Merge branch 'dev-v2.10' into 2.10

changes/7208.migration

@@ -0,0 +1,2 @@
+* The default format for accepted uploads for user, groups and organization images is now limited to PNG, GIF anf JPG. If you need to add additional foramts you can use the :ref:`ckan.upload.user.mimetypes` and :ref:`ckan.upload.group.mimetypes`) (`#7028 <https://github.com/ckan/ckan/pull/7028>`_)
+* Public user registration is disabled by default, ie users can not create new accounts from the UI. With this default value, new users can be created by being invited by an organization admin, being created directly by a sysadmin in the ``/user/register`` endpoint  or being created in the CLI using ``ckan user add``. To allow public registration see :ref:`ckan.auth.create_user_via_web`, but it's strongly encouraged to put some measures in place to avoid spam. (`#7028 <https://github.com/ckan/ckan/pull/7028>`_)

changes/7980.bugfix

@@ -0,0 +1 @@
+use custom group type from the activity object if it's not supplied, eg on user activity streams

changes/7998.bugfix

@@ -0,0 +1 @@
+Removes extra <<<HEAD from resources list template

changes/8023.bugfix

@@ -0,0 +1 @@
+CKAN does not start without ``beaker.session.validate_key`` option introduced in v2.10.3

changes/8025.bugfix

@@ -0,0 +1 @@
+Editing of resources unavailable from package view page.

changes/8034.bugfix

@@ -0,0 +1 @@
+Pass custom package types through to the 'new resource' activity item

changes/8048.bugfix

@@ -0,0 +1 @@
+Fix Last Modified sort parameter for bulk-process page

changes/8088.bugfix

@@ -0,0 +1 @@
+Detect XLSX mimetypes correctly in uploader

ckan/common.py

@@ -261,6 +261,15 @@ def aslist(obj: Any, sep: Optional[str] = None, strip: bool = True) -> Any:
         return [obj]
 
 
+def repr_untrusted(danger: Any):
+    """
+    repr-format danger and truncate e.g. for logging untrusted input
+    """
+    r = repr(danger)
+    rtrunc = r[:200]
+    return rtrunc + '…' if r != rtrunc else r
+
+
 local = Local()
 
 # This a proxy to the bounded config object

ckan/config/config_declaration.yaml

@@ -318,7 +318,7 @@ groups:
           The dbm option is not recommended as it is not thread-safe.
 
       - key: beaker.session.validate_key
-        validators: not_empty
+        validators: configured_default("beaker.session.secret",None) not_empty
         placeholder_callable: secrets:token_urlsafe
         callable_args:
           nbytes: 20
@@ -527,9 +527,13 @@ groups:
 
       - key: ckan.auth.create_user_via_web
         type: bool
-        default: true
+        default: false
         example: "true"
-        description: Allow new user accounts to be created via the Web.
+        description: |
+          Allow new user accounts to be created via the web UI. When ``False`` (default value), user accounts can only be created by:
+            * Being invited by an organization admin,
+            * Being created directly by a sysadmin in the ``/user/register`` endpoint, or
+            * Being created in the CLI using ``ckan user add``
 
       - key: ckan.auth.roles_that_cascade_to_sub_groups
         default:
@@ -1372,21 +1376,25 @@ groups:
     options:
       - key: ckan.upload.user.types
         type: list
+        default: image
         example: image text
         description: File types allowed to upload as user's avatar. No restrictions applied when empty
 
       - key: ckan.upload.user.mimetypes
         type: list
+        default: image/png image/gif image/jpeg
         example: image/png text/svg
         description: File MIMETypes allowed to upload as user's avatar. No restrictions applied when empty
 
       - key: ckan.upload.group.types
         type: list
+        default: image
         example: image text
         description: File types allowed to upload as group image. No restrictions applied when empty
 
