harvester-d4science/ckanext/harvest/logic/auth/create.py

from ckan.plugins import toolkit as pt
from ckanext.harvest.logic.auth import user_is_sysadmin


def harvest_source_create(context, data_dict):
    '''
        Authorization check for harvest source creation

        It forwards the checks to package_create, which will check for
        organization membership, whether if sysadmin, etc according to the
        instance configuration.
    '''
    user = context.get('user')
    try:
        pt.check_access('package_create', context, data_dict)
        return {'success': True}
    except pt.Not_Authorized:
        return {'success': False,
                'msg': pt._('User {0} not authorized to create harvest sources').format(user)}


def harvest_job_create(context, data_dict):
    '''
        Authorization check for harvest job creation

        It forwards the checks to package_update, ie the user can only create
        new jobs if she is allowed to edit the harvest source dataset.
    '''
    model = context['model']
    source_id = data_dict['source_id']

    pkg = model.Package.get(source_id)
    if not pkg:
        raise pt.ObjectNotFound(pt._('Harvest source not found'))

    context['package'] = pkg

    try:
        pt.check_access('package_update', context, data_dict)
        return {'success': True}
    except pt.Not_Authorized:
        return {'success': False,
                'msg': pt._('User not authorized to create a job for source {0}').format(source_id)}


def harvest_job_create_all(context, data_dict):
    '''
        Authorization check for creating new jobs for all sources

        Only sysadmins can do it
    '''
    if not user_is_sysadmin(context):
        return {'success': False, 'msg': pt._('Only sysadmins can create harvest jobs for all sources')}
    else:
        return {'success': True}
[#4] Refactor authorization functions The authorization functions have been refactored to take into account both the new organizaton based authorization on CKAN core and the harvest source datasets. Basically at the source level, authorization checks are forwarded to the relevant package auth function (package_create, package_update, etc.) wich will check for organizations membership, sysadmin, etc. Also we only use functions available on the plugins toolkit whenever possible. 2013-01-09 18:26:48 +01:00			`from ckan.plugins import toolkit as pt`
			`from ckanext.harvest.logic.auth import user_is_sysadmin`
[logic,auth] Add auth logic layer The first version of the auth layer is based on the current policy, i.e. you need to be sysadmin to perform any action. TODO: the CLI is still not working. 2012-03-01 13:02:16 +01:00
[#4] Refactor authorization functions The authorization functions have been refactored to take into account both the new organizaton based authorization on CKAN core and the harvest source datasets. Basically at the source level, authorization checks are forwarded to the relevant package auth function (package_create, package_update, etc.) wich will check for organizations membership, sysadmin, etc. Also we only use functions available on the plugins toolkit whenever possible. 2013-01-09 18:26:48 +01:00
			`def harvest_source_create(context, data_dict):`
			`'''`
			`Authorization check for harvest source creation`

			`It forwards the checks to package_create, which will check for`
			`organization membership, whether if sysadmin, etc according to the`
			`instance configuration.`
			`'''`
[logic,auth] Add auth logic layer The first version of the auth layer is based on the current policy, i.e. you need to be sysadmin to perform any action. TODO: the CLI is still not working. 2012-03-01 13:02:16 +01:00			`user = context.get('user')`
[#4] Refactor authorization functions The authorization functions have been refactored to take into account both the new organizaton based authorization on CKAN core and the harvest source datasets. Basically at the source level, authorization checks are forwarded to the relevant package auth function (package_create, package_update, etc.) wich will check for organizations membership, sysadmin, etc. Also we only use functions available on the plugins toolkit whenever possible. 2013-01-09 18:26:48 +01:00			`try:`
			`pt.check_access('package_create', context, data_dict)`
[logic,auth] Add auth logic layer The first version of the auth layer is based on the current policy, i.e. you need to be sysadmin to perform any action. TODO: the CLI is still not working. 2012-03-01 13:02:16 +01:00			`return {'success': True}`
[#4] Refactor authorization functions The authorization functions have been refactored to take into account both the new organizaton based authorization on CKAN core and the harvest source datasets. Basically at the source level, authorization checks are forwarded to the relevant package auth function (package_create, package_update, etc.) wich will check for organizations membership, sysadmin, etc. Also we only use functions available on the plugins toolkit whenever possible. 2013-01-09 18:26:48 +01:00			`except pt.Not_Authorized:`
			`return {'success': False,`
			`'msg': pt._('User {0} not authorized to create harvest sources').format(user)}`
[logic,auth] Add auth logic layer The first version of the auth layer is based on the current policy, i.e. you need to be sysadmin to perform any action. TODO: the CLI is still not working. 2012-03-01 13:02:16 +01:00
[#4] Fixes on the auth layer against the new core auth Thanks @locusf for the original patch 2012-12-20 17:09:26 +01:00
[#4] Refactor authorization functions The authorization functions have been refactored to take into account both the new organizaton based authorization on CKAN core and the harvest source datasets. Basically at the source level, authorization checks are forwarded to the relevant package auth function (package_create, package_update, etc.) wich will check for organizations membership, sysadmin, etc. Also we only use functions available on the plugins toolkit whenever possible. 2013-01-09 18:26:48 +01:00			`def harvest_job_create(context, data_dict):`
			`'''`
			`Authorization check for harvest job creation`

