diff --git a/ckanext/harvest/controllers/view.py b/ckanext/harvest/controllers/view.py index 913f398..565327f 100644 --- a/ckanext/harvest/controllers/view.py +++ b/ckanext/harvest/controllers/view.py @@ -3,7 +3,6 @@ from lxml import etree from lxml.etree import XMLSyntaxError from pylons.i18n import _ -from ckan.authz import Authorizer from ckan import model from ckan.model.group import Group @@ -33,9 +32,9 @@ class ViewController(BaseController): def _get_publishers(self): groups = None - + user = model.User.get(c.user) if c.publisher_auth: - if Authorizer().is_sysadmin(c.user): + if user.sysadmin: groups = Group.all(group_type='publisher') elif c.userobj: groups = c.userobj.get_groups('publisher') diff --git a/ckanext/harvest/logic/action/get.py b/ckanext/harvest/logic/action/get.py index 4032545..d26d436 100644 --- a/ckanext/harvest/logic/action/get.py +++ b/ckanext/harvest/logic/action/get.py @@ -1,6 +1,5 @@ import logging from sqlalchemy import or_, distinct -from ckan.authz import Authorizer from ckan.model import User import datetime @@ -284,26 +283,27 @@ def _get_sources_for_user(context,data_dict): ) # Sysadmins will get all sources - if not Authorizer().is_sysadmin(user): - # This only applies to a non sysadmin user when using the - # publisher auth profile. When using the default profile, - # normal users will never arrive at this point, but even if they - # do, they will get an empty list. + if user: user_obj = User.get(user) + if not user_obj.sysadmin: + # This only applies to a non sysadmin user when using the + # publisher auth profile. When using the default profile, + # normal users will never arrive at this point, but even if they + # do, they will get an empty list. - publisher_filters = [] - publishers_for_the_user = user_obj.get_groups(u'publisher') - for publisher_id in [g.id for g in publishers_for_the_user]: - publisher_filters.append(HarvestSource.publisher_id==publisher_id) + publisher_filters = [] + publishers_for_the_user = user_obj.get_groups(u'publisher') + for publisher_id in [g.id for g in publishers_for_the_user]: + publisher_filters.append(HarvestSource.publisher_id==publisher_id) - if len(publisher_filters): - query = query.filter(or_(*publisher_filters)) - else: - # This user does not belong to a publisher yet, no sources for him/her - return [] + if len(publisher_filters): + query = query.filter(or_(*publisher_filters)) + else: + # This user does not belong to a publisher yet, no sources for him/her + return [] - log.debug('User %s with publishers %r has Harvest Sources: %r', - user, publishers_for_the_user, [(hs.id, hs.url) for hs in query]) + log.debug('User %s with publishers %r has Harvest Sources: %r', + user, publishers_for_the_user, [(hs.id, hs.url) for hs in query]) sources = query.all() diff --git a/ckanext/harvest/logic/auth/create.py b/ckanext/harvest/logic/auth/create.py index 2173263..eed9742 100644 --- a/ckanext/harvest/logic/auth/create.py +++ b/ckanext/harvest/logic/auth/create.py @@ -1,29 +1,31 @@ from ckan.lib.base import _ -from ckan.authz import Authorizer +from ckan.model import User def harvest_source_create(context,data_dict): model = context['model'] user = context.get('user') - - if not Authorizer().is_sysadmin(user): + user = User.get(user) + if not user.sysadmin: return {'success': False, 'msg': _('User %s not authorized to create harvest sources') % str(user)} else: return {'success': True} + def harvest_job_create(context,data_dict): model = context['model'] user = context.get('user') - - if not Authorizer().is_sysadmin(user): + user = User.get(user) + if not user.sysadmin: return {'success': False, 'msg': _('User %s not authorized to create harvest jobs') % str(user)} else: return {'success': True} + def harvest_job_create_all(context,data_dict): model = context['model'] user = context.get('user') - - if not Authorizer().is_sysadmin(user): + user = User.get(user) + if not user.sysadmin: return {'success': False, 'msg': _('User %s not authorized to create harvest jobs for all sources') % str(user)} else: return {'success': True} diff --git a/ckanext/harvest/logic/auth/delete.py b/ckanext/harvest/logic/auth/delete.py index f527aea..03e7355 100644 --- a/ckanext/harvest/logic/auth/delete.py +++ b/ckanext/harvest/logic/auth/delete.py @@ -1,11 +1,11 @@ from ckan.lib.base import _ -from ckan.authz import Authorizer +from ckan.model import User def harvest_source_delete(context,data_dict): model = context['model'] user = context.get('user') - - if not Authorizer().is_sysadmin(user): + user = User.get(user) + if not user.sysadmin: return {'success': False, 'msg': _('User %s not authorized to delete harvest sources') % str(user)} else: return {'success': True} diff --git a/ckanext/harvest/logic/auth/get.py b/ckanext/harvest/logic/auth/get.py index c138b3e..0e396ac 100644 --- a/ckanext/harvest/logic/auth/get.py +++ b/ckanext/harvest/logic/auth/get.py @@ -1,11 +1,11 @@ from ckan.lib.base import _ -from ckan.authz import Authorizer def harvest_source_show(context,data_dict): model = context['model'] user = context.get('user') - if not Authorizer().is_sysadmin(user): + user_obj = model.User.get(user) + if not user_obj or not user_obj.sysadmin: return {'success': False, 'msg': _('User %s not authorized to read this harvest source') % str(user)} else: return {'success': True} @@ -14,7 +14,8 @@ def harvest_source_list(context,data_dict): model = context['model'] user = context.get('user') - if not Authorizer().is_sysadmin(user): + user_obj = model.User.get(user) + if not user_obj or not user_obj.sysadmin: return {'success': False, 'msg': _('User %s not authorized to see the harvest sources') % str(user)} else: return {'success': True} @@ -24,7 +25,8 @@ def harvest_job_show(context,data_dict): model = context['model'] user = context.get('user') - if not Authorizer().is_sysadmin(user): + user_obj = model.User.get(user) + if not user_obj or not user_obj.sysadmin: return {'success': False, 'msg': _('User %s not authorized to read this harvest job') % str(user)} else: return {'success': True} @@ -33,7 +35,8 @@ def harvest_job_list(context,data_dict): model = context['model'] user = context.get('user') - if not Authorizer().is_sysadmin(user): + user_obj = model.User.get(user) + if not user_obj or not user_obj.sysadmin: return {'success': False, 'msg': _('User %s not authorized to see the harvest jobs') % str(user)} else: return {'success': True} @@ -48,7 +51,8 @@ def harvest_object_list(context,data_dict): model = context['model'] user = context.get('user') - if not Authorizer().is_sysadmin(user): + user_obj = model.User.get(user) + if not user_obj or not user_obj.sysadmin: return {'success': False, 'msg': _('User %s not authorized to see the harvest objects') % str(user)} else: return {'success': True} @@ -57,7 +61,8 @@ def harvesters_info_show(context,data_dict): model = context['model'] user = context.get('user') - if not Authorizer().is_sysadmin(user): + user_obj = model.User.get(user) + if not user_obj or not user_obj.sysadmin: return {'success': False, 'msg': _('User %s not authorized to see the harvesters information') % str(user)} else: return {'success': True} diff --git a/ckanext/harvest/logic/auth/publisher/create.py b/ckanext/harvest/logic/auth/publisher/create.py index eac8bb8..a773a69 100644 --- a/ckanext/harvest/logic/auth/publisher/create.py +++ b/ckanext/harvest/logic/auth/publisher/create.py @@ -1,5 +1,4 @@ from ckan.lib.base import _ -from ckan.authz import Authorizer from ckan.model import User from ckanext.harvest.model import HarvestSource @@ -15,7 +14,7 @@ def harvest_source_create(context,data_dict): # Sysadmins and the rest of logged users can create sources, # as long as they belong to a publisher user_obj = User.get(user) - if not user_obj or not Authorizer().is_sysadmin(user) and len(user_obj.get_groups(u'publisher')) == 0: + if not user_obj or not user_obj.sysadmin and len(user_obj.get_groups(u'publisher')) == 0: return {'success': False, 'msg': _('User %s must belong to a publisher to create harvest sources') % str(user)} else: return {'success': True} @@ -28,11 +27,9 @@ def harvest_job_create(context,data_dict): if not user: return {'success': False, 'msg': _('Non-logged in users are not authorized to create harvest jobs')} - - if Authorizer().is_sysadmin(user): - return {'success': True} - user_obj = User.get(user) + if user_obj.sysadmin: + return {'success': True} source = HarvestSource.get(source_id) if not source: raise NotFound @@ -45,8 +42,8 @@ def harvest_job_create(context,data_dict): def harvest_job_create_all(context,data_dict): model = context['model'] user = context.get('user') - - if not Authorizer().is_sysadmin(user): + user_obj = User.get(user) + if not user_obj.sysadmin: return {'success': False, 'msg': _('Only sysadmins can create harvest jobs for all sources') % str(user)} else: return {'success': True} diff --git a/ckanext/harvest/logic/auth/publisher/delete.py b/ckanext/harvest/logic/auth/publisher/delete.py index ec96ead..3c81d7c 100644 --- a/ckanext/harvest/logic/auth/publisher/delete.py +++ b/ckanext/harvest/logic/auth/publisher/delete.py @@ -1,9 +1,9 @@ from ckan.lib.base import _ -from ckan.authz import Authorizer from ckan.model import User from ckanext.harvest.logic.auth import get_source_object + def harvest_source_delete(context,data_dict): model = context['model'] user = context.get('user','') @@ -13,13 +13,11 @@ def harvest_source_delete(context,data_dict): # Non-logged users cannot delete this source if not user: return {'success': False, 'msg': _('Non-logged in users are not authorized to delete harvest sources')} - - # Sysadmins can delete the source - if Authorizer().is_sysadmin(user): - return {'success': True} - # Check if the source publisher id exists on the user's groups user_obj = User.get(user) + # Sysadmins can delete the source + if user_obj.sysadmin: + return {'success': True} if not user_obj or not source.publisher_id in [g.id for g in user_obj.get_groups(u'publisher')]: return {'success': False, 'msg': _('User %s not authorized to delete harvest source %s') % (str(user),source.id)} else: