harvester-d4science/ckanext/harvest/logic/auth/delete.py

from ckan.plugins import toolkit as pt


def harvest_source_update(context, data_dict):
    '''
        Authorization check for harvest source deletion

        It forwards the checks to package_delete, which will check for
        organization membership, whether if sysadmin, etc according to the
        instance configuration.
    '''
    model = context.get('model')
    user = context.get('user')
    source_id = data_dict['id']

    pkg = model.Package.get(source_id)
    if not pkg:
        raise pt.ObjectNotFound(pt._('Harvest source not found'))

    context['package'] = pkg

    try:
        pt.check_access('package_delete', context, data_dict)
        return {'success': True}
    except pt.NotAuthorized:
        return {'success': False,
                'msg': pt._('User {0} not authorized to delete harvest source {1}').format(user, source_id)}
[#4] Refactor authorization functions The authorization functions have been refactored to take into account both the new organizaton based authorization on CKAN core and the harvest source datasets. Basically at the source level, authorization checks are forwarded to the relevant package auth function (package_create, package_update, etc.) wich will check for organizations membership, sysadmin, etc. Also we only use functions available on the plugins toolkit whenever possible. 2013-01-09 18:26:48 +01:00			`from ckan.plugins import toolkit as pt`
[logic,auth] Add auth logic layer The first version of the auth layer is based on the current policy, i.e. you need to be sysadmin to perform any action. TODO: the CLI is still not working. 2012-03-01 13:02:16 +01:00
[#4] Refactor authorization functions The authorization functions have been refactored to take into account both the new organizaton based authorization on CKAN core and the harvest source datasets. Basically at the source level, authorization checks are forwarded to the relevant package auth function (package_create, package_update, etc.) wich will check for organizations membership, sysadmin, etc. Also we only use functions available on the plugins toolkit whenever possible. 2013-01-09 18:26:48 +01:00
			`def harvest_source_update(context, data_dict):`
			`'''`
			`Authorization check for harvest source deletion`

			`It forwards the checks to package_delete, which will check for`
			`organization membership, whether if sysadmin, etc according to the`
			`instance configuration.`
			`'''`
			`model = context.get('model')`
[logic,auth] Add auth logic layer The first version of the auth layer is based on the current policy, i.e. you need to be sysadmin to perform any action. TODO: the CLI is still not working. 2012-03-01 13:02:16 +01:00			`user = context.get('user')`
[#4] Refactor authorization functions The authorization functions have been refactored to take into account both the new organizaton based authorization on CKAN core and the harvest source datasets. Basically at the source level, authorization checks are forwarded to the relevant package auth function (package_create, package_update, etc.) wich will check for organizations membership, sysadmin, etc. Also we only use functions available on the plugins toolkit whenever possible. 2013-01-09 18:26:48 +01:00			`source_id = data_dict['id']`
[logic,auth] Add auth logic layer The first version of the auth layer is based on the current policy, i.e. you need to be sysadmin to perform any action. TODO: the CLI is still not working. 2012-03-01 13:02:16 +01:00
[#4] Refactor authorization functions The authorization functions have been refactored to take into account both the new organizaton based authorization on CKAN core and the harvest source datasets. Basically at the source level, authorization checks are forwarded to the relevant package auth function (package_create, package_update, etc.) wich will check for organizations membership, sysadmin, etc. Also we only use functions available on the plugins toolkit whenever possible. 2013-01-09 18:26:48 +01:00			`pkg = model.Package.get(source_id)`
			`if not pkg:`
			`raise pt.ObjectNotFound(pt._('Harvest source not found'))`
[logic,auth] Add auth logic layer The first version of the auth layer is based on the current policy, i.e. you need to be sysadmin to perform any action. TODO: the CLI is still not working. 2012-03-01 13:02:16 +01:00
[#4] Refactor authorization functions The authorization functions have been refactored to take into account both the new organizaton based authorization on CKAN core and the harvest source datasets. Basically at the source level, authorization checks are forwarded to the relevant package auth function (package_create, package_update, etc.) wich will check for organizations membership, sysadmin, etc. Also we only use functions available on the plugins toolkit whenever possible. 2013-01-09 18:26:48 +01:00			`context['package'] = pkg`

			`try:`
			`pt.check_access('package_delete', context, data_dict)`
			`return {'success': True}`
[#4] Fix typo in auth functions 2013-01-16 13:56:58 +01:00			`except pt.NotAuthorized:`
[#4] Refactor authorization functions The authorization functions have been refactored to take into account both the new organizaton based authorization on CKAN core and the harvest source datasets. Basically at the source level, authorization checks are forwarded to the relevant package auth function (package_create, package_update, etc.) wich will check for organizations membership, sysadmin, etc. Also we only use functions available on the plugins toolkit whenever possible. 2013-01-09 18:26:48 +01:00			`return {'success': False,`
			`'msg': pt._('User {0} not authorized to delete harvest source {1}').format(user, source_id)}`