Skip to content

Commit

Permalink
Merge branch 'master' of https://github.com/okfn/ckan
Browse files Browse the repository at this point in the history
  • Loading branch information
@rossjones
rossjones committed Jun 26, 2012
2 parents e759ef9 + fa9dc06 commit 2bf11bb
Show file tree
Hide file tree
Showing 20 changed files with 767 additions and 583 deletions.
10 changes: 9 additions & 1 deletion ckan/config/environment.py
View file
Expand Up @@ -273,7 +273,15 @@ def genshi_lookup_attr(cls, obj, key):

if ckan_db:
config['sqlalchemy.url'] = ckan_db
engine = sqlalchemy.engine_from_config(config, 'sqlalchemy.')

# for postgresql we want to enforce utf-8
sqlalchemy_url = config.get('sqlalchemy.url', '')
if sqlalchemy_url.startswith('postgresql://'):
extras = {'client_encoding': 'utf8'}
else:
extras = {}

engine = sqlalchemy.engine_from_config(config, 'sqlalchemy.', **extras)

if not model.meta.engine:
model.init_model(engine)
Expand Down
259 changes: 140 additions & 119 deletions ckan/controllers/admin.py
View file

Large diffs are not rendered by default.

81 changes: 48 additions & 33 deletions ckan/controllers/authorization_group.py
View file
Expand Up @@ -8,20 +8,22 @@
from ckan.lib.helpers import Page
from ckan.logic import NotAuthorized, check_access


class AuthorizationGroupController(BaseController):

def __init__(self):
BaseController.__init__(self)

def index(self):
from ckan.lib.helpers import Page
try:
context = {'model':model,'user': c.user or c.author}
check_access('site_read',context)
context = {'model': model, 'user': c.user or c.author}
check_access('site_read', context)
except NotAuthorized:
abort(401, _('Not authorized to see this page'))

query = ckan.authz.Authorizer().authorized_query(c.user, model.AuthorizationGroup)
query = ckan.authz.Authorizer().authorized_query(
c.user, model.AuthorizationGroup)
query = query.options(eagerload_all('users'))
c.page = Page(
collection=query,
Expand All @@ -32,19 +34,20 @@ def index(self):

def _get_authgroup_by_name_or_id(self, id):
return model.AuthorizationGroup.by_name(id) or\
model.Session.query(model.AuthorizationGroup).get(id)
model.Session.query(model.AuthorizationGroup).get(id)

def read(self, id):
c.authorization_group = self._get_authgroup_by_name_or_id(id)
if c.authorization_group is None:
abort(404)
auth_for_read = self.authorizer.am_authorized(c, model.Action.READ,
auth_for_read = self.authorizer.am_authorized(c, model.Action.READ,
c.authorization_group)
if not auth_for_read:
abort(401, _('Not authorized to read %s') % id.encode('utf8'))

import ckan.misc
c.authorization_group_admins = self.authorizer.get_admins(c.authorization_group)
c.authorization_group_admins = self.authorizer.get_admins(
c.authorization_group)

c.page = Page(
collection=c.authorization_group.users,
Expand All @@ -56,16 +59,17 @@ def read(self, id):
def new(self):
record = model.AuthorizationGroup
c.error = ''

auth_for_create = self.authorizer.am_authorized(c, model.Action.AUTHZ_GROUP_CREATE, model.System())

auth_for_create = self.authorizer.am_authorized(
c, model.Action.AUTHZ_GROUP_CREATE, model.System())
if not auth_for_create:
abort(401, _('Unauthorized to create a group'))

is_admin = self.authorizer.is_sysadmin(c.user)

fs = ckan.forms.get_authorization_group_fieldset(is_admin=is_admin)

if request.params.has_key('save'):
if 'save' in request.params:
# needed because request is nested
# multidict which is read only
params = dict(request.params)
Expand All @@ -78,41 +82,48 @@ def new(self):
return render('authorization_group/edit.html')
# do not use groupname from id as may have changed
c.authzgroupname = c.fs.name.value
authorization_group = model.AuthorizationGroup.by_name(c.authzgroupname)
authorization_group = model.AuthorizationGroup.by_name(
c.authzgroupname)
assert authorization_group
user = model.User.by_name(c.user)
model.setup_default_user_roles(authorization_group, [user])
users = [model.User.by_name(name) for name in \
users = [model.User.by_name(name) for name in
request.params.getall('AuthorizationGroup-users-current')]
authorization_group.users = list(set(users))
usernames = request.params.getall('AuthorizationGroupUser--user_name')
usernames = request.params.getall(
'AuthorizationGroupUser--user_name')
for username in usernames:
if username:
usr = model.User.by_name(username)
if usr and usr not in authorization_group.users:
model.add_user_to_authorization_group(usr, authorization_group, model.Role.READER)
model.add_user_to_authorization_group(
usr, authorization_group, model.Role.READER)
model.repo.commit_and_remove()
h.redirect_to(controller='authorization_group', action='read', id=c.authzgroupname)
h.redirect_to(controller='authorization_group', action='read',
id=c.authzgroupname)

c.form = self._render_edit_form(fs)
return render('authorization_group/new.html')

