Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Datastore does not hide private resources in SQL search #652

Closed
wants to merge 581 commits into from
Closed

Datastore does not hide private resources in SQL search #652

wants to merge 581 commits into from

Conversation

domoritz
Copy link
Contributor

Datastore tables that belong to private CKAN resources are not hidden. This could be potentially unexpected even though it says it in the docs http://docs.ckan.org/en/latest/datastore-setup.html.

johnglover and others added 13 commits March 18, 2013 04:18
@johnglover
Merge pull request #639 from okfn/639-clean-logic-auth-update
abf2729 
logic.auth.update is a mess
[#649] Rename default_package_schema() -> _base_package_schema()
ca87536 
Also add a docstring.

This schema seems to be a base schema for other package schemas to be
based on, and a private helper function of schema.py. It's not used
outside of schema.py apart from by some tests that probably should not
be using it. The new name hopefully makes it clearer what the purpose of
this function is.
[#649] Deprecate package_form_schema() properly
0030d73 
I think package_form_schema() was probably deprecated using a code
comment before we had the Right Way of deprecating things (using the
deprecated decorator).
@kindly
#515 make it so organization titles are in facet listing
34911b9
[#649] Don't validate package dicts in package controller
6604d7b 
The package_*() action functions handle fetching package schemas and
using them to validate package dicts, no need to also do it in the
package controller!
[#649] Delete package_create_validate()
c9a4c27 
Delete package_create_validate() action function.

This function has no docstring and no tests, and duplicates package dict
validation code in package_create().
[#649] Delete package_update_validate()
4abebbc 
Delete package_update_validate() action function.

This function has no docstring and no tests, and duplicates package dict
validation code in package_update().
@johnglover
[#430] Add test for packages in vocab list.
f527dfc 
From seanh commit 4c917f5
@johnglover
PEP8
14eb73d
@johnmartin
[#629] Adds .clearfix to .module-heading to make the 'Clear all' a li…
4204dee 
…ttle nicer
@johnmartin
[#2750] Tweaks base package_metadata_fields.html and then {% ckan_ext…
7111901 
…ends %} from it.
@johnmartin
[#2750] Simplify the template yet more
7ab3d44
[#649] Refactor form_to_db_schema()
3c677cf 
Replace form_to_db_schema(), form_to_db_schema_options(),
form_to_db_schema_api_create(), form_to_db_schema_api_update(),
form_to_db_package_schema() with just two schemas: create and update.
Then get the tests passing.

schema.py:

- Delete _base_package_schema()
- Delete already deprecated package_form_schema()
- Delete form_to_db_package_schema()
- Tweak default_create_package_schema() and
  default_update_package_schema() to get tests passing

DefaultDatasetForm:

- Delete form_to_db_schema_options()
- Delete form_to_db_schema()
- Delete form_to_db_schema_api_create()
- Delete form_to_db_schema_api_update()
- Add create_package_schema(), returns None
- Add update_package_schema(), returns None

Note that by deleting form_to_db_schema() and
form_to_db_schema_options(), _api_create() and _api_update(), we're
breaking backwards compatibility with any plugins that were using these.

package_create():
- Don't call form_to_db_schema_options() or form_to_db_schema().
- Instead call the package plugin's create_package_schema(), if that
  doesn't exist or if it returns None then call
  default_create_package_schema() instead

package_update():
- Don't call form_to_db_schema_options() or form_to_db_schema().
- Instead call the package plugin's update_package_schema(), if that
  doesn't exist or if it returns None then call
  default_update_package_schema() instead

Note that by no longer calling the form_to_db_schema_options() or
form_to_db_schema() methods of IDatasetForm plugins, we're breaking
backward compatibility with those plugins.

Note this makes IDatasetForm less flexible - plugins can return
different schemas for creating, updating or showing packages, but they
can no longer return different schemas depending on whether we're using
the API or web UI, or on other parameters from the Pylons context.

test_tag_vocab.py:

- Update MockVocabTagsPlugin to work with the new interface

Also update some other tests.
@ghost ghost assigned domoritz Mar 19, 2013
Sean Hammond and others added 16 commits March 19, 2013 14:01
[#649] Rename db_to_form_package_schema() -> default_show_package_sch…
b763aa5 
…ema()

This makes the name consistent with default_create_package_schema() and
default_update_package_schema().
[#649] Get rid of form_to_db_schema_options()
d7cf2bd 
package_show(): Don't call an IDatasetForm plugin's
db_to_form_schema_options() or db_to_form_schema() anymore, instead call
package_show_schema(), if the plugin doesn't have that method or if it
returns None then fall back on
ckan.logic.schema.default_package_show_schema(). (Same pattern as for
package_create() and package_update()).

