harvester-d4science/ckanext/harvest/logic/auth/update.py

from ckan.plugins import toolkit as pt
from ckanext.harvest.logic.auth import user_is_sysadmin


def harvest_source_update(context, data_dict):
    '''
        Authorization check for harvest source update

        It forwards the checks to package_update, which will check for
        organization membership, whether if sysadmin, etc according to the
        instance configuration.
    '''
    model = context.get('model')
    user = context.get('user')
    source_id = data_dict['id']

    pkg = model.Package.get(source_id)
    if not pkg:
        raise pt.ObjectNotFound(pt._('Harvest source not found'))

    context['package'] = pkg

    try:
        pt.check_access('package_update', context, data_dict)
        return {'success': True}
    except pt.NotAuthorized:
        return {'success': False,
                'msg': pt._('User {0} not authorized to update harvest source {1}').format(user, source_id)}

def harvest_sources_clear(context, data_dict):
    '''
        Authorization check for clearing history for all harvest sources

        Only sysadmins can do it
    '''
    if not user_is_sysadmin(context):
        return {'success': False, 'msg': pt._('Only sysadmins can clear history for all harvest jobs')}
    else:
        return {'success': True}

def harvest_source_clear(context, data_dict):
    '''
        Authorization check for clearing a harvest source

        It forwards to harvest_source_update
    '''
    return harvest_source_update(context, data_dict)

def harvest_objects_import(context, data_dict):
    '''
        Authorization check reimporting all harvest objects

        Only sysadmins can do it
    '''
    if not user_is_sysadmin(context):
        return {'success': False, 'msg': pt._('Only sysadmins can reimport all harvest objects')}
    else:
        return {'success': True}


def harvest_jobs_run(context, data_dict):
    '''
        Authorization check for running the pending harvest jobs

        Only sysadmins can do it
    '''
    if not user_is_sysadmin(context):
        return {'success': False, 'msg': pt._('Only sysadmins can run the pending harvest jobs')}
    else:
        return {'success': True}


def harvest_send_job_to_gather_queue(context, data_dict):
    '''
        Authorization check for sending a job to the gather queue

        It forwards the checks to harvest_job_create, ie the user can only run
        the job if she is allowed to create the job.
    '''
    from ckanext.harvest.logic.auth.create import harvest_job_create
    return harvest_job_create(context, data_dict)


def harvest_job_abort(context, data_dict):
    '''
        Authorization check for aborting a running harvest job

        Same permissions as running one
    '''
    return harvest_jobs_run(context, data_dict)


def harvest_sources_reindex(context, data_dict):
    '''
        Authorization check for reindexing all harvest sources

        Only sysadmins can do it
    '''
    if not user_is_sysadmin(context):
        return {'success': False, 'msg': pt._('Only sysadmins can reindex all harvest sources')}
    else:
        return {'success': True}

def harvest_source_reindex(context, data_dict):
    '''
        Authorization check for reindexing a harvest source

        It forwards to harvest_source_update
    '''
    return harvest_source_update(context, data_dict)
[#4] Refactor authorization functions The authorization functions have been refactored to take into account both the new organizaton based authorization on CKAN core and the harvest source datasets. Basically at the source level, authorization checks are forwarded to the relevant package auth function (package_create, package_update, etc.) wich will check for organizations membership, sysadmin, etc. Also we only use functions available on the plugins toolkit whenever possible. 2013-01-09 18:26:48 +01:00			`from ckan.plugins import toolkit as pt`
			`from ckanext.harvest.logic.auth import user_is_sysadmin`
[logic,auth] Add auth logic layer The first version of the auth layer is based on the current policy, i.e. you need to be sysadmin to perform any action. TODO: the CLI is still not working. 2012-03-01 13:02:16 +01:00
[#4] Refactor authorization functions The authorization functions have been refactored to take into account both the new organizaton based authorization on CKAN core and the harvest source datasets. Basically at the source level, authorization checks are forwarded to the relevant package auth function (package_create, package_update, etc.) wich will check for organizations membership, sysadmin, etc. Also we only use functions available on the plugins toolkit whenever possible. 2013-01-09 18:26:48 +01:00
			`def harvest_source_update(context, data_dict):`
			`'''`
			`Authorization check for harvest source update`

