[#1038] Config option fixed and documented.

And tidy typos etc.

ckan/new_authz.py

@@ -367,6 +367,10 @@ def check_config_permission(permission):
             CONFIG_PERMISSIONS[perm] = config.get(key, default)
             if isinstance(default, bool):
                 CONFIG_PERMISSIONS[perm] = asbool(CONFIG_PERMISSIONS[perm])
+            elif isinstance(default, list):
+                CONFIG_PERMISSIONS[perm] = \
+                    CONFIG_PERMISSIONS[perm].split(' ') \
+                    if CONFIG_PERMISSIONS[perm] else []
     if permission in CONFIG_PERMISSIONS:
         return CONFIG_PERMISSIONS[permission]
     return False

ckan/tests/logic/test_auth.py

@@ -210,7 +210,7 @@ def test_11_delete_org(self):
 
 class TestAuthOrgHierarchy(TestAuth):
     # Tests are in the same vein as TestAuthOrgs, testing the cases where the
-    # group hierarchy provices extra permissions through cascading
+    # group hierarchy provides extra permissions through cascading
 
     @classmethod
     def setup_class(cls):
@@ -224,7 +224,7 @@ def setup_class(cls):
                              'groups': ['national-health-service']}],
             extra_user_names=['john'])
 
-    def _reset_adatasets_owner_org(self):
+    def _reset_a_datasets_owner_org(self):
         rev = model.repo.new_revision()
         get_action('package_owner_org_update')(
             {'model': model, 'ignore_auth': True},
@@ -304,7 +304,7 @@ def test_08_update_datasets_3(self):
         try:
             self._call_api('package_update', dataset, 'nhsadmin', 200)
         finally:
-            self._reset_adatasets_owner_org()
+            self._reset_a_datasets_owner_org()
 
     def test_08_update_datasets_4(self):
         dataset = {'name': 'adataset', 'owner_org': 'department-of-health'}
@@ -315,7 +315,7 @@ def test_08_update_datasets_5(self):
         try:
             self._call_api('package_update', dataset, 'nhseditor', 200)
         finally:
-            self._reset_adatasets_owner_org()
+            self._reset_a_datasets_owner_org()
 
     def test_08_update_datasets_6(self):
         dataset = {'name': 'adataset', 'owner_org': 'nhs-wirral-ccg'}

ckan/tests/logic/test_member.py

@@ -171,7 +171,7 @@ def _member_create_in_group(self, obj, obj_type, capacity, group_id):
         return logic.get_action('member_create')(ctx, dd)
 
     def _member_create_as_user(self, obj, obj_type, capacity, user):
-        '''Makes the griven object a member of cls.group using privileges of
+        '''Makes the given object a member of cls.group using privileges of
         the given user.'''
         ctx, dd = self._build_context(obj, obj_type, capacity, user=user)
         return logic.get_action('member_create')(ctx, dd)

doc/configuration.rst

@@ -355,6 +355,22 @@ Default value: ``False``
 
 Allow new user accounts to be created via the API.
 
+.. _ckan.auth.roles_that_cascade_to_sub_groups:
+
+ckan.auth.roles_that_cascade_to_sub_groups
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+Example::
+
+ ckan.auth.roles_that_cascade_to_sub_groups = admin editor
+
+Default value: ``admin``
+
+
+Makes role permissions apply to all the groups down the hierarchy from the groups that the role is applied to.
+
+e.g. a particular user has the 'admin' role for group 'Department of Health'. If you set the value of this option to 'admin' then the user will automatically have the same admin permissions for the child groups of 'Department of Health' such as 'Cancer Research' (and its children too and so on).
+
 .. end_config-authorization