Merge branch 'master' of github.com:ckan/ckan...

... into 1943-session-timeout Conflicts: ckan/config/who.ini
ckan · Nov 14, 2014 · f0955ea · f0955ea
2 parents 70ca1e6 + 4e9fbf7
commit f0955ea
Show file tree

Hide file tree

Showing 180 changed files with 1,084 additions and 8,862 deletions.
diff --git a/CHANGELOG.rst b/CHANGELOG.rst
@@ -29,6 +29,12 @@ API changes and deprecations
   Note that logic.get_action() and toolkit.get_action() are *not* deprecated,
   core code and plugin code should still use ``get_action()``.
 
+* Cross-Origin Resource Sharing (CORS) support is no longer enabled by
+  default. Previously, Access-Control-Allow-* response headers were added for
+  all requests, with Access-Control-Allow-Origin set to the wildcard value
+  ``*``. To re-enable CORS, use the new ``ckan.cors`` settings detailed in the
+  Config File Options documentation (:doc:`/maintaining/configuration`)
+
 Template changes
 ----------------
 

diff --git a/ckan/config/deployment.ini_tmpl b/ckan/config/deployment.ini_tmpl
@@ -80,6 +80,15 @@ ckan.site_id = default
 #ckan.simple_search = 1
 
 
+## CORS Settings
+
+# If cors.origin_allow_all is true, all origins are allowed.
+# If false, the cors.origin_whitelist is used.
+# ckan.cors.origin_allow_all = true
+# cors.origin_whitelist is a space separated list of allowed domains.
+# ckan.cors.origin_whitelist = http://example1.com http://example2.com
+
+
 ## Plugins Settings
 
 # Note: Add ``datastore`` to enable the CKAN DataStore

diff --git a/ckan/config/environment.py b/ckan/config/environment.py
@@ -290,6 +290,10 @@ def update_config():
     if asbool(config.get('ckan.legacy_templates', 'no')):
         # We want the new template path for extra snippets like the
         # dataviewer and also for some testing stuff
+        msg = 'Support for Genshi templates is deprecated and will be removed'\
+            ' in a future release'
+        log.warn(msg)
+
         template_paths = [legacy_templates_path, jinja2_templates_path]
     else:
         template_paths = [jinja2_templates_path, legacy_templates_path]

diff --git a/ckan/config/routing.py b/ckan/config/routing.py
@@ -282,10 +282,6 @@ def make_map():
     map.redirect('/groups', '/group')
     map.redirect('/groups/{url:.*}', '/group/{url}')
 
-    ##to get back formalchemy uncomment these lines
-    ##map.connect('/group/new', controller='group_formalchemy', action='new')
-    ##map.connect('/group/edit/{id}', controller='group_formalchemy', action='edit')
-
     # These named routes are used for custom group forms which will use the
     # names below based on the group.type ('group' is the default type)
     with SubMapper(map, controller='group') as m:

diff --git a/ckan/config/who.ini b/ckan/config/who.ini
@@ -58,6 +58,7 @@ plugins =
 
 [authenticators]
 plugins =
+    auth_tkt
     ckan.lib.authenticator:OpenIDAuthenticator
     ckan.lib.authenticator:UsernamePasswordAuthenticator
 

diff --git a/ckan/controllers/revision.py b/ckan/controllers/revision.py
@@ -62,8 +62,6 @@ def list(self):
                 package_indications = []
                 revision_changes = model.repo.list_changes(revision)
                 resource_revisions = revision_changes[model.Resource]
-                resource_group_revisions = \
-                    revision_changes[model.ResourceGroup]
                 package_extra_revisions = revision_changes[model.PackageExtra]
                 for package in revision.packages:
                     if not package:
@@ -89,16 +87,9 @@ def list(self):
                     else:
                         transition = 'updated'
                         for resource_revision in resource_revisions:
-                            if resource_revision.continuity.resource_group.\
-                                    package_id == package.id:
+                            if resource_revision.package_id == package.id:
                                 transition += ':resources'
                                 break
-                        for resource_group_revision in \
-                                resource_group_revisions:
-                            if resource_group_revision.package_id == \
-                                    package.id:
-                                transition += ':resource_group'
-                                break
                         for package_extra_revision in package_extra_revisions:
                             if package_extra_revision.package_id == \
                                     package.id:

diff --git a/ckan/lib/base.py b/ckan/lib/base.py
@@ -369,17 +369,35 @@ def __call__(self, environ, start_response):
         return res
 
     def __after__(self, action, **params):
-        self._set_cors()
+        # Do we have CORS settings in config?
+        if config.get('ckan.cors.origin_allow_all') \
+                and request.headers.get('Origin'):
+            self._set_cors()
         r_time = time.time() - c.__timer
         url = request.environ['CKAN_CURRENT_URL'].split('?')[0]
         log.info(' %s render time %.3f seconds' % (url, r_time))
 
     def _set_cors(self):
-        response.headers['Access-Control-Allow-Origin'] = "*"
-        response.headers['Access-Control-Allow-Methods'] = \
-            "POST, PUT, GET, DELETE, OPTIONS"
-        response.headers['Access-Control-Allow-Headers'] = \
-            "X-CKAN-API-KEY, Authorization, Content-Type"
+        '''
+        Set up Access Control Allow headers if either origin_allow_all is
+        True, or the request Origin is in the origin_whitelist.
+        '''
+        cors_origin_allowed = None
+        if asbool(config.get('ckan.cors.origin_allow_all')):
+            cors_origin_allowed = "*"
+        elif config.get('ckan.cors.origin_whitelist') and \
+                request.headers.get('Origin') \
+                in config['ckan.cors.origin_whitelist'].split(" "):
+            # set var to the origin to allow it.
+            cors_origin_allowed = request.headers.get('Origin')
+
+        if cors_origin_allowed is not None:
+            response.headers['Access-Control-Allow-Origin'] = \
+                cors_origin_allowed
+            response.headers['Access-Control-Allow-Methods'] = \
+                "POST, PUT, GET, DELETE, OPTIONS"
+            response.headers['Access-Control-Allow-Headers'] = \
+                "X-CKAN-API-KEY, Authorization, Content-Type"
 
     def _get_user_for_apikey(self):
         apikey_header_name = config.get(APIKEY_HEADER_NAME_KEY,

diff --git a/ckan/lib/create_test_data.py b/ckan/lib/create_test_data.py
@@ -440,8 +440,8 @@ def create(cls, auth_profile="", package_type=None):
             )
         model.Session.add(pr1)
         model.Session.add(pr2)
-        pkg1.resource_groups_all[0].resources_all.append(pr1)
-        pkg1.resource_groups_all[0].resources_all.append(pr2)
+        pkg1.resources_all.append(pr1)
+        pkg1.resources_all.append(pr2)
         pkg1.notes = u'''Some test notes
 
 ### A 3rd level heading

diff --git a/ckan/lib/datapreview.py b/ckan/lib/datapreview.py
@@ -108,7 +108,7 @@ def get_preview_plugin(data_dict, return_first=False):
     if num_plugins == 0:
         # we didn't find any.  see if any could be made to work
         for plug in plugins_fixable:
-            log.info('%s would allow previews to fix: %s' % (
+            log.info('%s would allow previews.  To fix: %s' % (
                 plug['plugin'], plug['fixable']))
         preview_plugin = None
     elif num_plugins == 1:

diff --git a/ckan/lib/dictization/model_dictize.py b/ckan/lib/dictization/model_dictize.py
@@ -108,7 +108,6 @@ def extras_list_dictize(extras_list, context):
 def resource_dictize(res, context):
     model = context['model']
     resource = d.table_dictize(res, context)
-    resource_group_id = resource['resource_group_id']
     extras = resource.pop("extras", None)
     if extras:
         resource.update(extras)
@@ -117,13 +116,11 @@ def resource_dictize(res, context):
     ## for_edit is only called at the times when the dataset is to be edited
     ## in the frontend. Without for_edit the whole qualified url is returned.
     if resource.get('url_type') == 'upload' and not context.get('for_edit'):
-        resource_group = model.Session.query(
-            model.ResourceGroup).get(resource_group_id)
         last_part = url.split('/')[-1]
         cleaned_name = munge.munge_filename(last_part)
         resource['url'] = h.url_for(controller='package',
                                     action='resource_download',
-                                    id=resource_group.package_id,
+                                    id=resource['package_id'],
                                     resource_id=res.id,
                                     filename=cleaned_name,
                                     qualified=True)
@@ -199,13 +196,11 @@ def package_dictize(pkg, context):
     #strip whitespace from title
     if result_dict.get('title'):
         result_dict['title'] = result_dict['title'].strip()
+
     #resources
-    res_rev = model.resource_revision_table
-    resource_group = model.resource_group_table
-    q = select([res_rev], from_obj = res_rev.join(resource_group,
-               resource_group.c.id == res_rev.c.resource_group_id))
-    q = q.where(resource_group.c.package_id == pkg.id)
-    result = _execute_with_revision(q, res_rev, context)
+    resource_rev = model.resource_revision_table
+    q = select([resource_rev]).where(resource_rev.c.package_id == pkg.id)
+    result = _execute_with_revision(q, resource_rev, context)
     result_dict["resources"] = resource_list_dictize(result, context)
     result_dict['num_resources'] = len(result_dict.get('resources', []))
 
@@ -375,7 +370,13 @@ def get_packages_for_this_group(group_, just_the_count=False):
                     context['ignore_capacity_check'] = True
 
             if not just_the_count:
-                q['rows'] = 1000    # Only the first 1000 datasets are returned
+                # Is there a packages limit in the context?
+                try:
+                    packages_limit = context['limits']['packages']
+                except KeyError:
+                    q['rows'] = 1000  # Only the first 1000 datasets are returned
+                else:
+                    q['rows'] = packages_limit
 
             search_context = dict((k, v) for (k, v) in context.items()
                                   if k != 'schema')
@@ -737,7 +738,7 @@ def resource_view_dictize(resource_view, context):
     config = dictized.pop('config', {})
     dictized.update(config)
     resource = context['model'].Resource.get(resource_view.resource_id)
-    package_id = resource.resource_group.package_id
+    package_id = resource.package_id
     dictized['package_id'] = package_id
     return dictized
 

diff --git a/ckan/lib/dictization/model_save.py b/ckan/lib/dictization/model_save.py
@@ -65,11 +65,13 @@ def package_resource_list_save(res_dicts, package, context):
 
     pending = context.get('pending')
 
-    resource_list = package.resource_groups_all[0].resources_all
-    old_list = package.resource_groups_all[0].resources_all[:]
+    resource_list = package.resources_all
+    old_list = package.resources_all[:]
 
     obj_list = []
     for res_dict in res_dicts or []:
+        if not u'package_id' in res_dict or not res_dict[u'package_id']:
+            res_dict[u'package_id'] = package.id
         obj = resource_dict_save(res_dict, context)
         obj_list.append(obj)