[#5] Change default auth for showing and listing jobs
Forward auth checks to harvest_source_update instead of harvest_source_show, as job reports should only be visible to users that can manage sources.
This commit is contained in:
amercader
parent
ab78bf21b9
commit
c8e7086567
|
|
@ -1,4 +1,5 @@
|
||||||
from ckan.plugins import toolkit as pt
|
from ckan.plugins import toolkit as pt
|
||||||
|
|
||||||
from ckanext.harvest.logic.auth import get_job_object
|
from ckanext.harvest.logic.auth import get_job_object
|
||||||
|
|
||||||
|
|
||||||
|
|
@ -25,7 +26,8 @@ def harvest_source_show(context, data_dict):
|
||||||
return {'success': True}
|
return {'success': True}
|
||||||
except pt.NotAuthorized:
|
except pt.NotAuthorized:
|
||||||
return {'success': False,
|
return {'success': False,
|
||||||
'msg': pt._('User {0} not authorized to read harvest source {1}').format(user, source_id)}
|
'msg': pt._('User {0} not authorized to read harvest source {1}')
|
||||||
|
.format(user, source_id)}
|
||||||
|
|
||||||
|
|
||||||
def harvest_source_list(context, data_dict):
|
def harvest_source_list(context, data_dict):
|
||||||
|
|
@ -41,23 +43,33 @@ def harvest_job_show(context, data_dict):
|
||||||
'''
|
'''
|
||||||
Authorization check for getting the details of a harvest job
|
Authorization check for getting the details of a harvest job
|
||||||
|
|
||||||
It forwards the checks to harvest_source_show, ie if the user can get
|
It forwards the checks to harvest_source_update, ie if the user can
|
||||||
the details for the parent source, she can get the details for the job
|
update the parent source (eg create new jobs), she can get the details
|
||||||
|
for the job, including the reports
|
||||||
'''
|
'''
|
||||||
|
user = context.get('user')
|
||||||
job = get_job_object(context, data_dict)
|
job = get_job_object(context, data_dict)
|
||||||
|
|
||||||
return harvest_source_show(context, {'id': job.source.id})
|
try:
|
||||||
|
pt.check_access('harvest_source_update',
|
||||||
|
context,
|
||||||
|
{'id': job.source.id})
|
||||||
|
return {'success': True}
|
||||||
|
except pt.NotAuthorized:
|
||||||
|
return {'success': False,
|
||||||
|
'msg': pt._('User {0} not authorized to see jobs from source {1}')
|
||||||
|
.format(user, job.source.id)}
|
||||||
|
|
||||||
|
|
||||||
def harvest_job_list(context, data_dict):
|
def harvest_job_list(context, data_dict):
|
||||||
'''
|
'''
|
||||||
Authorization check for getting a list of jobs for a source
|
Authorization check for getting a list of jobs for a source
|
||||||
|
|
||||||
It forwards the checks to harvest_source_show, ie if the user can get
|
It forwards the checks to harvest_job_show, ie if the user can
|
||||||
the details for the parent source, she can get the list of jobs
|
update the parent source, she can get the list of jobs
|
||||||
'''
|
'''
|
||||||
source_id = data_dict['source_id']
|
source_id = data_dict['source_id']
|
||||||
return harvest_source_show(context, {'id': source_id})
|
return harvest_job_show(context, {'id': source_id})
|
||||||
|
|
||||||
|
|
||||||
def harvest_object_show(context, data_dict):
|
def harvest_object_show(context, data_dict):
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue