Merge branch 'canada-v2.0' of github.com:open-data/ckan into canada-v2.0

CHANGELOG.txt

@@ -1,6 +1,25 @@
 CKAN CHANGELOG
 ++++++++++++++
 
+
+v2.0.2 2013-08-13
+=================
+
+Bug fixes:
+ * Fix markdown in group descriptions (#303)
+ * Fix resource proxy encoding errors (#896)
+ * Fix datastore exception on first run (#907)
+ * Enable streaming in resource proxy (#989)
+ * Fix in user search (#1024)
+ * Fix Celery configuration to allow overriding from config (#1027)
+ * Undefined function on organizations controller (#1036)
+ * Fix license not translated in orgs/groups (#1040)
+ * Fix link to documentation from the footer (#1062)
+ * Fix missing close breadcrumb tag in org templates (#1071)
+ * Fix recently_changed_packages_activity_stream function (#1159)
+ * Fix Recline map sidebar not showing in IE 7-8 (#1133)
+
+
 v2.0.1 2013-06-11
 =================
 
@@ -175,6 +194,15 @@ Deprecated and removed:
  * Removed deprecated datetime_to_datestr() template helper function (#2257)
 
 
+v1.8.2 2013-08-13
+=================
+
+Bug fixes:
+ * Fix for using harvesters with organization setup
+ * Refactor for user update logic
+ * Tweak resources visibility query
+
+
 v1.8.1 2013-05-10
 =================
 
@@ -240,6 +268,14 @@ API changes and deprecation:
    but is deprecated, and will be removed in future versions. (#2313)
 
 
+v1.7.4 2013-08-13
+=================
+
+Bug fixes:
+ * Refactor for user update logic
+ * Tweak resources visibility query
+
+
 v1.7.3 2013-05-10
 =================
 

ckan/__init__.py

@@ -1,4 +1,4 @@
-__version__ = '2.0.2b'
+__version__ = '2.0.2'
 
 __description__ = 'Comprehensive Knowledge Archive Network (CKAN) Software'
 __long_description__ = \

ckan/logic/action/get.py

@@ -1490,8 +1490,11 @@ def resource_search(context, data_dict):
     offset = data_dict.get('offset')
     limit = data_dict.get('limit')
 
-    # TODO: should we check for user authentication first?
-    q = model.Session.query(model.Resource)
+    q = model.Session.query(model.Resource).join(model.ResourceGroup).join(model.Package)
+    q = q.filter(model.Package.state == 'active')
+    q = q.filter(model.Package.private == False)
+    q = q.filter(model.Resource.state == 'active')
+
     resource_fields = model.Resource.get_columns()
     for field, terms in fields.items():
 

ckan/logic/auth/update.py

@@ -134,13 +134,28 @@ def group_edit_permissions(context, data_dict):
 
 def user_update(context, data_dict):
     user = context['user']
+
     user_obj = get_user_object(context, data_dict)
 
-    if not (user == user_obj.name) and \
-       not ('reset_key' in data_dict and data_dict['reset_key'] == user_obj.reset_key):
-        return {'success': False, 'msg': _('User %s not authorized to edit user %s') % (str(user), user_obj.id)}
+    # If the user has a valid reset_key in the db, and that same reset key
+    # has been posted in the data_dict, we allow the user to update
+    # her account without using her password or API key.
+    if user_obj.reset_key and 'reset_key' in data_dict:
+        if user_obj.reset_key == data_dict['reset_key']:
+            return {'success': True}
 
-    return {'success': True}
+    if not user:
+        return {'success': False,
+                'msg': _('Have to be logged in to edit user')}
+
+    if user == user_obj.name:
+        # Allow users to update their own user accounts.
+        return {'success': True}
+    else:
+        # Don't allow users to update other users' accounts.
+        return {'success': False,
+                'msg': _('User %s not authorized to edit user %s') %
+                        (user, user_obj.id)}
 
 def revision_change_state(context, data_dict):
     # FIXME currently only sysadmins can change state

ckanext/reclinepreview/theme/public/vendor/recline/recline.js

@@ -3716,7 +3716,6 @@ my.MapMenu = Backbone.View.extend({
           Cluster markers</label> \
       </div> \
       <input type="hidden" class="editor-id" value="map-1" /> \
-      </div> \
     </form> \
   ',