[ckan-discuss] Creating new roles

• Previous message: [ckan-discuss] Latvian translation of the DataHub
• Next message: [ckan-discuss] Latvian translation of the DataHub
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 02/29/2012 12:47 PM, Ruben Martin wrote:
>>> Docs 1.5.1 mentions the possibility of creating new roles in addition
>>> to the defaults. But i dont see any paster command to do that, nor any
>>> web administration page. So can i do that?
>>>
>>> The objective would be to have the datasets in a site divided into
>>> groups. Just users of a specific authorization group would have
>>> permissions to add/edit datasets in the respective group.
>>>
>>> But when we i try to do something similar to this:
>>> paster --plugin=ckan roles allow newroleX create-package read read-site
>>> paster --plugin=ckan rights make agroup:agroupX newroleX group:groupX
>>>
>>> I get the error:
>>> AssertionError: Role newroleX does not exist: anon_editor, admin, editor,
>>> reader

Can someone who's familiar with CKAN rights and roles help out with 
this? I'm afraid I don't know anything about this part of CKAN. I get 
the same problem that Ruben is getting:

1. Add some actions to a new role, presumably this is meant to 
implicitly create the new role?

paster --plugin=ckan roles allow newroleX create-package
paster --plugin=ckan roles allow newroleX read
paster --plugin=ckan roles allow newroleX read-site

Inside CKAN this makes a new RoleAction object and adds it to the model.

2. If you list the roles you'll now see your new role appears to have 
been created:

paster --plugin=ckan roles list

Inside CKAN this queries for RoleAction objects.

3. Now try to use your new role to make a right:

paster --plugin ckan rights make agroup:ibiasgrupo newroleX group:ibias

(Assuming you've already created the AuthorizationGroup and Group used.)

This crashes on line 76 in authztool.py, which looks for a Role object 
matching newroleX. But the earlier `roles allow` command only created a 
RoleAction object. Looking at the definition's of these things, it looks 
like RoleAction.role is meant to be a foreign key but it's not enforced, 
hence we can create a RoleAction for a role that doesn't exist.

• Previous message: [ckan-discuss] Latvian translation of the DataHub
• Next message: [ckan-discuss] Latvian translation of the DataHub
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]