Merge branch '1995-rename-authz' of https://github.com/wardi/ckan int…

…o wardi-1995-rename-authz

ckan/config/environment.py

@@ -20,7 +20,7 @@
 import ckan.lib.render as render
 import ckan.lib.search as search
 import ckan.logic as logic
-import ckan.new_authz as new_authz
+import ckan.authz as authz
 import ckan.lib.jinja_extensions as jinja_extensions
 
 from ckan.common import _, ungettext
@@ -367,7 +367,7 @@ def template_loaded(template):
     # clear other caches
     logic.clear_actions_cache()
     logic.clear_validators_cache()
-    new_authz.clear_auth_functions_cache()
+    authz.clear_auth_functions_cache()
 
     # Here we create the site user if they are not already in the database
     try:

ckan/controllers/admin.py

@@ -5,7 +5,6 @@
 import ckan.lib.app_globals as app_globals
 import ckan.model as model
 import ckan.logic as logic
-import ckan.new_authz
 
 c = base.c
 request = base.request

ckan/controllers/group.py

@@ -15,7 +15,7 @@
 import ckan.logic as logic
 import ckan.lib.search as search
 import ckan.model as model
-import ckan.new_authz as new_authz
+import ckan.authz as authz
 import ckan.lib.plugins
 import ckan.plugins as plugins
 from ckan.common import OrderedDict, c, g, request, _
@@ -215,7 +215,7 @@ def _read(self, id, limit):
 
         # c.group_admins is used by CKAN's legacy (Genshi) templates only,
         # if we drop support for those then we can delete this line.
-        c.group_admins = new_authz.get_group_or_org_admin_ids(c.group.id)
+        c.group_admins = authz.get_group_or_org_admin_ids(c.group.id)
 
         page = self._get_page_number(request.params)
 
@@ -675,7 +675,7 @@ def member_new(self, id):
                 user = request.params.get('user')
                 if user:
                     c.user_dict = get_action('user_show')(context, {'id': user})
-                    c.user_role = new_authz.users_role_for_group_or_org(id, user) or 'member'
+                    c.user_role = authz.users_role_for_group_or_org(id, user) or 'member'
                 else:
                     c.user_role = 'member'
         except NotAuthorized:
@@ -861,7 +861,7 @@ def followers(self, id):
 
     def admins(self, id):
         c.group_dict = self._get_group_dict(id)
-        c.admins = new_authz.get_group_or_org_admin_ids(id)
+        c.admins = authz.get_group_or_org_admin_ids(id)
         return render(self._admins_template(c.group_dict['type']))
 
     def about(self, id):

ckan/controllers/user.py

@@ -6,7 +6,7 @@
 import ckan.lib.base as base
 import ckan.model as model
 import ckan.lib.helpers as h
-import ckan.new_authz as new_authz
+import ckan.authz as authz
 import ckan.logic as logic
 import ckan.logic.schema as schema
 import ckan.lib.captcha as captcha
@@ -63,7 +63,7 @@ def _db_to_edit_form_schema(self):
         into a format suitable for the form (optional)'''
 
     def _setup_template_variables(self, context, data_dict):
-        c.is_sysadmin = new_authz.is_sysadmin(c.user)
+        c.is_sysadmin = authz.is_sysadmin(c.user)
         try:
             user_dict = get_action('user_show')(context, data_dict)
         except NotFound:
@@ -177,7 +177,7 @@ def new(self, data=None, errors=None, error_summary=None):
         error_summary = error_summary or {}
         vars = {'data': data, 'errors': errors, 'error_summary': error_summary}
 
-        c.is_sysadmin = new_authz.is_sysadmin(c.user)
+        c.is_sysadmin = authz.is_sysadmin(c.user)
         c.form = render(self.new_user_form, extra_vars=vars)
         return render('user/new.html')
 
@@ -297,7 +297,7 @@ def edit(self, id=None, data=None, errors=None, error_summary=None):
 
         user_obj = context.get('user_obj')
 
-        if not (new_authz.is_sysadmin(c.user)
+        if not (authz.is_sysadmin(c.user)
                 or c.user == user_obj.name):
             abort(401, _('User %s not authorized to edit %s') %
                   (str(c.user), id))

ckan/lib/create_test_data.py

@@ -529,7 +529,7 @@ def create(cls, auth_profile="", package_type=None):
         model.setup_default_user_roles(david, [russianfan])
         model.setup_default_user_roles(roger, [russianfan])
 
