Skip to content

Commit

Permalink
Cleaning up the ordering of the group checks so that it does not caus…
Browse files Browse the repository at this point in the history 
…e issues
  • Loading branch information
@rossjones
rossjones committed Jan 23, 2012
1 parent 24495e5 commit 02ec14d
Show file tree
Hide file tree
Showing 4 changed files with 40 additions and 23 deletions.
40 changes: 23 additions & 17 deletions ckan/logic/auth/publisher/update.py
View file
Expand Up @@ -14,12 +14,7 @@ def package_update(context, data_dict):
user = context.get('user')
package = get_package_object(context, data_dict)

userobj = model.User.get( user )

# Only allow package update if the user and package groups intersect
if not _groups_intersect( userobj.get_groups(), package.get_groups() ):
return {'success': False, 'msg': _('User %s not authorized to edit packages in these groups') % str(user)}

check1 = check_access_old(package, model.Action.EDIT, context)
if not check1:
return {'success': False, 'msg': _('User %s not authorized to edit package %s') % (str(user), package.id)}
Expand All @@ -28,6 +23,13 @@ def package_update(context, data_dict):
if not check2:
return {'success': False, 'msg': _('User %s not authorized to edit these groups') % str(user)}

userobj = model.User.get( user )
if not userobj or \
not _groups_intersect( userobj.get_groups('publisher'), package.get_groups('publisher') ):
return {'success': False,
'msg': _('User %s not authorized to edit packages in these groups') % str(user)}


return {'success': True}

def resource_update(context, data_dict):
Expand All @@ -37,7 +39,7 @@ def resource_update(context, data_dict):

# Only allow resource update if the user and resource packages groups intersect
userobj = model.User.get( user )
if not _groups_intersect( userobj.get_groups(), resource.package.get_groups() ):
if not _groups_intersect( userobj.get_groups('publisher'), resource.resource_group.package.get_groups('publisher') ):
return {'success': False, 'msg': _('User %s not authorized to edit resources in this package') % str(user)}

# check authentication against package
Expand Down Expand Up @@ -65,14 +67,16 @@ def package_change_state(context, data_dict):
user = context['user']
package = get_package_object(context, data_dict)

userobj = model.User.get( user )
if not _groups_intersect( userobj.get_groups(), package.get_groups() ):
return {'success': False, 'msg': _('User %s not authorized to change this package state') % str(user)}

authorized = check_access_old(package, model.Action.CHANGE_STATE, context)
if not authorized:
return {'success': False, 'msg': _('User %s not authorized to change state of package %s') % (str(user),package.id)}
else:
userobj = model.User.get( user )
if not userobj or \
not _groups_intersect( userobj.get_groups('publisher'), package.get_groups('publisher') ):
return {'success': False,
'msg': _('User %s not authorized to change this package state') % str(user)}

return {'success': True}

def package_edit_permissions(context, data_dict):
Expand All @@ -82,7 +86,7 @@ def package_edit_permissions(context, data_dict):

# Only allow package update if the user and package groups intersect
userobj = model.User.get( user )
if not _groups_intersect( userobj.get_groups(), package.get_groups() ):
if not _groups_intersect( userobj.get_groups('publisher'), package.get_groups('publisher') ):
return {'success': False, 'msg': _('User %s not authorized to edit permissions of this package') % str(user)}

authorized = check_access_old(package, model.Action.EDIT_PERMISSIONS, context)
Expand All @@ -98,7 +102,7 @@ def group_update(context, data_dict):

# Only allow package update if the user and package groups intersect
userobj = model.User.get( user )
if not _groups_intersect( userobj.get_groups(), group.get_groups() ):
if not _groups_intersect( userobj.get_groups('publisher'), group.get_groups('publisher') ):
return {'success': False, 'msg': _('User %s not authorized to edit this group') % str(user)}

authorized = check_access_old(group, model.Action.EDIT, context)
Expand All @@ -113,7 +117,7 @@ def group_change_state(context, data_dict):
group = get_group_object(context, data_dict)

userobj = model.User.get( user )
if not _groups_intersect( userobj.get_groups(), group.get_groups() ):
if not _groups_intersect( userobj.get_groups('publisher'), group.get_groups('publisher') ):
return {'success': False, 'msg': _('User %s not authorized to change state of group') % str(user)}

authorized = check_access_old(group, model.Action.CHANGE_STATE, context)
Expand All @@ -129,7 +133,7 @@ def group_edit_permissions(context, data_dict):

