From 1988837c58a54a13871236a81f6ceb7e0a779180 Mon Sep 17 00:00:00 2001 From: amercader Date: Wed, 28 Aug 2013 11:53:09 +0100 Subject: [PATCH] [#1210] Add user object to context in controllers The base controller already checked whether there was a user object in the db for the user name provided. If we added it to the context we save the same check on check_access. --- ckan/controllers/admin.py | 7 +++-- ckan/controllers/api.py | 26 +++++++++-------- ckan/controllers/feed.py | 4 +-- ckan/controllers/home.py | 6 ++-- ckan/controllers/package.py | 55 ++++++++++++++++++++---------------- ckan/controllers/related.py | 10 +++++-- ckan/controllers/revision.py | 3 +- ckan/controllers/tag.py | 9 ++++-- ckan/controllers/user.py | 49 ++++++++++++++++++++------------ 9 files changed, 102 insertions(+), 67 deletions(-) diff --git a/ckan/controllers/admin.py b/ckan/controllers/admin.py index cb5e84b069b..f95beff895d 100644 --- a/ckan/controllers/admin.py +++ b/ckan/controllers/admin.py @@ -4,6 +4,7 @@ import ckan.lib.helpers as h import ckan.lib.app_globals as app_globals import ckan.model as model +import ckan.logic as logic import ckan.new_authz c = base.c @@ -19,8 +20,10 @@ class AdminController(base.BaseController): def __before__(self, action, **params): super(AdminController, self).__before__(action, **params) context = {'model': model, - 'user': c.user} - if not ckan.new_authz.is_authorized('sysadmin', context, {})['success']: + 'user': c.user, 'auth_user_obj': c.userobj} + try: + logic.check_access('sysadmin', context, {}) + except logic.NotAuthorized: base.abort(401, _('Need to be system administrator to administer')) c.revision_change_state_allowed = True diff --git a/ckan/controllers/api.py b/ckan/controllers/api.py index 22ea7d4f5c3..8f63e2779ca 100644 --- a/ckan/controllers/api.py +++ b/ckan/controllers/api.py @@ -52,7 +52,8 @@ def __call__(self, environ, start_response): self._identify_user() try: - context = {'model': model, 'user': c.user or c.author} + context = {'model': model, 'user': c.user or c.author, + 'auth_user_obj': c.userobj} logic.check_access('site_read', context) except NotAuthorized: response_msg = self._finish(403, @@ -161,7 +162,7 @@ def action(self, logic_function, ver=None): _('Action name not known: %s') % logic_function) context = {'model': model, 'session': model.Session, 'user': c.user, - 'api_version': ver} + 'api_version': ver, 'auth_user_obj': c.userobj} model.Session()._context = context return_dict = {'help': function.__doc__} try: @@ -248,7 +249,8 @@ def _get_action_from_map(self, action_map, register, subregister): def list(self, ver=None, register=None, subregister=None, id=None): context = {'model': model, 'session': model.Session, - 'user': c.user, 'api_version': ver} + 'user': c.user, 'api_version': ver, + 'auth_user_obj': c.userobj} log.debug('listing: %s' % context) action_map = { 'revision': 'revision_list', @@ -292,7 +294,7 @@ def show(self, ver=None, register=None, subregister=None, action_map[('dataset', type)] = 'package_relationships_list' context = {'model': model, 'session': model.Session, 'user': c.user, - 'api_version': ver} + 'api_version': ver, 'auth_user_obj': c.userobj} data_dict = {'id': id, 'id2': id2, 'rel': subregister} log.debug('show: %s' % context) @@ -327,7 +329,7 @@ def create(self, ver=None, register=None, subregister=None, action_map[('dataset', type)] = 'package_relationship_create_rest' context = {'model': model, 'session': model.Session, 'user': c.user, - 'api_version': ver} + 'api_version': ver, 'auth_user_obj': c.userobj} log.debug('create: %s' % (context)) try: request_data = self._get_request_data() @@ -390,7 +392,7 @@ def update(self, ver=None, register=None, subregister=None, action_map[('dataset', type)] = 'package_relationship_update_rest' context = {'model': model, 'session': model.Session, 'user': c.user, - 'api_version': ver, 'id': id} + 'api_version': ver, 'id': id, 'auth_user_obj': c.userobj} log.debug('update: %s' % (context)) try: request_data = self._get_request_data() @@ -442,7 +444,7 @@ def delete(self, ver=None, register=None, subregister=None, action_map[('dataset', type)] = 'package_relationship_delete_rest' context = {'model': model, 'session': model.Session, 'user': c.user, - 'api_version': ver} + 'api_version': ver, 'auth_user_obj': c.userobj} data_dict = {'id': id, 'id2': id2, 'rel': subregister} @@ -597,7 +599,7 @@ def tag_counts(self, ver=None): c.q = request.params.get('q', '') context = {'model': model, 'session': model.Session, - 'user': c.user or c.author} + 'user': c.user or c.author, 'auth_user_obj': c.userobj} tag_names = get_action('tag_list')(context, {}) results = [] @@ -632,7 +634,7 @@ def user_autocomplete(self): user_list = [] if q: context = {'model': model, 'session': model.Session, - 'user': c.user or c.author} + 'user': c.user or c.author, 'auth_user_obj': c.userobj} data_dict = {'q': q, 'limit': limit} @@ -696,7 +698,7 @@ def dataset_autocomplete(self): package_dicts = [] if q: context = {'model': model, 'session': model.Session, - 'user': c.user or c.author} + 'user': c.user or c.author, 'auth_user_obj': c.userobj} data_dict = {'q': q, 'limit': limit} @@ -712,7 +714,7 @@ def tag_autocomplete(self): tag_names = [] if q: context = {'model': model, 'session': model.Session, - 'user': c.user or c.author} + 'user': c.user or c.author, 'auth_user_obj': c.userobj} data_dict = {'q': q, 'limit': limit} @@ -731,7 +733,7 @@ def format_autocomplete(self): formats = [] if q: context = {'model': model, 'session': model.Session, - 'user': c.user or c.author} + 'user': c.user or c.author, 'auth_user_obj': c.userobj} data_dict = {'q': q, 'limit': limit} formats = get_action('format_autocomplete')(context, data_dict) diff --git a/ckan/controllers/feed.py b/ckan/controllers/feed.py index d45ac119ae7..42626ef3585 100644 --- a/ckan/controllers/feed.py +++ b/ckan/controllers/feed.py @@ -47,7 +47,7 @@ def _package_search(data_dict): * unless overridden, sets a default item limit """ context = {'model': model, 'session': model.Session, - 'user': c.user or c.author} + 'user': c.user or c.author, 'auth_user_obj': c.userobj} if 'sort' not in data_dict or not data_dict['sort']: data_dict['sort'] = 'metadata_modified desc' @@ -170,7 +170,7 @@ def _alternate_url(self, params, **kwargs): def group(self, id): try: context = {'model': model, 'session': model.Session, - 'user': c.user or c.author} + 'user': c.user or c.author, 'auth_user_obj': c.userobj} group_dict = logic.get_action('group_show')(context, {'id': id}) except logic.NotFound: base.abort(404, _('Group not found')) diff --git a/ckan/controllers/home.py b/ckan/controllers/home.py index 10aa88c4732..da3d4b3901b 100644 --- a/ckan/controllers/home.py +++ b/ckan/controllers/home.py @@ -22,7 +22,8 @@ class HomeController(base.BaseController): def __before__(self, action, **env): try: base.BaseController.__before__(self, action, **env) - context = {'model': model, 'user': c.user or c.author} + context = {'model': model, 'user': c.user or c.author, + 'auth_user_obj': c.userobj} logic.check_access('site_read', context) except logic.NotAuthorized: base.abort(401, _('Not authorized to see this page')) @@ -43,7 +44,7 @@ def index(self): try: # package search context = {'model': model, 'session': model.Session, - 'user': c.user or c.author} + 'user': c.user or c.author, 'auth_user_obj': c.userobj} data_dict = { 'q': '*:*', 'facet.field': g.facets, @@ -129,6 +130,7 @@ def db_to_form_schema(group_type=None): context = {'model': model, 'session': model.Session, 'ignore_auth': True, 'user': c.user or c.author, + 'auth_user_obj': c.userobj, 'schema': db_to_form_schema(group_type=group_type), 'limits': {'packages': 2}, 'for_view': True} diff --git a/ckan/controllers/package.py b/ckan/controllers/package.py index 872c6dd75db..d1852cd95b7 100644 --- a/ckan/controllers/package.py +++ b/ckan/controllers/package.py @@ -114,7 +114,8 @@ def search(self): package_type = self._guess_package_type() try: - context = {'model': model, 'user': c.user or c.author} + context = {'model': model, 'user': c.user or c.author, + 'auth_user_obj': c.userobj} check_access('site_read', context) except NotAuthorized: abort(401, _('Not authorized to see this page')) @@ -200,7 +201,8 @@ def pager_url(q=None, page=None): search_extras[param] = value context = {'model': model, 'session': model.Session, - 'user': c.user