harvester-d4science/ckanext/harvest/logic/auth/update.py

from ckan.plugins import toolkit as pt
from ckanext.harvest.logic.auth import user_is_sysadmin


def harvest_source_update(context, data_dict):
    '''
        Authorization check for harvest source update

        It forwards the checks to package_update, which will check for
        organization membership, whether if sysadmin, etc according to the
        instance configuration.
    '''
    model = context.get('model')
    user = context.get('user')
    source_id = data_dict['id']

    pkg = model.Package.get(source_id)
    if not pkg:
        raise pt.ObjectNotFound(pt._('Harvest source not found'))

    context['package'] = pkg

    try:
        pt.check_access('package_update', context, data_dict)
        return {'success': True}
    except pt.NotAuthorized:
        return {'success': False,
                'msg': pt._('User {0} not authorized to update harvest source {1}').format(user, source_id)}

def harvest_source_clear(context, data_dict):
    '''
        Authorization check for clearing a harvest source

        It forwards to harvest_source_update
    '''
    return harvest_source_update(context, data_dict)

def harvest_objects_import(context, data_dict):
    '''
        Authorization check reimporting all harvest objects

        Only sysadmins can do it
    '''
    if not user_is_sysadmin(context):
        return {'success': False, 'msg': pt._('Only sysadmins can reimport all harvest objects')}
    else:
        return {'success': True}


def harvest_jobs_run(context, data_dict):
    '''
        Authorization check for running the pending harvest jobs

        Only sysadmins can do it
    '''
    if not user_is_sysadmin(context):
        return {'success': False, 'msg': pt._('Only sysadmins can run the pending harvest jobs')}
    else:
        return {'success': True}

def harvest_sources_reindex(context, data_dict):
    '''
        Authorization check for reindexing all harvest sources

        Only sysadmins can do it
    '''
    if not user_is_sysadmin(context):
        return {'success': False, 'msg': pt._('Only sysadmins can reindex all harvest sources')}
    else:
        return {'success': True}
[#4] Refactor authorization functions The authorization functions have been refactored to take into account both the new organizaton based authorization on CKAN core and the harvest source datasets. Basically at the source level, authorization checks are forwarded to the relevant package auth function (package_create, package_update, etc.) wich will check for organizations membership, sysadmin, etc. Also we only use functions available on the plugins toolkit whenever possible. 2013-01-09 18:26:48 +01:00			`from ckan.plugins import toolkit as pt`
			`from ckanext.harvest.logic.auth import user_is_sysadmin`
[logic,auth] Add auth logic layer The first version of the auth layer is based on the current policy, i.e. you need to be sysadmin to perform any action. TODO: the CLI is still not working. 2012-03-01 13:02:16 +01:00
[#4] Refactor authorization functions The authorization functions have been refactored to take into account both the new organizaton based authorization on CKAN core and the harvest source datasets. Basically at the source level, authorization checks are forwarded to the relevant package auth function (package_create, package_update, etc.) wich will check for organizations membership, sysadmin, etc. Also we only use functions available on the plugins toolkit whenever possible. 2013-01-09 18:26:48 +01:00
			`def harvest_source_update(context, data_dict):`
			`'''`
			`Authorization check for harvest source update`

			`It forwards the checks to package_update, which will check for`
			`organization membership, whether if sysadmin, etc according to the`
			`instance configuration.`
			`'''`
			`model = context.get('model')`
[logic,auth] Add auth logic layer The first version of the auth layer is based on the current policy, i.e. you need to be sysadmin to perform any action. TODO: the CLI is still not working. 2012-03-01 13:02:16 +01:00			`user = context.get('user')`
[#4] Refactor authorization functions The authorization functions have been refactored to take into account both the new organizaton based authorization on CKAN core and the harvest source datasets. Basically at the source level, authorization checks are forwarded to the relevant package auth function (package_create, package_update, etc.) wich will check for organizations membership, sysadmin, etc. Also we only use functions available on the plugins toolkit whenever possible. 2013-01-09 18:26:48 +01:00			`source_id = data_dict['id']`
[logic,auth] Add auth logic layer The first version of the auth layer is based on the current policy, i.e. you need to be sysadmin to perform any action. TODO: the CLI is still not working. 2012-03-01 13:02:16 +01:00
[#4] Refactor authorization functions The authorization functions have been refactored to take into account both the new organizaton based authorization on CKAN core and the harvest source datasets. Basically at the source level, authorization checks are forwarded to the relevant package auth function (package_create, package_update, etc.) wich will check for organizations membership, sysadmin, etc. Also we only use functions available on the plugins toolkit whenever possible. 2013-01-09 18:26:48 +01:00			`pkg = model.Package.get(source_id)`
			`if not pkg:`
			`raise pt.ObjectNotFound(pt._('Harvest source not found'))`