# Only allow package update if the user and package groups intersect
userobj = model.User.get( user )
if not _groups_intersect( userobj.get_groups(), group.get_groups() ):
if not _groups_intersect( userobj.get_groups('publisher'), group.get_groups('publisher') ):
return {'success': False, 'msg': _('User %s not authorized to edit permissions of group') % str(user)}

authorized = check_access_old(group, model.Action.EDIT_PERMISSIONS, context)
Expand Down Expand Up @@ -170,9 +174,11 @@ def user_update(context, data_dict):
return {'success': False, 'msg': _('User %s not authorized to edit user %s') % (str(user), user_obj.id)}

# Only allow package update if the user and package groups intersect or user is editing self
if (user != user_obj.name) and \
not _groups_intersect( current_user.get_groups(), user_obj.get_groups() ):
return {'success': False, 'msg': _('User %s not authorized to edit user') % str(user)}

if (user != user_obj.name):
current_user = model.User.get( user )
if not _groups_intersect( current_user.get_groups('publisher'), user_obj.get_groups('publisher') ):
return {'success': False, 'msg': _('User %s not authorized to edit user') % str(user)}

return {'success': True}

Expand Down
8 changes: 6 additions & 2 deletions ckan/model/group.py
View file
Expand Up @@ -136,7 +136,7 @@ def add_package_by_name(self, package_name):
member = Member(group=self, table_id=package.id, table_name='package')
Session.add(member)

def get_groups(self):
def get_groups(self, group_type=None):
""" Get all groups that this group is within """
import ckan.model as model
if '_groups' not in self.__dict__:
Expand All @@ -145,7 +145,11 @@ def get_groups(self):
model.Member.table_name == 'group').\
filter(model.Member.state == 'active').\
filter(model.Member.table_id == self.id).all()
return self._groups

if not group_type:
return self._groups
return [ x for x in self._groups if x.type == group_type ]



@property
Expand Down
7 changes: 5 additions & 2 deletions ckan/model/package.py
View file
Expand Up @@ -501,7 +501,7 @@ def metadata_modified(self):
def is_in_group(self, group):
return group in self.get_groups()

def get_groups(self):
def get_groups(self, group_type=None):
import ckan.model as model
if '_groups' not in self.__dict__:
self._groups = model.Session.query(model.Group).\
Expand All @@ -510,7 +510,10 @@ def get_groups(self):
join(model.Package, model.Package.id == model.Member.table_id).\
filter(model.Member.state == 'active').\
filter(model.Member.table_id == self.id).all()
return self._groups

if not group_type:
return self._groups
return [ x for x in self._groups if x.type == group_type ]

@property
def metadata_created(self):
Expand Down
8 changes: 6 additions & 2 deletions ckan/model/user.py
View file
Expand Up @@ -148,7 +148,7 @@ def number_administered_packages(self):
def is_in_group(self, group):
return group in self.get_groups()

def get_groups(self):
def get_groups(self, group_type=None):
import ckan.model as model
if '_groups' not in self.__dict__:
self._groups = model.Session.query(model.Group).\
Expand All @@ -157,7 +157,11 @@ def get_groups(self):
join(model.User, model.User.id == model.Member.table_id).\
filter(model.Member.state == 'active').\
filter(model.Member.table_id == self.id).all()
return self._groups

if not group_type:
return self._groups
return [ x for x in self._groups if x.type == group_type ]


@classmethod
def search(cls, querystr, sqlalchemy_query=None):
Expand Down

0 comments on commit 02ec14d

Please sign in to comment.