From 064630037ab97820eb8be7089ad7d5b353b01b20 Mon Sep 17 00:00:00 2001 From: tobes Date: Wed, 3 Oct 2012 10:05:47 +0100 Subject: [PATCH] [#2939] Auth changes delete group/org --- ckan/logic/auth/delete.py | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) diff --git a/ckan/logic/auth/delete.py b/ckan/logic/auth/delete.py index a7674b738ee..af31efd9f21 100644 --- a/ckan/logic/auth/delete.py +++ b/ckan/logic/auth/delete.py @@ -1,4 +1,5 @@ import ckan.logic as logic +import ckan.new_authz as new_authz from ckan.logic.auth import get_package_object, get_group_object, get_related_object from ckan.logic.auth import get_resource_object from ckan.logic.auth.create import package_relationship_create @@ -81,16 +82,26 @@ def package_relationship_delete(context, data_dict): return {'success': True} def group_delete(context, data_dict): - model = context['model'] - user = context['user'] group = get_group_object(context, data_dict) - - authorized = logic.check_access_old(group, model.Action.PURGE, context) + user = context['user'] + user_id = new_authz.get_user_id_for_username(user) + authorized = new_authz.has_user_permission_for_group_or_org( + group.id, user_id, 'delete') if not authorized: return {'success': False, 'msg': _('User %s not authorized to delete group %s') % (str(user),group.id)} else: return {'success': True} +def organization_delete(context, data_dict): + group = get_group_object(context, data_dict) + user = context['user'] + user_id = new_authz.get_user_id_for_username(user) + authorized = new_authz.has_user_permission_for_group_or_org( + group.id, user_id, 'delete') + if not authorized: + return {'success': False, 'msg': _('User %s not authorized to delete organization %s') % (str(user),group.id)} + else: + return {'success': True} def revision_undelete(context, data_dict): return {'success': False, 'msg': 'Not implemented yet in the auth refactor'}