       - key: ckan.upload.group.mimetypes
         type: list
+        default: image/png image/gif image/jpeg
         example: image/png text/svg
         description: File MIMETypes allowed to upload as group image. No restrictions applied when empty
 

ckan/i18n/de/LC_MESSAGES/ckan.po

@@ -5,8 +5,8 @@
 # 
 # Translators:
 # Adrià Mercader <amercadero@gmail.com>, 2022
-# Ondics Githubler, 2023
 # Friedrich Zahn, 2023
+# Ondics Githubler, 2023
 # 
 #, fuzzy
 msgid ""
@@ -15,7 +15,7 @@ msgstr ""
 "Report-Msgid-Bugs-To: EMAIL@ADDRESS\n"
 "POT-Creation-Date: 2023-11-30 16:00+0100\n"
 "PO-Revision-Date: 2022-11-16 11:05+0000\n"
-"Last-Translator: Friedrich Zahn, 2023\n"
+"Last-Translator: Ondics Githubler, 2023\n"
 "Language-Team: German (https://app.transifex.com/okfn/teams/11162/de/)\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
@@ -1556,7 +1556,7 @@ msgstr "System-Administrationsberechtigung entfernen"
 
 #: ckan/templates/admin/index.html:40 ckan/templates/admin/index.html:60
 msgid "Promote user to Sysadmin"
-msgstr "Behnutzer zum Systemadministrator machen"
+msgstr "Benutzer zum Systemadministrator machen"
 
 #: ckan/templates/admin/index.html:61
 msgid "Promote"

ckan/i18n/en_GB/LC_MESSAGES/ckan.po

@@ -5,7 +5,7 @@
 # 
 # Translators:
 # Adrià Mercader <amercadero@gmail.com>, 2022
-# Andi Chandler <andi@gowling.com>, 2023
+# Andi Chandler <andi@gowling.com>, 2024
 # 
 #, fuzzy
 msgid ""
@@ -14,7 +14,7 @@ msgstr ""
 "Report-Msgid-Bugs-To: EMAIL@ADDRESS\n"
 "POT-Creation-Date: 2023-11-30 16:00+0100\n"
 "PO-Revision-Date: 2022-11-16 11:05+0000\n"
-"Last-Translator: Andi Chandler <andi@gowling.com>, 2023\n"
+"Last-Translator: Andi Chandler <andi@gowling.com>, 2024\n"
 "Language-Team: English (United Kingdom) (https://app.transifex.com/okfn/teams/11162/en_GB/)\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
@@ -348,19 +348,19 @@ msgstr "Dataset id already exists"
 
 #: ckan/logic/validators.py:234
 msgid "Resource id already exists."
-msgstr ""
+msgstr "Resource id already exists."
 
 #: ckan/logic/validators.py:281
 msgid "Resource"
 msgstr "Resource"
 
 #: ckan/logic/validators.py:288
 msgid "Invalid characters in resource id"
-msgstr ""
+msgstr "Invalid characters in resource id"
 
 #: ckan/logic/validators.py:290
 msgid "Invalid length for resource id"
-msgstr ""
+msgstr "Invalid length for resource id"
 
 #: ckan/logic/validators.py:344
 msgid "That group name or ID does not exist."
@@ -1028,7 +1028,7 @@ msgstr "has sibling %s"
 #: ckan/public/base/javascript/notify.js:55
 #: ckan/templates/package/snippets/resource_view.html:73
 msgid "Close"
-msgstr ""
+msgstr "Close"
 
 #: ckan/public-bs3/base/javascript/modules/api-info.js:96
 #: ckan/public/base/javascript/modules/api-info.js:97
@@ -1324,7 +1324,7 @@ msgstr "Register"
 
 #: ckan/templates/header.html:90
 msgid "Toggle navigation"
-msgstr ""
+msgstr "Toggle navigation"
 
 #: ckan/templates/group/read_base.html:18
 #: ckan/templates/group/snippets/info.html:40 ckan/templates/header.html:102
@@ -1396,7 +1396,7 @@ msgstr "Submit"
 
 #: ckan/templates/page.html:6
 msgid "Skip to main content"
-msgstr ""
+msgstr "Skip to main content"
 
