Skip to content

Commit

Permalink
Merge branch 'master' into 262-improve-helper-imports
Browse files Browse the repository at this point in the history 
Conflicts:
	ckan/tests/functional/test_datastore.py

    no longer exists so deleted
  • Loading branch information
@tobes
tobes committed Feb 20, 2013
2 parents 3ae0ad1 + 14716b7 commit 2cce94a
Show file tree
Hide file tree
Showing 15 changed files with 92 additions and 647 deletions.
15 changes: 0 additions & 15 deletions ckan/config/routing.py
View file
Expand Up @@ -184,21 +184,6 @@ def make_map():
## /END API
###########


## Webstore
if config.get('ckan.datastore.enabled', False):
with SubMapper(map, controller='datastore') as m:
m.connect('datastore_read', '/api/data/{id}{url:(/.*)?}',
action='read', url='', conditions=GET)
m.connect('datastore_write', '/api/data/{id}{url:(/.*)?}',
action='write', url='', conditions=PUT_POST_DELETE)
m.connect('datastore_read_shortcut',
'/dataset/{dataset}/resource/{id}/api{url:(/.*)?}',
action='read', url='', conditions=GET)
m.connect('datastore_write_shortcut',
'/dataset/{dataset}/resource/{id}/api{url:(/.*)?}',
action='write', url='', conditions=PUT_POST_DELETE)

map.redirect('/packages', '/dataset')
map.redirect('/packages/{url:.*}', '/dataset/{url}')
map.redirect('/package', '/dataset')
Expand Down
155 changes: 0 additions & 155 deletions ckan/controllers/admin.py
View file
Expand Up @@ -3,16 +3,9 @@
import ckan.lib.base as base
import ckan.lib.helpers as h
import ckan.lib.app_globals as app_globals
import ckan.lib.authztool
import ckan.model as model
import ckan.logic
import ckan.new_authz

from ckan.model.authz import Role
roles = Role.get_all()
role_tuples = [(x, x) for x in roles]


c = base.c
request = base.request
_ = base._
Expand Down Expand Up @@ -92,154 +85,6 @@ def index(self):

return base.render('admin/index.html')

def authz(self):
def action_save_form(users):
# The permissions grid has been saved
# which is a grid of checkboxes named user$role
rpi = request.params.items()

# The grid passes us a list of the users/roles that were displayed
submitted = [a for (a, b) in rpi if (b == u'submitted')]
# and also those which were checked
checked = [a for (a, b) in rpi if (b == u'on')]

# from which we can deduce true/false for each user/role
# combination that was displayed in the form
table_dict = {}
for a in submitted:
table_dict[a] = False
for a in checked:
table_dict[a] = True

# now we'll split up the user$role strings to make a dictionary
# from (user,role) to True/False, which tells us what we need to
# do.
new_user_role_dict = {}
for (ur, val) in table_dict.items():
u, r = ur.split('$')
new_user_role_dict[(u, r)] = val

# we get the current user/role assignments
# and make a dictionary of them
current_uors = model.Session.query(model.SystemRole).all()
current_users_roles = [(uor.user.name, uor.role)
for uor in current_uors
if uor.user]

current_user_role_dict = {}
for (u, r) in current_users_roles:
current_user_role_dict[(u, r)] = True

# and now we can loop through our dictionary of desired states
# checking whether a change needs to be made, and if so making it

# WORRY: Here it seems that we have to check whether someone is
# already assigned a role, in order to avoid assigning it twice,
# or attempting to delete it when it doesn't exist. Otherwise
# problems occur. However this doesn't affect the index page,
# which would seem to be prone to suffer the same effect. Why
# the difference?


for ((u, r), val) in new_user_role_dict.items():
if val:
if not ((u, r) in current_user_role_dict):
model.add_user_to_role(
model.User.by_name(u), r,
model.System())
else:
if ((u, r) in current_user_role_dict):
model.remove_user_from_role(
model.User.by_name(u), r,
model.System())

# finally commit the change to the database
model.Session.commit()
h.flash_success(_("Changes Saved"))

if ('save' in request.POST):
action_save_form('users')

def action_add_form(users):
# The user is attempting to set new roles for a named user
new_user = request.params.get('new_user_name')
# this is the list of roles whose boxes were ticked
checked_roles = [a for (a, b) in request.params.items()
if (b == u'on')]
# this is the list of all the roles that were in the submitted
# form
submitted_roles = [a for (a, b) in request.params.items()
if (b == u'submitted')]

# from this we can make a dictionary of the desired states
# i.e. true for the ticked boxes, false for the unticked
desired_roles = {}
for r in submitted_roles:
desired_roles[r] = False
for r in checked_roles:
desired_roles[r] = True

# again, in order to avoid either creating a role twice or
# deleting one which is non-existent, we need to get the users'
# current roles (if any)

current_uors = model.Session.query(model.SystemRole).all()


current_roles = [uor.role for uor in current_uors
if (uor.user and uor.user.name == new_user)]
user_object = model.User.by_name(new_user)
if user_object is None:
# The submitted user does not exist. Bail with flash
# message
h.flash_error(_('unknown user:') + str(new_user))
else:
# Whenever our desired state is different from our
# current state, change it.
for (r, val) in desired_roles.items():
if val:
if (r not in current_roles):
model.add_user_to_role(user_object, r,
model.System())
else:
if (r in current_roles):
model.remove_user_from_role(user_object, r,
model.System())
h.flash_success(_("User Added"))

# and finally commit all these changes to the database
model.Session.commit()

if 'add' in request.POST:
action_add_form('users')

# =================
# Display the page
# Find out all the possible roles. For the system object that's just
# all of them.
possible_roles = Role.get_all()

# get the list of users who have roles on the System, with their roles
uors = model.Session.query(model.SystemRole).all()
# uniquify and sort
users = sorted(list(set([uor.user.name for uor in uors if uor.user])))

users_roles = [(uor.user.name, uor.role) for uor in uors if uor.user]
user_role_dict = {}
for u in users:
for r in possible_roles:
if (u, r) in users_roles:
user_role_dict[(u, r)] = True
else:
user_role_dict[(u, r)] = False


# pass these variables to the template for rendering
c.roles = possible_roles
c.users = users
c.user_role_dict = user_role_dict

return base.render('admin/authz.html')

def trash(self):
c.deleted_revisions = model.Session.query(
Expand Down
47 changes: 0 additions & 47 deletions ckan/controllers/datastore.py
View file

This file was deleted.

6 changes: 4 additions & 2 deletions ckan/controllers/group.py
View file
Expand Up @@ -494,8 +494,10 @@ def member_new(self, id):
else:
user = request.params.get('user')
if user:
user= model.Session.query(model.User).get(user)
c.user_name = user.name
c.user_dict = get_action('user_show')(context, {'id': user})
c.user_role = ckan.new_authz.users_role_for_group_or_org(id, user) or 'member'
else:
c.user_role = 'member'
c.group_dict = self._action('group_show')(context, {'id': id})
c.roles = self._action('member_roles_list')(context, {})
except NotAuthorized:
Expand Down
4 changes: 0 additions & 4 deletions ckan/controllers/package.py
View file
Expand Up @@ -1212,10 +1212,6 @@ def resource_download(self, id, resource_id):
abort(404, _('No download is available'))
redirect(rsc['url'])

def api_data(self, id=None):
url = h.url_for('datastore_read', id=id, qualified=True)
return render('package/resource_api_data.html', {'datastore_root_url': url})

def follow(self, id):
'''Start following this dataset.'''
context = {'model': model,
Expand Down
13 changes: 11 additions & 2 deletions ckan/logic/action/get.py
View file
Expand Up @@ -288,8 +288,17 @@ def type_lookup(name):
return lookup[name]
return None

return [ (m.table_id, type_lookup(m.table_name) ,m.capacity,)
for m in q.all() ]
trans = new_authz.roles_trans()
def translated_capacity(capacity):
try:
return trans[capacity]
except KeyError:
return capacity

return [(m.table_id,
type_lookup(m.table_name),
translated_capacity(m.capacity),)
for m in q.all()]

def _group_or_org_list(context, data_dict, is_org=False):

Expand Down
44 changes: 36 additions & 8 deletions ckan/new_authz.py
View file
@@ -1,5 +1,6 @@
import sys
from logging import getLogger
import collections

from pylons import config, c
from pylons.i18n import _
Expand Down Expand Up @@ -65,11 +66,11 @@ def is_authorized(action, context, data_dict=None):
raise ValueError(_('Authorization function not found: %s' % action))

# these are the permissions that roles have
ROLE_PERMISSIONS = {
'admin': ['admin'],
'editor': ['read', 'delete_dataset', 'create_dataset', 'update_dataset'],
'member': ['read'],
}
ROLE_PERMISSIONS = collections.OrderedDict([
('admin', ['admin']),
('editor', ['read', 'delete_dataset', 'create_dataset', 'update_dataset']),
('member', ['read']),
])

def _trans_role_admin():
return _('Admin')
Expand All @@ -87,10 +88,17 @@ def trans_role(role):

def roles_list():
''' returns list of roles for forms '''
out = []
roles = []
for role in ROLE_PERMISSIONS:
roles.append(dict(text=trans_role(role), value=role))
return roles

def roles_trans():
''' return dict of roles with translation '''
roles = {}
for role in ROLE_PERMISSIONS:
out.append(dict(text=trans_role(role), value=role))
return out
roles[role] = trans_role(role)
return roles


def get_roles_with_permission(permission):
Expand Down Expand Up @@ -129,6 +137,26 @@ def has_user_permission_for_group_or_org(group_id, user_name, permission):
return True
return False


def users_role_for_group_or_org(group_id, user_name):
''' Check if the user role for the group '''
if not group_id:
return None
group_id = model.Group.get(group_id).id

user_id = get_user_id_for_username(user_name, allow_none=True)
if not user_id:
return None
# get any roles the user has for the group
q = model.Session.query(model.Member) \
.filter(model.Member.group_id == group_id) \
.filter(model.Member.table_name == 'user') \
.filter(model.Member.table_id == user_id)
# return the first role we find
for row in q.all():
return row.capacity
return None

def has_user_permission_for_some_org(user_name, permission):
''' Check if the user has the given permission for the group '''
user_id = get_user_id_for_username(user_name, allow_none=True)
Expand Down

0 comments on commit 2cce94a

Please sign in to comment.