			`It forwards the checks to package_update, ie the user can only create`
			`new jobs if she is allowed to edit the harvest source dataset.`
			`'''`
[logic,auth] Add auth logic layer The first version of the auth layer is based on the current policy, i.e. you need to be sysadmin to perform any action. TODO: the CLI is still not working. 2012-03-01 13:02:16 +01:00			`model = context['model']`
[#4] Refactor authorization functions The authorization functions have been refactored to take into account both the new organizaton based authorization on CKAN core and the harvest source datasets. Basically at the source level, authorization checks are forwarded to the relevant package auth function (package_create, package_update, etc.) wich will check for organizations membership, sysadmin, etc. Also we only use functions available on the plugins toolkit whenever possible. 2013-01-09 18:26:48 +01:00			`source_id = data_dict['source_id']`

			`pkg = model.Package.get(source_id)`
			`if not pkg:`
			`raise pt.ObjectNotFound(pt._('Harvest source not found'))`

			`context['package'] = pkg`

			`try:`
			`pt.check_access('package_update', context, data_dict)`
[logic,auth] Add auth logic layer The first version of the auth layer is based on the current policy, i.e. you need to be sysadmin to perform any action. TODO: the CLI is still not working. 2012-03-01 13:02:16 +01:00			`return {'success': True}`
[#4] Refactor authorization functions The authorization functions have been refactored to take into account both the new organizaton based authorization on CKAN core and the harvest source datasets. Basically at the source level, authorization checks are forwarded to the relevant package auth function (package_create, package_update, etc.) wich will check for organizations membership, sysadmin, etc. Also we only use functions available on the plugins toolkit whenever possible. 2013-01-09 18:26:48 +01:00			`except pt.Not_Authorized:`
			`return {'success': False,`
			`'msg': pt._('User not authorized to create a job for source {0}').format(source_id)}`
[logic,auth] Add auth logic layer The first version of the auth layer is based on the current policy, i.e. you need to be sysadmin to perform any action. TODO: the CLI is still not working. 2012-03-01 13:02:16 +01:00
[#4] Fixes on the auth layer against the new core auth Thanks @locusf for the original patch 2012-12-20 17:09:26 +01:00
[#4] Refactor authorization functions The authorization functions have been refactored to take into account both the new organizaton based authorization on CKAN core and the harvest source datasets. Basically at the source level, authorization checks are forwarded to the relevant package auth function (package_create, package_update, etc.) wich will check for organizations membership, sysadmin, etc. Also we only use functions available on the plugins toolkit whenever possible. 2013-01-09 18:26:48 +01:00			`def harvest_job_create_all(context, data_dict):`
			`'''`
			`Authorization check for creating new jobs for all sources`

			`Only sysadmins can do it`
			`'''`
			`if not user_is_sysadmin(context):`
			`return {'success': False, 'msg': pt._('Only sysadmins can create harvest jobs for all sources')}`
[logic,auth] Add auth logic layer The first version of the auth layer is based on the current policy, i.e. you need to be sysadmin to perform any action. TODO: the CLI is still not working. 2012-03-01 13:02:16 +01:00			`else:`
			`return {'success': True}`