a specific private dataset. I am thinking this can be somehow be implemented as dataset extra metadata where I should be able to store user ids for those users who have edit permission for that dataset. Then when implementing the IAuthFunction interface for 'pkg_update' I am assuming I can check if the current user is one of the users in the dataset metadata and accordingly return True or False.
Not sure if there is a better way to do this.
Pabitra

From: khalegh at highwaythreesolutions.com
Date: Mon, 23 Mar 2015 09:37:10 -0700
To: ckan-dev at lists.okfn.org
Subject: Re: [ckan-dev] dataset permission

Hi Pabitra,
You can achieve that by implementing IAuthFunctions interface : http://docs.ckan.org/en/latest/extensions/plugin-interfaces.html?highlight=iauth#ckan.plugins.interfaces.IAuthFunctions
Implement a custom auth function for package_update action and change the access rules based on the package private field.
-Khalegh
On Mar 23, 2015, at 9:27 AM, Pabitra Dash <pkdash_reena at hotmail.com> wrote:
Hello All,
We have a requirement where an user with 'editor' role should be able to edit a dataset that is private. Any suggestions how we can achieve this?
Thanks,PabitraUtah State UniversityLogan, USA

_______________________________________________
ckan-dev mailing list
ckan-dev at lists.okfn.org
https://lists.okfn.org/mailman/listinfo/ckan-dev
Unsubscribe: https://lists.okfn.org/mailman/options/ckan-dev

_______________________________________________ ckan-dev mailing list ckan-dev at lists.okfn.orghttps://lists.okfn.org/mailman/listinfo/ckan-dev Unsubscribe: https://lists.okfn.org/mailman/options/ckan-dev_______________________________________________
ckan-dev mailing list
ckan-dev at lists.okfn.org
https://lists.okfn.org/mailman/listinfo/ckan-dev
Unsubscribe: https://lists.okfn.org/mailman/options/ckan-dev

_______________________________________________
ckan-dev mailing list
ckan-dev at lists.okfn.org
https://lists.okfn.org/mailman/listinfo/ckan-dev
Unsubscribe: https://lists.okfn.org/mailman/options/ckan-dev 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.okfn.org/pipermail/ckan-dev/attachments/20150324/f95321f5/attachment-0003.html>