Merge branch 'feature-1688-authz-api'

ckan · Feb 2, 2012 · 11a4302 · 11a4302
2 parents c3b0902 + 6a6ffc4
commit 11a4302
Show file tree

Hide file tree

Showing 6 changed files with 33 additions and 9 deletions.
diff --git a/ckan/controllers/api.py b/ckan/controllers/api.py
@@ -14,7 +14,7 @@
 from ckan.lib.navl.dictization_functions import DataError
 from ckan.lib.munge import munge_name, munge_title_to_name, munge_tag
 from ckan.logic import get_action, check_access
-from ckan.logic import NotFound, NotAuthorized, ValidationError
+from ckan.logic import NotFound, NotAuthorized, ValidationError, ParameterError
 from ckan.lib.jsonp import jsonpify
 from ckan.forms.common import package_exists, group_exists
 
@@ -173,6 +173,8 @@ def action(self, logic_function):
         except NotFound:
             return_dict['error'] = {'__type': 'Not Found Error',
                                     'message': _('Not found')}
+            if e.extra_msg:
+                return_dict['error']['message'] += ': %s' % e.extra_msg
             return_dict['success'] = False
             return self._finish(404, return_dict, content_type='json')
         except ValidationError, e:
@@ -182,6 +184,13 @@ def action(self, logic_function):
             return_dict['success'] = False
             log.error('Validation error: %r' % str(e.error_dict))
             return self._finish(409, return_dict, content_type='json')
+        except ParameterError, e:
+            return_dict['error'] = {'__type': 'Parameter Error',
+                                    'message': '%s: %s' % \
+                                    (_('Parameter Error'), e.extra_msg)}
+            return_dict['success'] = False
+            log.error('Parameter error: %r' % e.extra_msg)
+            return self._finish(409, return_dict, content_type='json')            
         except SearchQueryError, e:
             return_dict['error'] = {'__type': 'Search Query Error',
                                     'message': 'Search Query is invalid: %r' % e.args }

diff --git a/ckan/controllers/package.py b/ckan/controllers/package.py
@@ -108,7 +108,6 @@ def _lookup_plugin(package_type):
     If the package type is None or cannot be found in the mapping, then the
     fallback behaviour is used.
     """
-    #from pdb import set_trace; set_trace()    
     if package_type is None:
         return _default_controller_behaviour
     return _controller_behaviour_for.get(package_type,

diff --git a/ckan/logic/__init__.py b/ckan/logic/__init__.py
@@ -29,7 +29,10 @@ class NotFound(ActionError):
 class NotAuthorized(ActionError):
     pass
 
-class ValidationError(ActionError):
+class ParameterError(ActionError):
+    pass
+
+class ValidationError(ParameterError):
     def __init__(self, error_dict, error_summary=None, extra_msg=None):
         self.error_dict = error_dict
         self.error_summary = error_summary

diff --git a/ckan/logic/action/get.py b/ckan/logic/action/get.py
@@ -7,7 +7,7 @@
 
 import ckan
 from ckan.lib.base import _
-from ckan.logic import NotFound
+from ckan.logic import NotFound, ParameterError
 from ckan.logic import check_access
 from ckan.model import misc
 from ckan.plugins import (PluginImplementations,
@@ -116,7 +116,7 @@ def group_list(context, data_dict):
     ref_group_by = 'id' if api == '2' else 'name';
     order_by = data_dict.get('order_by', 'name')
     if order_by not in set(('name', 'packages')):
-        raise ValidationError('"order_by" value %r not implemented.' % order_by)
+        raise ParameterError('"order_by" value %r not implemented.' % order_by)
     all_fields = data_dict.get('all_fields',None)
 
     check_access('group_list',context, data_dict)

diff --git a/ckan/logic/action/update.py b/ckan/logic/action/update.py
@@ -3,7 +3,7 @@
 import datetime
 
 from ckan.plugins import PluginImplementations, IGroupController, IPackageController
-from ckan.logic import NotFound, ValidationError
+from ckan.logic import NotFound, ValidationError, ParameterError
 from ckan.logic import check_access
 
 from ckan.lib.base import _
@@ -517,10 +517,10 @@ def user_role_update(context, data_dict):
     new_user_ref = data_dict.get('user') # the user who is being given the new role
     new_authgroup_ref = data_dict.get('authorization_group') # the authgroup who is being given the new role
     if bool(new_user_ref) == bool(new_authgroup_ref):
-        raise ValidationError('You must provide either "user" or "authorization_group" parameter.')
+        raise ParameterError('You must provide either "user" or "authorization_group" parameter.')
     domain_object_ref = data_dict['domain_object']
     if not isinstance(data_dict['roles'], (list, tuple)):
-        raise ValidationError('Parameter "%s" must be of type: "%s"' % ('role', 'list'))
+        raise ParameterError('Parameter "%s" must be of type: "%s"' % ('role', 'list'))
     desired_roles = set(data_dict['roles'])
 
     if new_user_ref:
@@ -548,7 +548,7 @@ def user_role_update(context, data_dict):
         check_access('authorization_group_edit_permissions', context, data_dict)
     # Todo: 'system' object
     else:
-        raise ValidationError('Not possible to update roles for domain object type %s' % type(domain_object))
+        raise ParameterError('Not possible to update roles for domain object type %s' % type(domain_object))
 
     # current_uors: in order to avoid either creating a role twice or
     # deleting one which is non-existent, we need to get the users\'

diff --git a/doc/apiv3.rst b/doc/apiv3.rst
@@ -79,6 +79,7 @@ tag_autocomplete                       q, limit
 format_autocomplete                    q, limit
 user_autocomplete                      q, limit
 package_search                         q, fields, facet_by, limit, offset
+roles_show                             domain_object, (user), (authorization_group)
 ====================================== ===========================
 
 new.py: 
@@ -111,6 +112,8 @@ group_update                           (group keys)
 user_update                            (user keys), reset_key
 package_update_rest                    (package keys)
 group_update_rest                      (group keys)
+user_role_update                       user OR authorization_group, domain_object, roles
+user_role_bulk_update                  user_roles, domain_object
 ====================================== ===========================
 
 delete.py:
@@ -196,6 +199,16 @@ state                    "active"                               (Read-only) Add/
 revision_timestamp       "2009-08-08T12:46:40.920443"           (Read-only)
 ======================== ====================================== =============
 
+user_roles:
+
+======================== ====================================== =============
+key                      example value                          notes
+======================== ====================================== =============
+user                     "5ba3985d-447d-4919-867e-2ffe22281c40" Provide exactly one out of "user" and "authorization_group" parameters.
+authorization_group      "16f8f7ba-1a97-4d27-95ce-5e8827a0d75f"
+roles                    ['editor', 'admin']                    
+======================== ====================================== =============
+
 Parameters
 ==========