 #: ckan/templates/page.html:36
 msgid "Breadcrumb"
@@ -2166,6 +2166,9 @@ msgid ""
 "bs-toggle=\"popover\" data-bs-content=\"%(markdown_tooltip)s\" data-bs-"
 "html=\"true\">Markdown formatting</a> here"
 msgstr ""
+"You can use <a href=\"#markdown\" title=\"Markdown quick reference\" data-"
+"bs-toggle=\"popover\" data-bs-content=\"%(markdown_tooltip)s\" data-bs-"
+"html=\"true\">Markdown formatting</a> here"
 
 #: ckan/templates/macros/form/required_message.html:11
 msgid "Required field"
@@ -2483,7 +2486,7 @@ msgstr "Download"
 
 #: ckan/templates/package/resource_read.html:52
 msgid "List of downloadable formats"
-msgstr ""
+msgstr "List of downloadable formats"
 
 #: ckan/templates/package/resource_read.html:88
 #: ckan/templates/package/resource_read.html:90
@@ -2706,7 +2709,7 @@ msgstr[1] "{count} collaborators"
 
 #: ckan/templates/package/collaborators/confirm_delete.html:11
 msgid "Are you sure you want to delete collaborator - {name}?"
-msgstr ""
+msgstr "Are you sure you want to delete collaborator - {name}?"
 
 #: ckan/templates/package/snippets/additional_info.html:2
 #: ckan/templates/snippets/additional_info.html:7
@@ -3206,7 +3209,7 @@ msgstr "You haven't created any API Tokens."
 
 #: ckan/templates/user/confirm_delete.html:11
 msgid "Are you sure you want to delete user - {name}?"
-msgstr ""
+msgstr "Are you sure you want to delete user - {name}?"
 
 #: ckan/templates/user/dashboard.html:25
 #: ckan/templates/user/dashboard_datasets.html:11
@@ -4802,7 +4805,7 @@ msgstr "DataStore resource not found"
 
 #: ckanext/datastore/blueprint.py:113
 msgid "Unsupported format"
-msgstr ""
+msgstr "Unsupported format"
 
 #: ckanext/datastore/blueprint.py:194
 msgid ""
@@ -4966,7 +4969,7 @@ msgstr "Data API"
 #: ckanext/datastore/templates-bs3/datastore/api_examples/python.html:9
 #, python-format
 msgid "(using the <a href=\"%(url)s\">ckanapi</a> client library)"
-msgstr ""
+msgstr "(using the <a href=\"%(url)s\">ckanapi</a> client library)"
 
 #: ckanext/datatablesview/plugin.py:89 ckanext/reclineview/plugin.py:177
 msgid "Table"

ckan/i18n/he/LC_MESSAGES/ckan.po

@@ -4,8 +4,8 @@
 # FIRST AUTHOR <EMAIL@ADDRESS>, 2023.
 # 
 # Translators:
-# Adrià Mercader <amercadero@gmail.com>, 2022
 # Yaron Shahrabani <sh.yaron@gmail.com>, 2023
+# Adrià Mercader <amercadero@gmail.com>, 2024
 # 
 #, fuzzy
 msgid ""
@@ -14,14 +14,14 @@ msgstr ""
 "Report-Msgid-Bugs-To: EMAIL@ADDRESS\n"
 "POT-Creation-Date: 2023-11-30 16:00+0100\n"
 "PO-Revision-Date: 2022-11-16 11:05+0000\n"
-"Last-Translator: Yaron Shahrabani <sh.yaron@gmail.com>, 2023\n"
+"Last-Translator: Adrià Mercader <amercadero@gmail.com>, 2024\n"
 "Language-Team: Hebrew (https://app.transifex.com/okfn/teams/11162/he/)\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 "Generated-By: Babel 2.10.3\n"
 "Language: he\n"
-"Plural-Forms: nplurals=4; plural=(n == 1 && n % 1 == 0) ? 0 : (n == 2 && n % 1 == 0) ? 1: (n % 10 == 0 && n % 1 == 0 && n > 10) ? 2 : 3;\n"
+"Plural-Forms: nplurals=3; plural=(n == 1 && n % 1 == 0) ? 0 : (n == 2 && n % 1 == 0) ? 1: 2;\n"
 