			`context['package'] = pkg`

			`try:`
			`pt.check_access('package_update', context, data_dict)`
[logic,auth] Add auth logic layer The first version of the auth layer is based on the current policy, i.e. you need to be sysadmin to perform any action. TODO: the CLI is still not working. 2012-03-01 13:02:16 +01:00			`return {'success': True}`
[#4] Fix typo in auth functions 2013-01-16 13:56:58 +01:00			`except pt.NotAuthorized:`
[#4] Refactor authorization functions The authorization functions have been refactored to take into account both the new organizaton based authorization on CKAN core and the harvest source datasets. Basically at the source level, authorization checks are forwarded to the relevant package auth function (package_create, package_update, etc.) wich will check for organizations membership, sysadmin, etc. Also we only use functions available on the plugins toolkit whenever possible. 2013-01-09 18:26:48 +01:00			`return {'success': False,`
			`'msg': pt._('User {0} not authorized to update harvest source {1}').format(user, source_id)}`
[logic,auth] Add auth logic layer The first version of the auth layer is based on the current policy, i.e. you need to be sysadmin to perform any action. TODO: the CLI is still not working. 2012-03-01 13:02:16 +01:00
add harvest source clear 2013-03-25 12:39:00 +01:00			`def harvest_source_clear(context, data_dict):`
[#34] Allow all authorized users for a source to clear it 2013-05-16 18:57:59 +02:00			`'''`
			`Authorization check for clearing a harvest source`

			`It forwards to harvest_source_update`
			`'''`
			`return harvest_source_update(context, data_dict)`
[logic,auth] Add auth logic layer The first version of the auth layer is based on the current policy, i.e. you need to be sysadmin to perform any action. TODO: the CLI is still not working. 2012-03-01 13:02:16 +01:00
[#4] Refactor authorization functions The authorization functions have been refactored to take into account both the new organizaton based authorization on CKAN core and the harvest source datasets. Basically at the source level, authorization checks are forwarded to the relevant package auth function (package_create, package_update, etc.) wich will check for organizations membership, sysadmin, etc. Also we only use functions available on the plugins toolkit whenever possible. 2013-01-09 18:26:48 +01:00			`def harvest_objects_import(context, data_dict):`
			`'''`
			`Authorization check reimporting all harvest objects`

			`Only sysadmins can do it`
			`'''`
			`if not user_is_sysadmin(context):`
			`return {'success': False, 'msg': pt._('Only sysadmins can reimport all harvest objects')}`
[logic,auth] Add auth logic layer The first version of the auth layer is based on the current policy, i.e. you need to be sysadmin to perform any action. TODO: the CLI is still not working. 2012-03-01 13:02:16 +01:00			`else:`
			`return {'success': True}`


[#4] Refactor authorization functions The authorization functions have been refactored to take into account both the new organizaton based authorization on CKAN core and the harvest source datasets. Basically at the source level, authorization checks are forwarded to the relevant package auth function (package_create, package_update, etc.) wich will check for organizations membership, sysadmin, etc. Also we only use functions available on the plugins toolkit whenever possible. 2013-01-09 18:26:48 +01:00			`def harvest_jobs_run(context, data_dict):`
			`'''`
			`Authorization check for running the pending harvest jobs`

			`Only sysadmins can do it`
			`'''`
			`if not user_is_sysadmin(context):`
			`return {'success': False, 'msg': pt._('Only sysadmins can run the pending harvest jobs')}`
[logic,auth] Add auth logic layer The first version of the auth layer is based on the current policy, i.e. you need to be sysadmin to perform any action. TODO: the CLI is still not working. 2012-03-01 13:02:16 +01:00			`else:`
			`return {'success': True}`
Add command for reindex all harvest sources 2013-01-22 17:43:25 +01:00
			`def harvest_sources_reindex(context, data_dict):`
			`'''`
			`Authorization check for reindexing all harvest sources`

			`Only sysadmins can do it`
			`'''`
			`if not user_is_sysadmin(context):`
			`return {'success': False, 'msg': pt._('Only sysadmins can reindex all harvest sources')}`
			`else:`
			`return {'success': True}`