From 4787b443159999c9c957882e024ba69c5ecfb09d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Aitor=20Mag=C3=A1n?= Date: Thu, 19 Feb 2015 17:02:10 +0100 Subject: [PATCH] Return Acquire URL in package_show action --- ckanext/privatedatasets/plugin.py | 13 +++++++++---- ckanext/privatedatasets/tests/test_plugin.py | 4 ++-- 2 files changed, 11 insertions(+), 6 deletions(-) diff --git a/ckanext/privatedatasets/plugin.py b/ckanext/privatedatasets/plugin.py index cfa6c6a..e76fd10 100644 --- a/ckanext/privatedatasets/plugin.py +++ b/ckanext/privatedatasets/plugin.py @@ -29,6 +29,9 @@ import db import helpers as helpers +HIDDEN_FIELDS = [constants.ALLOWED_USERS, constants.SEARCHABLE] + + class PrivateDatasets(p.SingletonPlugin, tk.DefaultDatasetForm): p.implements(p.IDatasetForm) @@ -222,12 +225,13 @@ class PrivateDatasets(p.SingletonPlugin, tk.DefaultDatasetForm): user_obj = context.get('auth_user_obj') updating_via_api = context.get(constants.CONTEXT_CALLBACK, False) - # allowed_users, searchable and acquire_url fileds can be only viewed by (and only if the dataset is private): + # allowed_users and searchable fileds can be only viewed by (and only if the dataset is private): # * the dataset creator # * the sysadmin # * users allowed to update the allowed_users list via the notification API if pkg_dict.get('private') is False or not updating_via_api and (not user_obj or (pkg_dict['creator_user_id'] != user_obj.id and not user_obj.sysadmin)): - attrs = [constants.ALLOWED_USERS, constants.SEARCHABLE, constants.ACQUIRE_URL] + # The original list cannot be modified + attrs = list(HIDDEN_FIELDS) self._delete_pkg_atts(pkg_dict, attrs) return pkg_dict @@ -250,8 +254,9 @@ class PrivateDatasets(p.SingletonPlugin, tk.DefaultDatasetForm): def after_search(self, search_results, search_params): for result in search_results['results']: # Extra fields should not be returned - attrs = [constants.ALLOWED_USERS, constants.SEARCHABLE, constants.ACQUIRE_URL] - + # The original list cannot be modified + attrs = list(HIDDEN_FIELDS) + # Additionally, resources should not be included if the user is not allowed # to show the resource context = { diff --git a/ckanext/privatedatasets/tests/test_plugin.py b/ckanext/privatedatasets/tests/test_plugin.py index 0331872..5c63d26 100644 --- a/ckanext/privatedatasets/tests/test_plugin.py +++ b/ckanext/privatedatasets/tests/test_plugin.py @@ -257,7 +257,7 @@ class PluginTest(unittest.TestCase): result = self.privateDatasets.after_show(context, pkg_dict) # Call the function # Check the final result - fields = ['allowed_users', 'searchable', 'acquire_url'] + fields = ['allowed_users', 'searchable'] for field in fields: if fields_expected: self.assertTrue(field in result) @@ -426,7 +426,7 @@ class PluginTest(unittest.TestCase): for result in final_search_results['results']: self.assertNotIn('allowed_users', result) self.assertNotIn('searchable', result) - self.assertNotIn('acquire_url', result) + self.assertIn('acquire_url', result) for remaining_field in remaining_fields: self.assertIn(remaining_field, result)