or c.author, 'for_view': True} + 'user': c.user or c.author, 'for_view': True, + 'auth_user_obj': c.userobj} if package_type and package_type != 'dataset': # Only show datasets of this particular type @@ -316,7 +318,8 @@ def read(self, id, format='html'): package_type = self._get_package_type(id.split('@')[0]) context = {'model': model, 'session': model.Session, - 'user': c.user or c.author, 'for_view': True} + 'user': c.user or c.author, 'for_view': True, + 'auth_user_obj': c.userobj} data_dict = {'id': id} # interpret @ or @ suffix @@ -384,7 +387,7 @@ def history(self, id): h.redirect_to(controller='revision', action='diff', **params) context = {'model': model, 'session': model.Session, - 'user': c.user or c.author} + 'user': c.user or c.author, 'auth_user_obj': c.userobj} data_dict = {'id': id} try: c.pkg_dict = get_action('package_show')(context, data_dict) @@ -450,7 +453,7 @@ def new(self, data=None, errors=None, error_summary=None): package_type = self._guess_package_type(True) context = {'model': model, 'session': model.Session, - 'user': c.user or c.author, + 'user': c.user or c.author, 'auth_user_obj': c.userobj, 'save': 'save' in request.params} # Package needs to have a organization group in the call to @@ -514,7 +517,7 @@ def resource_edit(self, id, resource_id, data=None, errors=None, context = {'model': model, 'session': model.Session, 'api_version': 3, - 'user': c.user or c.author} + 'user': c.user or c.author, 'auth_user_obj': c.userobj} data['package_id'] = id try: @@ -535,7 +538,7 @@ def resource_edit(self, id, resource_id, data=None, errors=None, context = {'model': model, 'session': model.Session, 'api_version': 3, - 'user': c.user or c.author,} + 'user': c.user or c.author, 'auth_user_obj': c.userobj} pkg_dict = get_action('package_show')(context, {'id': id}) if pkg_dict['state'].startswith('draft'): # dataset has not yet been fully created @@ -579,7 +582,7 @@ def new_resource(self, id, data=None, errors=None, error_summary=None): del data['id'] context = {'model': model, 'session': model.Session, - 'user': c.user or c.author} + 'user': c.user or c.author, 'auth_user_obj': c.userobj} # see if we have any data that we are trying to save data_provided = False @@ -656,7 +659,7 @@ def new_resource(self, id, data=None, errors=None, error_summary=None): vars['pkg_name'] = id # get resources for sidebar context = {'model': model, 'session': model.Session, - 'user': c.user or c.author} + 'user': c.user or c.author, 'auth_user_obj': c.userobj} try: pkg_dict = get_action('package_show')(context, {'id': id}) except NotFound: @@ -673,7 +676,7 @@ def new_metadata(self, id, data=None, errors=None, error_summary=None): ''' FIXME: This is a temporary action to allow styling of the forms. ''' context = {'model': model, 'session': model.Session, - 'user': c.user or c.author} + 'user': c.user or c.author, 'auth_user_obj': c.userobj} if request.method == 'POST' and not data: save_action = request.params.get('save') @@ -729,7 +732,7 @@ def new_metadata(self, id, data=None, errors=None, error_summary=None): def edit(self, id, data=None, errors=None, error_summary=None): package_type = self._get_package_type(id) context = {'model': model, 'session': model.Session, - 'user': c.user or c.author, + 'user': c.user or c.author, 'auth_user_obj': c.userobj, 'save': 'save' in request.params, 'moderated': config.get('moderated'), 'pending': True} @@ -797,7 +800,7 @@ def edit(self, id, data=None, errors=None, error_summary=None): def read_ajax(self, id, revision=None): package_type = self._get_package_type(id) context = {'model': model, 'session': model.Session, - 'user': c.user or c.author, + 'user': c.user or c.author, 'auth_user_obj': c.userobj, 'revision_id': revision} try: data = get_action('package_show')(context, {'id': id}) @@ -814,7 +817,7 @@ def read_ajax(self, id, revision=None): def history_ajax(self, id): context = {'model': model, 'session': model.Session, - 'user': c.user or c.author} + 'user': c.user or c.author, 'auth_user_obj': c.userobj} data_dict = {'id': id} try: pkg_revisions = get_action('package_revision_list')( @@ -1020,7 +1023,7 @@ def delete(self, id): h.redirect_to(controller='package', action='edit', id=id) context = {'model': model, 'session': model.Session, - 'user': c.user or c.author} + 'user': c.user or c.author, 'auth_user_obj': c.userobj} try: check_access('package_delete', context, {'id': id}) @@ -1045,7 +1048,7 @@ def resource_delete(self, id, resource_id): h.redirect_to(controller='package', action='resource_edit', resource_id=resource_id, id=id) context = {'model': model, 'session': model.Session, - 'user': c.user or c.author} + 'user': c.user or c.author, 'auth_user_obj': c.userobj} try: check_access('package_delete', context, {'id': id}) @@ -1072,7 +1075,7 @@ def autocomplete(self): return '' context = {'model': model, 'session': model.Session, - 'user': c.user or c.author} + 'user': c.user or c.author, 'auth_user_obj': c.userobj} data_dict = {'q': q} packages = get_action('package_autocomplete')(context, data_dict) @@ -1128,7 +1131,7 @@ def _update_authz(self, fs): def resource_read(self, id, resource_id): context = {'model': model, 'session': model.Session, - 'user': c.user or c.author} + 'user': c.user or c.author, 'auth_user_obj': c.userobj} try: c.resource = get_action('resource_show')(context, @@ -1170,7 +1173,7 @@ def resource_download(self, id, resource_id): against this resource. """ context = {'model': model, 'session': model.Session, - 'user': c.user or c.author} + 'user': c.user or c.author, 'auth_user_obj': c.userobj} try: rsc = get_action('resource_show')(context, {'id': resource_id}) @@ -1188,7 +1191,7 @@ def follow(self, id): '''Start following this dataset.''' context = {'model': model, 'session': model.Session, - 'user': c.user or c.author} + 'user': c.user or c.author, 'auth_user_obj': c.userobj} data_dict = {'id': id} try: get_action('follow_dataset')(context, data_dict) @@ -1207,7 +1210,7 @@ def unfollow(self, id): '''Stop following this dataset.''' context = {'model': model, 'session': model.Session, - 'user': c.user or c.author} + 'user': c.user or c.author, 'auth_user_obj': c.userobj} data_dict = {'id': id} try: get_action('unfollow_dataset')(context, data_dict) @@ -1225,7 +1228,9 @@ def unfollow(self, id): def followers(self, id=None): context = {'model': model, 'session': model.Session, - 'user': c.user or c.author, 'for_view': True} + 'user': c.user or c.author, 'for_view': True, + 'auth_user_obj': c.userobj} + data_dict = {'id': id} try: c.pkg_dict = get_action('package_show')(context, data_dict) @@ -1245,7 +1250,8 @@ def activity(self, id): '''Render this package's public activity stream page.''' context = {'model': model, 'session': model.Session, - 'user': c.user or c.author, 'for_view': True} + 'user': c.user or c.author, 'for_view': True, + 'auth_user_obj': c.userobj} data_dict = {'id': id} try: c.pkg_dict = get_action('package_show')(context, data_dict) @@ -1269,7 +1275,7 @@ def resource_embedded_dataviewer(self, id, resource_id, querystring (as well as accepting them via routes). """ context = {'model': model, 'session': model.Session, - 'user': c.user or c.author} + 'user': c.user or c.author, 'auth_user_obj': c.userobj} try: c.resource = get_action('resource_show')(context, @@ -1346,7 +1352,8 @@ def resource_datapreview(self, id, resource_id): context = { 'model': model, 'session': model.Session, - 'user': c.user or c.author + 'user': c.user or c.author, + 'auth_user_obj': c.userobj } try: diff --git a/ckan/controllers/related.py b/ckan/controllers/related.py index 690f82faee2..8b9e88cfc1d 100644 --- a/ckan/controllers/related.py +++ b/ckan/controllers/related.py @@ -24,7 +24,8 @@ def edit(self, id, related_id): def dashboard(self): """ List all related items regardless of dataset """ context = {'model': model, 'session': model.Session, - 'user': c.user or c.author, 'for_view': True} + 'user': c.user or c.author, 'auth_user_obj': c.userobj, + 'for_view': True} data_dict = { 'type_filter': base.request.params.get('type', ''), 'sort': base.request.params.get('sort', ''), @@ -77,6 +78,7 @@ def pager_url(q=None, page=None): def read(self, id): context = {'model': model, 'session': model.Session, 'user': c.user or c.author, + 'auth_user_obj': c.userobj, 'for_view': True} data_dict = {'id': id} @@ -101,6 +103,7 @@ def list(self, id): """ List all related items for a specific dataset """ context = {'model': model, 'session': model.Session, 'user': c.user or c.author, + 'auth_user_obj': c.userobj, 'for_view': True} data_dict = {'id': id} @@ -128,7 +131,8 @@ def _edit_or_new(self, id, related_id, is_edit): and try and do as much up front as possible. """ context = {'model': model, 'session': model.Session, - 'user': c.user or c.author, 'for_view': True} + 'user': c.user or c.author, 'auth_user_obj': c.userobj, + 'for_view': True} data_dict = {} if is_edit: @@ -204,7 +208,7 @@ def delete(self, id, related_id): id=id, related_id=related_id) context = {'model': model, 'session': model.Session, - 'user': c.user or c.author} + 'user': c.user or c.author, 'auth_user_obj': c.userobj} try: if base.request.method == 'POST': diff --git a/ckan/controllers/revision.py b/ckan/controllers/revision.py index bbfb2c4b610..a5856835698 100644 --- a/ckan/controllers/revision.py +++ b/ckan/controllers/revision.py @@ -15,7 +15,8 @@ class RevisionController(base.BaseController): def __before__(self, action, **env): base.BaseController.__before__(self, action, **env) - context = {'model': model, 'user': c.user or c.author} + context = {'model': model, 'user': c.user or c.author, + 'auth_user_obj': c.userobj} if c.user: try: logic.check_access('revision_change_state', context) diff --git a/ckan/controllers/tag.py b/ckan/controllers/tag.py index 631a8523f98..d0a6172c8af 100644 --- a/ckan/controllers/tag.py +++ b/ckan/controllers/tag.py @@ -16,7 +16,8 @@ class TagController(base.BaseController): def __before__(self, action, **env): base.BaseController.__before__(self, action, **env) try: - context = {'model': model, 'user': c.user or c.author} + context = {'model': model, 'user': c.user or c.author, + 'auth_user_obj': c.userobj} logic.check_access('site_read', context) except logic.NotAuthorized: base.abort(401, _('Not authorized to see this page')) @@ -25,7 +26,8 @@ def index(self): c.q = request.params.get('q', '') context = {'model': model, 'session': model.Session, - 'user': c.user or c.author, 'for_view': True} + 'user': c.user or c.author, 'auth_user_obj': c.userobj, + 'for_view': True} data_dict = {'all_fields': True} @@ -58,7 +60,8 @@ def index(self): def read(self, id): context = {'model': model, 'session': model.Session, - 'user': c.user or c.author, 'for_view': True} + 'user': c.user or c.author, 'auth_user_obj': c.userobj, + 'for_view': True} data_dict = {'id': id} try: diff --git a/ckan/controllers/user.py b/ckan/controllers/user.py index ab162ef0659..e1bd29b2b26 100644 --- a/ckan/controllers/user.py +++ b/ckan/controllers/user.py @@ -38,7 +38,8 @@ class UserController(base.BaseController): def __before__(self, action, **env): base.BaseController.__before__(self, action, **env) try: - context = {'model': model, 'user': c.user or c.author} + context = {'model': model, 'user': c.user or c.author, + 'auth_user_obj': c.userobj} check_access('site_read', context) except NotAuthorized: if c.action not in ('login', 'request_reset', 'perform_reset',): @@ -89,7 +90,8 @@ def index(self): c.q = request.params.get('q', '') c.order_by = request.params.get('order_by', 'name') - context = {'return_query': True} + context = {'return_query': True, 'user': c.user or c.author, + 'auth_user_obj': c.userobj} data_dict = {'q': c.q, 'order_by': c.order_by} @@ -111,7 +113,8 @@ def index(self): def read(self, id=None): context = {'model': model, 'session': model.Session, - 'user': c.user or c.author, 'for_view': True} + 'user': c.user or c.author, 'auth_user_obj': c.userobj, + 'for_view': True} data_dict = {'id': id, 'user_obj': c.userobj} try: @@ -140,7 +143,8 @@ def me(self, locale=None): id=user_ref) def register(self, data=None, errors=None, error_summary=None): - context = {'model': model, 'session': model.Session, 'user': c.user} + context = {'model': model, 'session': model.Session, 'user': c.user, + 'auth_user_obj': c.userobj} try: check_access('user_create', context) except NotAuthorized: @@ -154,6 +158,7 @@ def new(self, data=None, errors=None, error_summary=None): ''' context = {'model': model, 'session': model.Session, 'user': c.user or c.author, + 'auth_user_obj': c.userobj, 