			`It forwards the checks to package_update, which will check for`
			`organization membership, whether if sysadmin, etc according to the`
			`instance configuration.`
			`'''`
			`model = context.get('model')`
[logic,auth] Add auth logic layer The first version of the auth layer is based on the current policy, i.e. you need to be sysadmin to perform any action. TODO: the CLI is still not working. 2012-03-01 13:02:16 +01:00			`user = context.get('user')`
[#4] Refactor authorization functions The authorization functions have been refactored to take into account both the new organizaton based authorization on CKAN core and the harvest source datasets. Basically at the source level, authorization checks are forwarded to the relevant package auth function (package_create, package_update, etc.) wich will check for organizations membership, sysadmin, etc. Also we only use functions available on the plugins toolkit whenever possible. 2013-01-09 18:26:48 +01:00			`source_id = data_dict['id']`
[logic,auth] Add auth logic layer The first version of the auth layer is based on the current policy, i.e. you need to be sysadmin to perform any action. TODO: the CLI is still not working. 2012-03-01 13:02:16 +01:00
[#4] Refactor authorization functions The authorization functions have been refactored to take into account both the new organizaton based authorization on CKAN core and the harvest source datasets. Basically at the source level, authorization checks are forwarded to the relevant package auth function (package_create, package_update, etc.) wich will check for organizations membership, sysadmin, etc. Also we only use functions available on the plugins toolkit whenever possible. 2013-01-09 18:26:48 +01:00			`pkg = model.Package.get(source_id)`
			`if not pkg:`
			`raise pt.ObjectNotFound(pt._('Harvest source not found'))`

			`context['package'] = pkg`

			`try:`
			`pt.check_access('package_update', context, data_dict)`
[logic,auth] Add auth logic layer The first version of the auth layer is based on the current policy, i.e. you need to be sysadmin to perform any action. TODO: the CLI is still not working. 2012-03-01 13:02:16 +01:00			`return {'success': True}`
[#4] Fix typo in auth functions 2013-01-16 13:56:58 +01:00			`except pt.NotAuthorized:`
[#4] Refactor authorization functions The authorization functions have been refactored to take into account both the new organizaton based authorization on CKAN core and the harvest source datasets. Basically at the source level, authorization checks are forwarded to the relevant package auth function (package_create, package_update, etc.) wich will check for organizations membership, sysadmin, etc. Also we only use functions available on the plugins toolkit whenever possible. 2013-01-09 18:26:48 +01:00			`return {'success': False,`
			`'msg': pt._('User {0} not authorized to update harvest source {1}').format(user, source_id)}`
[logic,auth] Add auth logic layer The first version of the auth layer is based on the current policy, i.e. you need to be sysadmin to perform any action. TODO: the CLI is still not working. 2012-03-01 13:02:16 +01:00
Add clearsource history command 2016-10-28 11:29:27 +02:00			`def harvest_sources_clear(context, data_dict):`
			`'''`
			`Authorization check for clearing history for all harvest sources`

			`Only sysadmins can do it`
			`'''`
			`if not user_is_sysadmin(context):`
			`return {'success': False, 'msg': pt._('Only sysadmins can clear history for all harvest jobs')}`
			`else:`
			`return {'success': True}`

add harvest source clear 2013-03-25 12:39:00 +01:00			`def harvest_source_clear(context, data_dict):`
[#34] Allow all authorized users for a source to clear it 2013-05-16 18:57:59 +02:00			`'''`
			`Authorization check for clearing a harvest source`

