[#1257] Check for permissions against owner_org

Fix tests that were passing because they depended on this breakage.
ckan · Oct 16, 2013 · 1b451fe · 1b451fe
1 parent 99a677e
commit 1b451fe
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 7 deletions.
diff --git a/ckan/logic/auth/create.py b/ckan/logic/auth/create.py
@@ -23,7 +23,7 @@ def package_create(context, data_dict=None):
 
     # If an organization is given are we able to add a dataset to it?
     data_dict = data_dict or {}
-    org_id = data_dict.get('organization_id')
+    org_id = data_dict.get('owner_org')
     if org_id and not new_authz.has_user_permission_for_group_or_org(
             org_id, user, 'create_dataset'):
         return {'success': False, 'msg': _('User %s not authorized to add dataset to this organization') % user}

diff --git a/ckan/tests/logic/test_auth.py b/ckan/tests/logic/test_auth.py
@@ -86,17 +86,20 @@ def test_03_create_dataset_no_org(self):
         self._call_api('package_create', dataset, 'no_org', 403)
 
     def test_04_create_dataset_with_org(self):
-
+        org_with_user = self._call_api('organization_show', {'id':
+            'org_with_user'}, 'sysadmin')
         dataset = {'name': 'admin_create_with_user',
-                   'owner_org': 'org_with_user'}
+                   'owner_org': org_with_user.json['result']['id']}
         self._call_api('package_create', dataset, 'sysadmin', 200)
 
+        org_no_user = self._call_api('organization_show', {'id':
+            'org_no_user'}, 'sysadmin')
         dataset = {'name': 'sysadmin_create_no_user',
-                   'owner_org': 'org_no_user'}
+                   'owner_org': org_no_user.json['result']['id']}
         self._call_api('package_create', dataset, 'sysadmin', 200)
 
         dataset = {'name': 'user_create_with_org',
-                   'owner_org': 'org_with_user'}
+                   'owner_org': org_with_user.json['result']['id']}
         self._call_api('package_create', dataset, 'no_org', 403)
 
     def test_05_add_users_to_org(self):
@@ -127,15 +130,15 @@ def _add_datasets(self, user):
 
         #not able to add dataset to org admin does not belong to.
         dataset = {'name': user + '_dataset_bad', 'owner_org': 'org_no_user'}
-        self._call_api('package_create', dataset, user, 409)
+        self._call_api('package_create', dataset, user, 403)
 
         #admin not able to make dataset not owned by a org
         dataset = {'name': user + '_dataset_bad'}
         self._call_api('package_create', dataset, user, 409)
 
         #not able to add org to not existant org
         dataset = {'name': user + '_dataset_bad', 'owner_org': 'org_not_exist'}
-        self._call_api('package_create', dataset, user, 409)
+        self._call_api('package_create', dataset, user, 403)
 
     def test_07_add_datasets(self):
         self._add_datasets('org_admin')