Delete DefaultDatasetForm's db_to_form_schema_options() and
db_to_form_schema(), add show_package_schema() that just returns None,
same as create_package_schema() and update_package_schema().
@amercader
Merge branch '288-unicode-title-support'
e5aac37
@amercader
Merge branch '629-clear-all-facet'
a933add
Remove unused _check_data_dict() from package controller
78ce503 
This method is never called
[#649] Remove schema-related hacks from package controller
24a616f 
These hacks are no longer needed
@amercader
Merge branch '630-org-template-tidy-up'
e7fa137
@amercader
Merge branch '515-org-group-search-issue'
579ee38 
Conflicts:
	ckan/lib/search/index.py
@johnglover
[#430] Fix for packages not appearing in vocabulary_show
5c95483
@johnglover
Merge remote-tracking branch 'origin/master' into 430-packages-missin…
9698b35 
…g-vocabulary-show
[#2750] Add custom_text_field back into example idatasetform templates
41684e5 
This field accidentally got removed from the templates in a previous
commit
[#2750] Remove 'free extras' from package form in example idatasetform
4483c53 
This is necessary to make convert_to/from_extras() work
Merge branch 'master' of github.com:okfn/ckan into example_idatasetfo…
307c89e 
…rm_without_tests_second_try
@tobes
Merge branch 'example_idatasetform_without_tests'
0ce63ee 
Conflicts:
	doc/tag-vocabularies.rst

    removed
    This needs to be done via the action API (:doc:`api`). Please check
    the examples section to see which calls are needed.
@johnglover
[#654] Allow activity streams to be disabled via config
0b771d3
@johnglover
Merge remote-tracking branch 'origin/master' into 654-disable-activit…
b750d3c 
…y-streams-via-config
Sean Hammond and others added 16 commits April 16, 2013 20:45
Merge branch '767-doc-title'
174b065
Update Issues link in docs footer (trac->github)
0c1caab
Change title on docs index page
0955b0c
@domoritz
[#652] Require resource_show permissions to read datastore resources
aef190a
@domoritz
[#652] Fix auth test in action, use the normal user in the search tes…
db1d6a6 
…ts instead of the sysadmin user
@domoritz
[#652][wip] Add test for search for private datasets
c3f3e0b
@domoritz
[#652] Only allow aliases in search to simplify checks. Also make thi…
aa6e38c 
…s clear in the docs.
@domoritz
[#652] Make the private dataset test work
3f4363e
@domoritz
[#652] Provide more useful information if sql search goes wrong
738c2fb
@domoritz
Clean up test code
e8287b3
@domoritz
[#652][wip] Add actions to make datastore resources private or public
04cb3f2
@domoritz
[#652] Refactor checks whether resources exist
091e164
@domoritz
[#652] Close connection, fix missing data_dict['connection_url']
54d7a95
@domoritz
[#652] Automatically make resources private or public when the permis…
87de3ab 
…sions change
@domoritz
More helpful information about errors
198719e
@domoritz
[#652] Fix missing connection_url
9e68bca
@domoritz
Copy link
Contributor Author

Closing this because I made the pr to the wrong branch...

@domoritz domoritz closed this Apr 23, 2013
domoritz added a commit that referenced this pull request Apr 23, 2013
@domoritz
[#652] Refactor validation of possible methods
e286f48
domoritz added a commit that referenced this pull request Apr 23, 2013
@domoritz
[#652] Properly report permission denied error in sql search
71dd159
domoritz added a commit that referenced this pull request Apr 23, 2013
@domoritz
[#652] Get spelling right
fc14e37
domoritz added a commit that referenced this pull request Apr 23, 2013
@domoritz
[#652] Make sure that we have a connection url
c626c00
domoritz added a commit that referenced this pull request Apr 23, 2013
@domoritz
[#652] We have to wrap the GRANT/REVOKE in a transaction to make it work
43c578e
domoritz added a commit that referenced this pull request Apr 24, 2013
@domoritz
[#652] Make private resources compatible with legacy mode
eb06a95
domoritz added a commit that referenced this pull request Apr 24, 2013
@domoritz
[#652] Test whether a new datastore resource is private if the CKAN r…
d7414f4 
…esource is private
domoritz added a commit that referenced this pull request Apr 24, 2013
@domoritz
[#652] Test whether the updates to the datastore resources work corre…
4c926d3 
…ctly
domoritz added a commit that referenced this pull request Apr 24, 2013
@domoritz
[#652] Clean up
b799069
domoritz added a commit that referenced this pull request Apr 25, 2013
@domoritz
[#652] Update docs concerning private resources
bad48e6
amercader added a commit that referenced this pull request Jun 5, 2013
@amercader
[#652] Fix issues caused by wrong merge
b06e58d
amercader added a commit that referenced this pull request Jun 5, 2013
@amercader
[#652] Move test file to tests folder to try and make Travis happy
7c735fc
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@domoritz domoritz

Labels
None yet
Projects
None yet
Milestone
CKAN 2.1
Development

Successfully merging this pull request may close these issues.

None yet