			`It forwards to harvest_source_update`
			`'''`
			`return harvest_source_update(context, data_dict)`
[logic,auth] Add auth logic layer The first version of the auth layer is based on the current policy, i.e. you need to be sysadmin to perform any action. TODO: the CLI is still not working. 2012-03-01 13:02:16 +01:00
[#4] Refactor authorization functions The authorization functions have been refactored to take into account both the new organizaton based authorization on CKAN core and the harvest source datasets. Basically at the source level, authorization checks are forwarded to the relevant package auth function (package_create, package_update, etc.) wich will check for organizations membership, sysadmin, etc. Also we only use functions available on the plugins toolkit whenever possible. 2013-01-09 18:26:48 +01:00			`def harvest_objects_import(context, data_dict):`
			`'''`
			`Authorization check reimporting all harvest objects`

			`Only sysadmins can do it`
			`'''`
			`if not user_is_sysadmin(context):`
			`return {'success': False, 'msg': pt._('Only sysadmins can reimport all harvest objects')}`
[logic,auth] Add auth logic layer The first version of the auth layer is based on the current policy, i.e. you need to be sysadmin to perform any action. TODO: the CLI is still not working. 2012-03-01 13:02:16 +01:00			`else:`
			`return {'success': True}`


[#4] Refactor authorization functions The authorization functions have been refactored to take into account both the new organizaton based authorization on CKAN core and the harvest source datasets. Basically at the source level, authorization checks are forwarded to the relevant package auth function (package_create, package_update, etc.) wich will check for organizations membership, sysadmin, etc. Also we only use functions available on the plugins toolkit whenever possible. 2013-01-09 18:26:48 +01:00			`def harvest_jobs_run(context, data_dict):`
			`'''`
			`Authorization check for running the pending harvest jobs`

			`Only sysadmins can do it`
			`'''`
			`if not user_is_sysadmin(context):`
			`return {'success': False, 'msg': pt._('Only sysadmins can run the pending harvest jobs')}`
[logic,auth] Add auth logic layer The first version of the auth layer is based on the current policy, i.e. you need to be sysadmin to perform any action. TODO: the CLI is still not working. 2012-03-01 13:02:16 +01:00			`else:`
			`return {'success': True}`
Add command for reindex all harvest sources 2013-01-22 17:43:25 +01:00
[#111] Run jobs straight away. 2015-10-28 22:58:36 +01:00
			`def harvest_send_job_to_gather_queue(context, data_dict):`
			`'''`
			`Authorization check for sending a job to the gather queue`

			`It forwards the checks to harvest_job_create, ie the user can only run`
			`the job if she is allowed to create the job.`
			`'''`
[#212] Fixes #212 - auth for harvest_job_create was broken. 2015-12-09 16:50:05 +01:00			`from ckanext.harvest.logic.auth.create import harvest_job_create`
[#111] Run jobs straight away. 2015-10-28 22:58:36 +01:00			`return harvest_job_create(context, data_dict)`


Add run_test, job_abort, source commands * run_test - for running a whole harvest on the command-line * job_abort - for aborting a limbo job * source - for showing a single harvest source * allowing a source to be specified by name in several commands 2015-10-28 18:51:58 +01:00			`def harvest_job_abort(context, data_dict):`
			`'''`
			`Authorization check for aborting a running harvest job`

			`Same permissions as running one`
			`'''`
			`return harvest_jobs_run(context, data_dict)`


Add command for reindex all harvest sources 2013-01-22 17:43:25 +01:00			`def harvest_sources_reindex(context, data_dict):`
			`'''`
			`Authorization check for reindexing all harvest sources`

			`Only sysadmins can do it`
			`'''`
			`if not user_is_sysadmin(context):`
			`return {'success': False, 'msg': pt._('Only sysadmins can reindex all harvest sources')}`
			`else:`
			`return {'success': True}`
[#91] Consolidate all harvest source reindex code in a single action Make it available to users with permissions on the harvest source 2014-06-27 17:39:02 +02:00
			`def harvest_source_reindex(context, data_dict):`
			`'''`
			`Authorization check for reindexing a harvest source`

			`It forwards to harvest_source_update`
			`'''`
			`return harvest_source_update(context, data_dict)`