'schema': self._new_form_to_db_schema(), 'save': 'save' in request.params} @@ -219,7 +224,7 @@ def edit(self, id=None, data=None, errors=None, error_summary=None): context = {'save': 'save' in request.params, 'schema': self._edit_form_to_db_schema(), 'model': model, 'session': model.Session, - 'user': c.user, + 'user': c.user, 'auth_user_obj': c.userobj } if id is None: if c.userobj: @@ -376,7 +381,8 @@ def logged_out_page(self): return render('user/logout.html') def request_reset(self): - context = {'model': model, 'session': model.Session, 'user': c.user} + context = {'model': model, 'session': model.Session, 'user': c.user, + 'auth_user_obj': c.userobj} data_dict = {'id': request.params.get('user')} try: check_access('request_reset', context) @@ -386,9 +392,6 @@ def request_reset(self): if request.method == 'POST': id = request.params.get('user') - context = {'model': model, - 'user': c.user} - data_dict = {'id': id} user_obj = None try: @@ -433,6 +436,7 @@ def perform_reset(self, id): # reuse of the url context = {'model': model, 'session': model.Session, 'user': c.user, + 'auth_user_obj': c.userobj, 'keep_sensitive_data': True} data_dict = {'id': id} @@ -496,7 +500,8 @@ def _get_form_password(self): raise ValueError(_('You must provide a password')) def followers(self, id=None): - context = {'for_view': True} + context = {'for_view': True, 'user': c.user or c.author, + 'auth_user_obj': c.userobj} data_dict = {'id': id, 'user_obj': c.userobj} self._setup_template_variables(context, data_dict) f = get_action('user_follower_list') @@ -510,7 +515,8 @@ def activity(self, id, offset=0): '''Render this user's public activity stream page.''' context = {'model': model, 'session': model.Session, - 'user': c.user or c.author, 'for_view': True} + 'user': c.user or c.author, 'auth_user_obj': c.userobj, + 'for_view': True} data_dict = {'id': id, 'user_obj': c.userobj} try: check_access('user_show', context, data_dict) @@ -538,7 +544,8 @@ def display_name(followee): if (filter_type and filter_id): context = { 'model': model, 'session': model.Session, - 'user': c.user or c.author, 'for_view': True + 'user': c.user or c.author, 'auth_user_obj': c.userobj, + 'for_view': True } data_dict = {'id': filter_id} followee = None @@ -580,7 +587,8 @@ def display_name(followee): def dashboard(self, id=None, offset=0): context = {'model': model, 'session': model.Session, - 'user': c.user or c.author, 'for_view': True} + 'user': c.user or c.author, 'auth_user_obj': c.userobj, + 'for_view': True} data_dict = {'id': id, 'user_obj': c.userobj, 'offset': offset} self._setup_template_variables(context, data_dict) @@ -603,19 +611,22 @@ def dashboard(self, id=None, offset=0): return render('user/dashboard.html') def dashboard_datasets(self): - context = {'for_view': True} + context = {'for_view': True, 'user': c.user or c.author, + 'auth_user_obj': c.userobj} data_dict = {'user_obj': c.userobj} self._setup_template_variables(context, data_dict) return render('user/dashboard_datasets.html') def dashboard_organizations(self): - context = {'for_view': True} + context = {'for_view': True, 'user': c.user or c.author, + 'auth_user_obj': c.userobj} data_dict = {'user_obj': c.userobj} self._setup_template_variables(context, data_dict) return render('user/dashboard_organizations.html') def dashboard_groups(self): - context = {'for_view': True} + context = {'for_view': True, 'user': c.user or c.author, + 'auth_user_obj': c.userobj} data_dict = {'user_obj': c.userobj} self._setup_template_variables(context, data_dict) return render('user/dashboard_groups.html') @@ -624,7 +635,8 @@ def follow(self, id): '''Start following this user.''' context = {'model': model, 'session': model.Session, - 'user': c.user or c.author} + 'user': c.user or c.author, + 'auth_user_obj': c.userobj} data_dict = {'id': id} try: get_action('follow_user')(context, data_dict) @@ -643,7 +655,8 @@ def unfollow(self, id): '''Stop following this user.''' context = {'model': model, 'session': model.Session, - 'user': c.user or c.author} + 'user': c.user or c.author, + 'auth_user_obj': c.userobj} data_dict = {'id': id} try: get_action('unfollow_user')(context, data_dict)