 #: ckan/authz.py:244
 #, python-format
@@ -195,15 +195,13 @@ msgid_plural "{number} views"
 msgstr[0] "תצוגה אחת"
 msgstr[1] "{number} תצוגות"
 msgstr[2] "{number} תצוגות"
-msgstr[3] "{number} תצוגות"
 
 #: ckan/lib/helpers.py:1984
 msgid "{number} recent view"
 msgid_plural "{number} recent views"
 msgstr[0] "תצוגה אחרונה"
 msgstr[1] "{number} תצוגות אחרונות"
 msgstr[2] "{number} תצוגות אחרונות"
-msgstr[3] "{number} תצוגות אחרונות"
 
 #: ckan/lib/mailer.py:207
 msgid "No recipient email address available!"
@@ -1057,7 +1055,6 @@ msgid_plural "Input is too short, must be at least %(num)d characters"
 msgstr[0] "הקלט קצר מדי, חייב להיות באורך של תו אחד לפחות"
 msgstr[1] "הקלט קצר מדי, חייב להיות באורך של %(num)d תווים לפחות"
 msgstr[2] "הקלט קצר מדי, חייב להיות באורך של %(num)d תווים לפחות"
-msgstr[3] "הקלט קצר מדי, חייב להיות באורך של %(num)d תווים לפחות"
 
 #: ckan/public-bs3/base/javascript/modules/basic-form.js:4
 #: ckan/public/base/javascript/modules/basic-form.js:4
@@ -1953,7 +1950,6 @@ msgid_plural "{num} Datasets"
 msgstr[0] "סדרת נתונים אחת"
 msgstr[1] "{num} סדרות נתונים"
 msgstr[2] "{num} סדרות נתונים"
-msgstr[3] "{num} סדרות נתונים"
 
 #: ckan/templates/group/snippets/group_item.html:34
 #: ckan/templates/organization/snippets/organization_item.html:33
@@ -2235,7 +2231,6 @@ msgid_plural "{count} members"
 msgstr[0] "חבר {count}"
 msgstr[1] "{count} חברים"
 msgstr[2] "{count} חברים"
-msgstr[3] "{count} חברים"
 
 #: ckan/templates/organization/new.html:3
 msgid "Create an Organization"
@@ -2664,7 +2659,6 @@ msgid_plural "{count} collaborators"
 msgstr[0] "משתתף אחד"
 msgstr[1] "{count} משתתפים"
 msgstr[2] "{count} משתתפים"
-msgstr[3] "{count} משתתפים"
 
 #: ckan/templates/package/collaborators/confirm_delete.html:11
 msgid "Are you sure you want to delete collaborator - {name}?"
@@ -3079,7 +3073,6 @@ msgid_plural "{number} datasets found for \"{query}\""
 msgstr[0] "סדרת נתונים אחת נמצאה בחיפוש אחר „{query}”"
 msgstr[1] "{number} סדרות נתונים נמצאו בחיפוש אחר „{query}”"
 msgstr[2] "{number} סדרות נתונים נמצאו בחיפוש אחר „{query}”"
-msgstr[3] "{number} סדרות נתונים נמצאו בחיפוש אחר „{query}”"
 
 #: ckan/templates/snippets/search_result_text.html:16
 msgid "No datasets found for \"{query}\""
@@ -3091,7 +3084,6 @@ msgid_plural "{number} datasets found"
 msgstr[0] "נמצאה סדרת נתונים אחת"
 msgstr[1] "נמצאו {number} סדרות נתונים"
 msgstr[2] "נמצאו {number} סדרות נתונים"
-msgstr[3] "נמצאו {number} סדרות נתונים"
 
 #: ckan/templates/snippets/search_result_text.html:18
 msgid "No datasets found"
@@ -3103,7 +3095,6 @@ msgid_plural "{number} groups found for \"{query}\""
 msgstr[0] "קבוצה אחת נמצאה בחיפוש אחר „{query}”"
 msgstr[1] "{number} קבוצות נמצאו בחיפוש אחר „{query}”"
 msgstr[2] "{number} קבוצות נמצאו בחיפוש אחר „{query}”"
-msgstr[3] "{number} קבוצות נמצאו בחיפוש אחר „{query}”"
 
 #: ckan/templates/snippets/search_result_text.html:22
 msgid "No groups found for \"{query}\""
@@ -3115,7 +3106,6 @@ msgid_plural "{number} groups found"
 msgstr[0] "נמצאה קבוצה אחת"
 msgstr[1] "נמצאו {number} קבוצות"
 msgstr[2] "נמצאו {number} קבוצות"
-msgstr[3] "נמצאו {number} קבוצות"
 
 #: ckan/templates/snippets/search_result_text.html:24
 msgid "No groups found"
@@ -3127,7 +3117,6 @@ msgid_plural "{number} organizations found for \"{query}\""
 msgstr[0] "ארגון אחד נמצא בחיפוש אחר „{query}”"
 msgstr[1] "{number} ארגונים נמצאו בחיפוש אחר „{query}”"
 msgstr[2] "{number} ארגונים נמצאו בחיפוש אחר „{query}”"
-msgstr[3] "{number} ארגונים נמצאו בחיפוש אחר „{query}”"
 
 #: ckan/templates/snippets/search_result_text.html:28
 msgid "No organizations found for \"{query}\""
@@ -3139,7 +3128,6 @@ msgid_plural "{number} organizations found"
 msgstr[0] "ארגון אחד נמצא"
 msgstr[1] "{number} ארגונים נמצאו"
 msgstr[2] "{number} ארגונים נמצאו"
-msgstr[3] "{number} ארגונים נמצאו"
 
 #: ckan/templates/snippets/search_result_text.html:30
 msgid "No organizations found"
@@ -4002,7 +3990,6 @@ msgid_plural "{n} new activities from {site_title}"
 msgstr[0] "פעילות חדשה מהאתר {site_title}"
 msgstr[1] "{n} פעילויות חדשות מהאתר {site_title}"
 msgstr[2] "{n} פעילויות חדשות מהאתר {site_title}"
-msgstr[3] "{n} פעילויות חדשות מהאתר {site_title}"
 
 #: ckanext/activity/views.py:133 ckanext/activity/views.py:244
 #: ckanext/activity/views.py:268 ckanext/activity/views.py:391
@@ -4057,7 +4044,6 @@ msgid_plural "Dashboard (%(num)d new items)"
 msgstr[0] "לוח מחוונים (פריט %(num)d חדש)"
 msgstr[1] "לוח מחוונים (%(num)d פריטים חדשים)"
 msgstr[2] "לוח מחוונים (%(num)d פריטים חדשים)"
-msgstr[3] "לוח מחוונים (%(num)d פריטים חדשים)"
 
 #: ckanext/activity/templates/group/activity_stream.html:3
 #: ckanext/activity/templates/group/read_base.html:5

ckan/lib/uploader.py

@@ -211,7 +211,8 @@ def verify_type(self):
         if not mimetypes and not types:
             return
 
-        actual = magic.from_buffer(self.upload_file.read(1024), mime=True)
+        # 2KB required for detecting xlsx mimetype
+        actual = magic.from_buffer(self.upload_file.read(2048), mime=True)
         self.upload_file.seek(0, os.SEEK_SET)
         err: ErrorDict = {
             self.file_field: [f"Unsupported upload type: {actual}"]

ckan/logic/action/create.py

@@ -1102,7 +1102,9 @@ def user_invite(context: Context,
 
     data['state'] = model.State.PENDING
     user_dict = _get_action('user_create')(
-        cast(Context, dict(context, schema=invite_schema)),
+        cast(
+            Context,
+            dict(context, schema=invite_schema, ignore_auth=True)),
         data)
     user = model.User.get(user_dict['id'])
     assert user