diff --git a/bin/travis-install-dependencies b/bin/travis-install-dependencies index 8b9b1430d8f..77514786c2e 100755 --- a/bin/travis-install-dependencies +++ b/bin/travis-install-dependencies @@ -29,6 +29,7 @@ sudo -E -u postgres ./bin/postgres_init/1_create_ckan_db.sh sudo -E -u postgres ./bin/postgres_init/2_create_ckan_datastore_db.sh export PIP_USE_MIRRORS=true +pip install -r requirement-setuptools.txt --allow-all-external pip install -r requirements.txt --allow-all-external pip install -r dev-requirements.txt --allow-all-external diff --git a/circle.yml b/circle.yml index d9fff638dea..e560a8057a0 100644 --- a/circle.yml +++ b/circle.yml @@ -23,6 +23,7 @@ dependencies: && chmod +x ~/.local/bin/circleci-matrix" override: + - pip install -r requirement-setuptools.txt - pip install -r requirements.txt - pip install -r dev-requirements.txt - python setup.py develop diff --git a/ckan/controllers/group.py b/ckan/controllers/group.py index e711fea8561..40b7ef2b5b3 100644 --- a/ckan/controllers/group.py +++ b/ckan/controllers/group.py @@ -382,13 +382,16 @@ def bulk_process(self, id): data_dict = {'id': id, 'type': group_type} try: + self._check_access('bulk_update_public', context, {'org_id': id}) # Do not query for the group datasets when dictizing, as they will # be ignored and get requested on the controller anyway data_dict['include_datasets'] = False c.group_dict = self._action('group_show')(context, data_dict) c.group = context['group'] - except (NotFound, NotAuthorized): + except NotFound: abort(404, _('Group not found')) + except NotAuthorized: + abort(403, _('User %r not authorized to edit %s') % (c.user, id)) if not c.group_dict['is_organization']: # FIXME: better error @@ -634,14 +637,21 @@ def members(self, id): 'user': c.user} try: + data_dict = {'id': id} + check_access('group_edit_permissions', context, data_dict) c.members = self._action('member_list')( context, {'id': id, 'object_type': 'user'} ) - data_dict = {'id': id} data_dict['include_datasets'] = False c.group_dict = self._action('group_show')(context, data_dict) - except (NotFound, NotAuthorized): + except NotFound: abort(404, _('Group not found')) + except NotAuthorized: + abort( + 403, + _('User %r not authorized to edit members of %s') % ( + c.user, id)) + return self._render_template('group/members.html', group_type) def member_new(self, id): diff --git a/ckan/lib/navl/dictization_functions.py b/ckan/lib/navl/dictization_functions.py index ff4bae72cd5..c0ffcf65246 100644 --- a/ckan/lib/navl/dictization_functions.py +++ b/ckan/lib/navl/dictization_functions.py @@ -47,9 +47,17 @@ class State(object): class DictizationError(Exception): def __str__(self): + return unicode(self).encode('utf8') + + def __unicode__(self): + if hasattr(self, 'error') and self.error: + return u'{}: {}'.format(self.__class__.__name__, repr(self.error)) + return self.__class__.__name__ + + def __repr__(self): if hasattr(self, 'error') and self.error: - return repr(self.error) - return '' + return '<{} {}>'.format(self.__class__.__name__, repr(self.error)) + return '<{}>'.format(self.__class__.__name__) class Invalid(DictizationError): diff --git a/ckan/lib/navl/validators.py b/ckan/lib/navl/validators.py index 6e508c846a8..cfcb1a2d5d2 100644 --- a/ckan/lib/navl/validators.py +++ b/ckan/lib/navl/validators.py @@ -117,3 +117,9 @@ def convert_int(value, context): except ValueError: raise Invalid(_('Please enter an integer value')) +def unicode_only(value): + '''Accept only unicode values''' + + if not isinstance(value, unicode): + raise Invalid(_('Must be a Unicode string value')) + return value diff --git a/ckan/logic/auth/update.py b/ckan/logic/auth/update.py index 3d0e86c25cb..ae75f8cedb8 100644 --- a/ckan/logic/auth/update.py +++ b/ckan/logic/auth/update.py @@ -153,14 +153,15 @@ def group_edit_permissions(context, data_dict): user = context['user'] group = logic_auth.get_group_object(context, data_dict) - authorized = authz.has_user_permission_for_group_or_org(group.id, - user, - 'update') + authorized = authz.has_user_permission_for_group_or_org( + group.id, user, 'update') if not authorized: - return {'success': False, - 'msg': _('User %s not authorized to edit permissions of group %s') % - (str(user), group.id)} + return { + 'success': False, + 'msg': _('User %s not authorized to' + ' edit permissions of group %s') % + (str(user), group.id)} else: return {'success': True} diff --git a/ckan/templates/organization/members.html b/ckan/templates/organization/members.html index e9a2bf54c79..2f2e8130f42 100644 --- a/ckan/templates/organization/members.html +++ b/ckan/templates/organization/members.html @@ -10,7 +10,9 @@ {% endblock %} {% block primary_content_inner %} -