-        # in new_authz you can't give a visitor permissions to a
+        # in authz you can't give a visitor permissions to a
         # group it seems, so this is a bit meaningless
         model.add_user_to_role(visitor, model.Role.ADMIN, roger)
         model.repo.commit_and_remove()

ckan/lib/dictization/model_dictize.py

@@ -19,7 +19,7 @@
 import ckan.plugins as plugins
 import ckan.lib.helpers as h
 import ckan.lib.dictization as d
-import ckan.new_authz as new_authz
+import ckan.authz as authz
 import ckan.lib.search as search
 import ckan.lib.munge as munge
 
@@ -398,7 +398,7 @@ def get_packages_for_this_group(group_, just_the_count=False):
             # Allow members of organizations to see private datasets.
             if group_.is_organization:
                 is_group_member = (context.get('user') and
-                    new_authz.has_user_permission_for_group_or_org(
+                    authz.has_user_permission_for_group_or_org(
                         group_.id, context.get('user'), 'read'))
                 if is_group_member:
                     context['ignore_capacity_check'] = True
@@ -594,7 +594,7 @@ def user_dictize(user, context):
         result_dict['email'] = email
 
     ## this should not really really be needed but tests need it
-    if new_authz.is_sysadmin(requester):
+    if authz.is_sysadmin(requester):
         result_dict['apikey'] = apikey
         result_dict['email'] = email
 

ckan/lib/dictization/model_save.py

@@ -6,7 +6,7 @@
 
 import ckan.lib.dictization as d
 import ckan.lib.helpers as h
-import ckan.new_authz as new_authz
+import ckan.authz as authz
 
 log = logging.getLogger(__name__)
 
@@ -228,7 +228,7 @@ def package_membership_list_save(group_dicts, package, context):
         member_obj = group_member[group]
         if member_obj and member_obj.state == 'deleted':
             continue
-        if new_authz.has_user_permission_for_group_or_org(
+        if authz.has_user_permission_for_group_or_org(
                 member_obj.group_id, user, 'read'):
             member_obj.capacity = capacity
             member_obj.state = 'deleted'
@@ -239,7 +239,7 @@ def package_membership_list_save(group_dicts, package, context):
         member_obj = group_member.get(group)
         if member_obj and member_obj.state == 'active':
             continue
-        if new_authz.has_user_permission_for_group_or_org(
+        if authz.has_user_permission_for_group_or_org(
                 group.id, user, 'read'):
             member_obj = group_member.get(group)
             if member_obj:

ckan/lib/helpers.py

@@ -41,7 +41,7 @@
 import ckan.lib.datapreview as datapreview
 import ckan.logic as logic
 import ckan.lib.uploader as uploader
-import ckan.new_authz as new_authz
+import ckan.authz as authz
 
 from ckan.common import (
     _, ungettext, g, c, request, session, json, OrderedDict
@@ -1984,7 +1984,7 @@ def unified_resource_format(format):
     return format_new
 
 def check_config_permission(permission):
-    return new_authz.check_config_permission(permission)
+    return authz.check_config_permission(permission)
 
 
 def get_organization(org=None, include_datasets=False):

ckan/lib/plugins.py

@@ -6,7 +6,7 @@
 from ckan import logic
 import logic.schema
 from ckan import plugins
-import ckan.new_authz
+import ckan.authz
 import ckan.plugins.toolkit as toolkit
 
 log = logging.getLogger(__name__)
@@ -233,7 +233,7 @@ def setup_template_variables(self, context, data_dict):
         # CS: bad_spelling ignore 2 lines
         c.licences = c.licenses
         maintain.deprecate_context_item('licences', 'Use `c.licenses` instead')
-        c.is_sysadmin = ckan.new_authz.is_sysadmin(c.user)
+        c.is_sysadmin = ckan.authz.is_sysadmin(c.user)
 
         if c.pkg:
             c.related_count = c.pkg.related_count
@@ -435,7 +435,7 @@ def check_data_dict(self, data_dict):
         pass
 
     def setup_template_variables(self, context, data_dict):
-        c.is_sysadmin = ckan.new_authz.is_sysadmin(c.user)
+        c.is_sysadmin = ckan.authz.is_sysadmin(c.user)
 
         ## This is messy as auths take domain object not data_dict
         context_group = context.get('group', None)

ckan/logic/__init__.py

@@ -6,7 +6,7 @@
 import formencode.validators
 
 import ckan.model as model
-import ckan.new_authz as new_authz
+import ckan.authz as authz
 import ckan.lib.navl.dictization_functions as df
 import ckan.plugins as p
 
@@ -287,8 +287,8 @@ def check_access(action, context, data_dict=None):
 
         context = _prepopulate_context(context)
 
-        logic_authorization = new_authz.is_authorized(action, context,
-                                                      data_dict)
+        logic_authorization = authz.is_authorized(action, context,
+                                                  data_dict)
         if not logic_authorization['success']:
             msg = logic_authorization.get('msg', '')
             raise NotAuthorized(msg)
@@ -425,7 +425,7 @@ def wrapped(context=None, data_dict=None, **kw):
                 try:
                     audit = context['__auth_audit'][-1]
                     if audit[0] == action_name and audit[1] == id(_action):
-                        if action_name not in new_authz.auth_functions_list():
+                        if action_name not in authz.auth_functions_list():
                             log.debug('No auth function for %s' % action_name)
                         elif not getattr(_action, 'auth_audit_exempt', False):
                             raise Exception(

ckan/logic/action/get.py

@@ -23,7 +23,7 @@
 import ckan.lib.plugins as lib_plugins
 import ckan.lib.activity_streams as activity_streams
 import ckan.lib.datapreview as datapreview
-import ckan.new_authz as new_authz
+import ckan.authz as authz
 
 from ckan.common import _
 
@@ -178,7 +178,7 @@ def current_package_list_with_resources(context, data_dict):
 
     _check_access('current_package_list_with_resources', context, data_dict)
 
-    is_sysadmin = new_authz.is_sysadmin(user)
+    is_sysadmin = authz.is_sysadmin(user)
     q = '+capacity:public' if not is_sysadmin else '*:*'
     context['ignore_capacity_check'] = True
     search = package_search(context, {'q': q, 'rows': limit, 'start': offset})
@@ -349,7 +349,7 @@ def member_list(context, data_dict=None):
     if capacity:
         q = q.filter(model.Member.capacity == capacity)
 
-    trans = new_authz.roles_trans()
+    trans = authz.roles_trans()
 
     def translated_capacity(capacity):
         try:
@@ -537,11 +537,11 @@ def group_list_authz(context, data_dict):
 
     _check_access('group_list_authz', context, data_dict)
 
-    sysadmin = new_authz.is_sysadmin(user)
-    roles = ckan.new_authz.get_roles_with_permission('manage_group')
+    sysadmin = authz.is_sysadmin(user)
+    roles = authz.get_roles_with_permission('manage_group')
     if not roles:
         return []
-    user_id = new_authz.get_user_id_for_username(user, allow_none=True)
+    user_id = authz.get_user_id_for_username(user, allow_none=True)
     if not user_id:
         return []
 
@@ -614,7 +614,7 @@ def organization_list_for_user(context, data_dict):
     user = context['user']
 
     _check_access('organization_list_for_user', context, data_dict)
-    sysadmin = new_authz.is_sysadmin(user)
+    sysadmin = authz.is_sysadmin(user)
 
     orgs_q = model.Session.query(model.Group) \
         .filter(model.Group.is_organization == True) \
@@ -625,11 +625,11 @@ def organization_list_for_user(context, data_dict):
 
         permission = data_dict.get('permission', 'edit_group')
 
-        roles = ckan.new_authz.get_roles_with_permission(permission)
+        roles = authz.get_roles_with_permission(permission)
 
         if not roles:
             return []
-        user_id = new_authz.get_user_id_for_username(user, allow_none=True)
+        user_id = authz.get_user_id_for_username(user, allow_none=True)
         if not user_id:
             return []
 
@@ -1339,7 +1339,7 @@ def user_show(context, data_dict):
     if requester:
         requester_looking_at_own_account = requester == user_obj.name
         include_private_and_draft_datasets = \
-            new_authz.is_sysadmin(requester) or \
+            authz.is_sysadmin(requester) or \
             requester_looking_at_own_account
     else:
         include_private_and_draft_datasets = False
@@ -3301,7 +3301,7 @@ def member_roles_list(context, data_dict):
 
     '''
     group_type = data_dict.get('group_type', 'organization')
-    roles_list = new_authz.roles_list()
+    roles_list = authz.roles_list()
     if group_type == 'group':
         roles_list = [role for role in roles_list
                       if role['value'] != 'editor']