From f03d8f0906f414d547576e05da34dc68d35144e6 Mon Sep 17 00:00:00 2001 From: amercader Date: Wed, 29 Jan 2014 16:29:11 +0000 Subject: [PATCH] [#1471] Fix deletion of unowned datasets We are basically deferring the whole package_delete auth function to package_update, because deletions are basically changing the state field of a dataset from 'active' to 'deleted'. --- ckan/logic/auth/delete.py | 13 ++++--------- 1 file changed, 4 insertions(+), 9 deletions(-) diff --git a/ckan/logic/auth/delete.py b/ckan/logic/auth/delete.py index 74c37d6bdaa..09cce81f4f3 100644 --- a/ckan/logic/auth/delete.py +++ b/ckan/logic/auth/delete.py @@ -1,6 +1,6 @@ import ckan.logic as logic import ckan.new_authz as new_authz -from ckan.logic.auth import get_package_object, get_group_object, get_related_object +from ckan.logic.auth import get_group_object, get_related_object from ckan.logic.auth import get_resource_object import ckan.logic.auth.create as _auth_create from ckan.lib.base import _ @@ -12,14 +12,9 @@ def user_delete(context, data_dict): def package_delete(context, data_dict): - user = context['user'] - package = get_package_object(context, data_dict) - - authorized = new_authz.has_user_permission_for_group_or_org(package.owner_org, user, 'delete_dataset') - if not authorized: - return {'success': False, 'msg': _('User %s not authorized to delete package %s') % (user, package.id)} - else: - return {'success': True} + # Defer auhtorization for package_delete to package_update, as deletions + # are essentially changing the state field + return logic.get_action('package_update')(context, data_dict) def resource_delete(context, data_dict): model = context['model']