def edit(self, id=None): # allow id=None to allow posting
def edit(self, id=None):
# allow id=None to allow posting
c.error = ''
authorization_group = self._get_authgroup_by_name_or_id(id)
if authorization_group is None:
abort(404, '404 Not Found')
am_authz = self.authorizer.am_authorized(c, model.Action.EDIT, authorization_group)
am_authz = self.authorizer.am_authorized(c, model.Action.EDIT,
authorization_group)
if not am_authz:
abort(401, _('User %r not authorized to edit %r') % (c.user, id))

is_admin = self.authorizer.is_sysadmin(c.user)

if not 'save' in request.params:
c.authorization_group = authorization_group
c.authorization_group_name = authorization_group.name

fs = ckan.forms.get_authorization_group_fieldset(is_admin=is_admin).bind(authorization_group)

fs = ckan.forms.get_authorization_group_fieldset(
is_admin=is_admin).bind(authorization_group)
c.form = self._render_edit_form(fs)
return render('authorization_group/edit.html')
else:
Expand All @@ -133,17 +144,20 @@ def edit(self, id=None): # allow id=None to allow posting
c.form = self._render_edit_form(fs)
return render('authorization_group/edit.html')
user = model.User.by_name(c.user)
users = [model.User.by_name(name) for name in \
users = [model.User.by_name(name) for name in
request.params.getall('AuthorizationGroup-users-current')]
authorization_group.users = list(set(users))
usernames = request.params.getall('AuthorizationGroupUser--user_name')
usernames = request.params.\
getall('AuthorizationGroupUser--user_name')
for username in usernames:
if username:
usr = model.User.by_name(username)
if usr and usr not in authorization_group.users:
model.add_user_to_authorization_group(usr, authorization_group, model.Role.READER)
model.add_user_to_authorization_group(
usr, authorization_group, model.Role.READER)
model.repo.commit_and_remove()
h.redirect_to(controller='authorization_group', action='read', id=c.authorization_group_name)
h.redirect_to(controller='authorization_group', action='read',
id=c.authorization_group_name)

def authz(self, id):
authorization_group = self._get_authgroup_by_name_or_id(id)
Expand All @@ -153,16 +167,17 @@ def authz(self, id):
c.authorization_group_name = authorization_group.name
c.authorization_group = authorization_group

c.authz_editable = self.authorizer.am_authorized(c, model.Action.EDIT_PERMISSIONS,
authorization_group)
c.authz_editable = self.authorizer.am_authorized(
c, model.Action.EDIT_PERMISSIONS, authorization_group)
if not c.authz_editable:
abort(401, gettext('User %r not authorized to edit %s authorizations') % (c.user, id))
abort(401,
gettext('User %r not authorized to edit %s authorizations')
% (c.user, id))

roles = self._handle_update_of_authz(authorization_group)
self._prepare_authz_info_for_render(roles)
return render('authorization_group/authz.html')


def _render_edit_form(self, fs):
# errors arrive in c.error and fs.errors
c.fieldset = fs
Expand Down
10 changes: 3 additions & 7 deletions ckan/controllers/datastore.py
View file
Expand Up @@ -5,6 +5,7 @@
from ckan.logic import get_action, check_access
from ckan.logic import NotFound, NotAuthorized, ValidationError


class DatastoreController(BaseController):
def _make_redirect(self, id, url=''):
index_name = 'ckan-%s' % g.site_id
Expand All @@ -21,9 +22,7 @@ def read(self, id, url=''):
try:
resource = get_action('resource_show')(context, {'id': id})
if not resource.get('webstore_url', ''):
return {
'error': 'DataStore is disabled for this resource'
}
return {'error': 'DataStore is disabled for this resource'}
self._make_redirect(id, url)
return ''
except NotFound:
Expand All @@ -40,9 +39,7 @@ def write(self, id, url):
if not resource:
abort(404, _('Resource not found'))
if not resource.webstore_url:
return {
'error': 'DataStore is disabled for this resource'
}
return {'error': 'DataStore is disabled for this resource'}
context["resource"] = resource
check_access('resource_update', context, {'id': id})
self._make_redirect(id, url)
Expand All @@ -51,4 +48,3 @@ def write(self, id, url):
abort(404, _('Resource not found'))
except NotAuthorized:
abort(401, _('Unauthorized to read resource %s') % id)

9 changes: 6 additions & 3 deletions ckan/controllers/error.py
View file
Expand Up @@ -9,6 +9,7 @@
from ckan.lib.base import BaseController
from ckan.lib.base import render


class ErrorController(BaseController):

"""Generates error documents as and when they are required.
Expand All @@ -33,9 +34,11 @@ def document(self):
if original_request and original_request.path.startswith('/api'):
return original_response.body
# Otherwise, decorate original response with error template.
c.content = literal(original_response.unicode_body) or cgi.escape(request.GET.get('message', ''))
c.prefix=request.environ.get('SCRIPT_NAME', ''),
c.code=cgi.escape(request.GET.get('code', str(original_response.status_int))),
c.content = literal(original_response.unicode_body) or \
cgi.escape(request.GET.get('message', ''))
c.prefix = request.environ.get('SCRIPT_NAME', ''),
c.code = cgi.escape(request.GET.get('code',
str(original_response.status_int))),
return render('error_document_template.html')

def img(self, id):
Expand Down

0 comments on commit 2bf11bb

Please sign in to comment.