Merge pull request #7871 from ckan/7869_fix_checking_anonymous_user_f…

…rom_context_in_actions Fix checking anonymous user from context in actions
ckan · Oct 30, 2023 · 2c8a888 · 2c8a888
2 parents 4b80665 + 4589b64
commit 2c8a888
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 3 deletions.
diff --git a/changes/7871.bugfix b/changes/7871.bugfix
@@ -0,0 +1 @@
+Fixed restricting anonymous users in actions to check user in context.
diff --git a/ckan/logic/auth/__init__.py b/ckan/logic/auth/__init__.py
@@ -8,8 +8,8 @@
 from typing_extensions import Literal
 
 import ckan.logic as logic
+import ckan.authz as authz
 from ckan.types import Context, AuthResult, DataDict
-from ckan.common import current_user
 
 if TYPE_CHECKING:
     import ckan.model as model_
@@ -86,7 +86,7 @@ def get_user_object(
 
 
 def restrict_anon(context: Context) -> AuthResult:
-    if current_user.is_anonymous:
+    if authz.auth_is_anon_user(context):
         return {'success': False}
     else:
         return {'success': True}
diff --git a/ckan/tests/logic/auth/test_get.py b/ckan/tests/logic/auth/test_get.py
@@ -38,14 +38,23 @@ def test_user_list_email_parameter():
 class TestGetAuth(object):
     @pytest.mark.ckan_config(u"ckan.auth.public_user_details", False)
     @mock.patch("flask_login.utils._get_user")
-    def test_auth_user_show(self, current_user):
+    def test_restrict_anon_auth_when_user_is_anonymouus(self, current_user):
         fred = factories.User()
         fred["capacity"] = "editor"
         current_user.return_value = mock.Mock(is_anonymous=True)
         context = {"user": None, "model": model}
         with pytest.raises(logic.NotAuthorized):
             helpers.call_auth("user_show", context=context, id=fred["id"])
 
+    @pytest.mark.ckan_config(u"ckan.auth.public_user_details", False)
+    @mock.patch("flask_login.utils._get_user")
+    def test_restrict_anon_auth_when_user_is_in_context(self, current_user):
+        fred = factories.User()
+        fred["capacity"] = "editor"
+        current_user.return_value = mock.Mock(is_anonymous=True)
+        context = {"user": fred['id'], "model": model}
+        assert helpers.call_auth("user_show", context=context, id=fred["id"])
+
     def test_authed_user_show(self):
         fred = factories.User()
         fred["capacity"] = "editor"