Allow the author of a resource (revision) to call task_status_update …

…and not just sysadm
ckan · Jan 9, 2012 · 69792aa · 69792aa
1 parent a4013bc
commit 69792aa
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 2 deletions.
diff --git a/ckan/controllers/storage.py b/ckan/controllers/storage.py
@@ -169,7 +169,7 @@ def upload_handle(self):
             abort(400, "No file stream.")
         del params['file']
         params['filename-original'] = stream.filename
-        params['_owner'] = c.userobj.name if c.userobj else ""
+        #params['_owner'] = c.userobj.name if c.userobj else ""
         params['uploaded-by'] = c.userobj.name if c.userobj else ""
 
         self.ofs.put_stream(bucket_id, label, stream.file, params)

diff --git a/ckan/logic/auth/update.py b/ckan/logic/auth/update.py
@@ -1,5 +1,5 @@
 from ckan.logic import check_access_old, NotFound
-from ckan.logic.auth import get_package_object, get_group_object, get_authorization_group_object, \
+from ckan.logic.auth import get_package_object, get_resource_object,  get_group_object, get_authorization_group_object, \
     get_user_object, get_resource_object
 from ckan.logic.auth.create import check_group_auth, package_relationship_create
 from ckan.authz import Authorizer
@@ -153,6 +153,15 @@ def task_status_update(context, data_dict):
     if 'ignore_auth' in context and context['ignore_auth']:
         return {'success': True}
 
+    try:
+        resource = get_resource_object(context, data_dict)
+    except:
+        id = data_dict.get('entity_id',None)
+        resource = model.Resource.get(id)
+
+    if resource.revision.author == user:
+        return {'success': True}
+
     authorized =  Authorizer().is_sysadmin(unicode(user))
     if not authorized:
         return {'success': False, 'msg': _('User %s not authorized to update task_status table') % str(user)}