Private label is only shown where the user cannot read the package. Owner label is shown when the user is the owner (even if the dataset is public)

ckanext/privatedatasets/helpers.py

@@ -1,5 +1,6 @@
 import ckan.model as model
 import ckan.plugins.toolkit as tk
+import auth
 import db
 
 
@@ -25,3 +26,11 @@ def get_allowed_users_str(users):
         return ','.join([user for user in users])
     else:
         return ''
+
+
+def can_read(pkg_dict):
+    if tk.c.userobj and tk.c.userobj.sysadmin:
+        return True
+    else:
+        context = {'user': tk.c.user, 'auth_user_obj': tk.c.userobj, 'model': model}
+        return auth.package_show(context, pkg_dict)['success'] is True

ckanext/privatedatasets/plugin.py

@@ -233,4 +233,5 @@ class PrivateDatasets(p.SingletonPlugin, tk.DefaultDatasetForm):
     def get_helpers(self):
         return {'privatedatasets_adquired': helpers.is_adquired,
                 'get_allowed_users_str': helpers.get_allowed_users_str,
-                'is_owner': helpers.is_owner}
+                'is_owner': helpers.is_owner,
+                'can_read': helpers.can_read}

ckanext/privatedatasets/templates/snippets/package_item.html

@@ -26,7 +26,7 @@ Example:
   {% block package_item_content %}
     <div class="dataset-content">
       <h3 class="dataset-heading">
-        {% if package.private and not adquired and not owner %}
+        {% if package.private and not adquired and not owner and not h.can_read(package) %}
           <span class="dataset-private label label-inverse">
             <i class="icon-lock"></i>
             {{ _('Private') }}
@@ -38,7 +38,7 @@ Example:
             {{ _('Adquired') }}
           </span>
         {% endif %}
-        {% if owner and package.private %}
+        {% if owner %}
           <span class="dataset-private label label-owner">
             <i class="icon-user"></i>
             {{ _('Owner') }}

ckanext/privatedatasets/tests/test_helpers.py

@@ -18,10 +18,14 @@ class HelpersTest(unittest.TestCase):
         self._db = helpers.db
         helpers.db = MagicMock()
 
+        self._auth = helpers.auth
+        helpers.auth = MagicMock()
+
     def tearDown(self):
         helpers.model = self._model
         helpers.tk = self._tk
         helpers.db = self._db
+        helpers.auth = self._auth
 
     @parameterized.expand([
         (False, 'user', False),
@@ -76,3 +80,23 @@ class HelpersTest(unittest.TestCase):
     ])
     def test_get_allowed_users_str(self, allowed_users, expected_result):
         self.assertEquals(expected_result, helpers.get_allowed_users_str(allowed_users))
+
+    @parameterized.expand([
+        (None,  False, False),
+        (None,  True,  True),
+        (True,  False, True),
+        (True,  True,  True),
+        (False, False, False),
+        (False, True,  True)
+    ])
+    def test_can_read(self, sysadmin, auth_result, expected_result):
+        if sysadmin is not None:
+            helpers.tk.c.userobj.sysadmin = sysadmin
+        else:
+            helpers.tk.c.userobj = None
+
+        helpers.auth.package_show = MagicMock(return_value={'success': auth_result})
+
+        # Call the function
+        package = {'id': 1}
+        self.assertEquals(expected_result, helpers.can_read(package))

ckanext/privatedatasets/tests/test_plugin.py

@@ -83,7 +83,8 @@ class PluginTest(unittest.TestCase):
     @parameterized.expand([
         ('privatedatasets_adquired', plugin.helpers.is_adquired),
         ('get_allowed_users_str',    plugin.helpers.get_allowed_users_str),
-        ('is_owner',                 plugin.helpers.is_owner)
+        ('is_owner',                 plugin.helpers.is_owner),
+        ('can_read',                 plugin.helpers.can_read)
     ])
     def test_helpers_functions(self, function_name, expected_function):
         helpers_functions = self.privateDatasets.get_helpers()