add ckan.auth.create_user option (default true) which when set to fal…

…se prevents all new user registrations (via site and API), which is useful in a locked-down publisher mode
ckan · Feb 5, 2013 · 6d15f09 · 6d15f09
1 parent 4fe7b50
commit 6d15f09
Show file tree

Hide file tree

Showing 3 changed files with 4 additions and 1 deletion.
diff --git a/ckan/logic/auth/create.py b/ckan/logic/auth/create.py
@@ -99,7 +99,8 @@ def user_create(context, data_dict=None):
     user = context['user']
 
     if ('api_version' in context
-            and not new_authz.check_config_permission('create_user_via_api')):
+            and not new_authz.check_config_permission('create_user_via_api')) \
+            or not new_authz.check_config_permission('create_user'):
         return {'success': False, 'msg': _('User %s not authorized to create users') % user}
     else:
         return {'success': True}

diff --git a/ckan/new_authz.py b/ckan/new_authz.py
@@ -243,6 +243,7 @@ def _get_auth_function(action, profile=None):
     'user_delete_groups': True,
     'user_delete_organizations': True,
     'create_user_via_api': False,
+    'create_user': True,
 }
 
 CONFIG_PERMISSIONS = {}

diff --git a/doc/organizations_and_groups.rst b/doc/organizations_and_groups.rst
@@ -230,6 +230,7 @@ The following config options have been created.
 ckan.auth.user_create_organizations
 ckan.auth.user_create_groups
 
+ckan.auth.create_user
 ckan.auth.create_user_via_api
 ckan.auth.create_dataset_if_not_in_organization