You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This is related to #7131, current functionality is that views do various authentication checks to determine if user can see the view or not. These checks might be different than what the actual action is checking for some feature.
For example resource_delete action is calling package_show and package_update which both should be checked before the view is rendered additionally to resource_delete auth function.
Should we have separate auth functions for views themselves so that developers can control their auth functions without knowing the actual internals of CKAN ?
The text was updated successfully, but these errors were encountered:
Such "view auth functions" should be implemented solely by calling the current "logic auth functions". Then they would not require additional overrides from site developers, since changes in the "logic auth functions" would propagate to them.
We discussed this and felt than rather than adding a new layer of auth functions at the views level we should aim for all endpoints to only call the logic auth functions needed, and if an endpoint is calling an auth function that is a bit too out of scope, like in #7137 is better to fix that particular case.
This is related to #7131, current functionality is that views do various authentication checks to determine if user can see the view or not. These checks might be different than what the actual action is checking for some feature.
For example
resource_delete
action is callingpackage_show
andpackage_update
which both should be checked before the view is rendered additionally toresource_delete
auth function.Should we have separate auth functions for views themselves so that developers can control their auth functions without knowing the actual internals of CKAN ?
The text was updated successfully, but these errors were encountered: