[ckan-dev] Restrict visible groups in _group_or_organization_list()
Knud Möller
knud at datalysator.com
Tue Apr 17 11:05:41 UTC 2018
Hi,
I have a use case where I want to hide certain groups (organizations) from
non-admin users. To achieve this, I have implemented IAuthFunction’s
group_show() to return { ‘success’: False } for certain groups.
I would also like to remove these groups from the result of group_list() /
organization_list(). As far as I understand, there is no way to achieve
this with a plugin. Instead, I believe I have to change
_group_or_organization_list() in ckan.logic.action.get. Basically, what I
doing is catching NotAuthorized Exceptions both for all_fields = True and
False (ckan.logic.action.get.py, from line 413):
--------------
def _group_or_org_list(context, data_dict, is_org=False):
…
action_name = 'organization_show' if is_org else 'group_show'
action = logic.get_action(action_name)
if all_fields:
group_list = []
for group in groups:
data_dict['id'] = group.id
for key in ('include_extras', 'include_tags', 'include_users',
'include_groups', 'include_followers'):
if key not in data_dict:
data_dict[key] = False
try:
group_list.append(action(context, data_dict))
except logic.NotAuthorized:
pass
else:
group_list = []
for group in groups:
data_dict = { 'id' : group.id }
try:
logic.check_access(action_name, context, data_dict)
group_list.append(getattr(group, ref_group_by))
except logic.NotAuthorized:
pass
return group_list
--------------
So, I have two questions:
- Is this a “good” way of implementing my use case?
- Is this of general interest? In that case, I’m happy to make a PR.
Cheers,
Knud
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.okfn.org/pipermail/ckan-dev/attachments/20180417/dc894118/attachment-0002.html>
More information about the ckan-dev
mailing list