[#3012] Check user authorized if configured

ckan · Nov 9, 2012 · 40e3597 · 40e3597
1 parent 7968627
commit 40e3597
Showing 1 changed file with 11 additions and 0 deletions.
diff --git a/ckan/lib/base.py b/ckan/lib/base.py
@@ -264,6 +264,17 @@ def _identify_user(self):
             c.userobj = self._get_user_for_apikey()
             if c.userobj is not None:
                 c.user = c.userobj.name
+
+        # AUTHORIZED USERS
+        # If ckan is configured to only allow authorized users we check this
+        # here.  Sysadmins are always authorized. If not authorized we
+        # remove c.userobj and set the c.unauthorized_user flag.
+        c.unauthorized_user = False
+        if c.userobj and g.authorized_users_only:
+            if not (c.userobj.authorized or c.userobj.sysadmin):
+                c.userobj = None
+                c.unauthorized_user = True
+
         if c.user:
             c.author = c.user
         else: