[#2939] Sysadmins see all groups available

ckan · Oct 10, 2012 · 6f10ad4 · 6f10ad4
1 parent 78ef5d8
commit 6f10ad4
Showing 1 changed file with 14 additions and 10 deletions.
diff --git a/ckan/logic/action/get.py b/ckan/logic/action/get.py
@@ -401,29 +401,33 @@ def group_list_authz(context, data_dict):
 
     _check_access('group_list_authz',context, data_dict)
 
+    sysadmin = new_authz.is_sysadmin(user)
     roles = ckan.new_authz.get_roles_with_permission('edit_group')
     if not roles:
         return []
     user_id = new_authz.get_user_id_for_username(user, allow_none=True)
     if not user_id:
         return []
 
-    q = model.Session.query(model.Member) \
-        .filter(model.Member.table_name == 'user') \
-        .filter(model.Member.capacity.in_(roles)) \
-        .filter(model.Member.table_id == user_id)
-    group_ids = []
-    for row in q.all():
-        group_ids.append(row.group_id)
+    if not sysadmin:
+        q = model.Session.query(model.Member) \
+            .filter(model.Member.table_name == 'user') \
+            .filter(model.Member.capacity.in_(roles)) \
+            .filter(model.Member.table_id == user_id)
+        group_ids = []
+        for row in q.all():
+            group_ids.append(row.group_id)
 
-    if not group_ids:
-        return []
+        if not group_ids:
+            return []
 
     q = model.Session.query(model.Group) \
-        .filter(model.Group.id.in_(group_ids)) \
         .filter(model.Group.is_organization == False) \
         .filter(model.Group.state == 'active')
 
+    if not sysadmin:
+        q = q.filter(model.Group.id.in_(group_ids))
+
     groups = q.all()
 
     if available_only: