[#652] Require resource_show permissions to read datastore resources

ckan · Apr 17, 2013 · aef190a · aef190a
1 parent 0955b0c
commit aef190a
Showing 1 changed file with 4 additions and 4 deletions.
diff --git a/ckanext/datastore/logic/auth.py b/ckanext/datastore/logic/auth.py
@@ -1,17 +1,17 @@
 import ckan.plugins as p
 
 
-def _datastore_auth(context, data_dict):
+def _datastore_auth(context, data_dict, privilege='resource_update'):
     if not 'id' in data_dict:
         data_dict['id'] = data_dict.get('resource_id')
     user = context.get('user')
 
-    authorized = p.toolkit.check_access('resource_update', context, data_dict)
+    authorized = p.toolkit.check_access(privilege, context, data_dict)
 
     if not authorized:
         return {
             'success': False,
-            'msg': p.toolkit._('User {0} not authorized to update resource {1}'\
+            'msg': p.toolkit._('User {0} not authorized to update resource {1}'
                     .format(str(user), data_dict['id']))
         }
     else:
@@ -31,4 +31,4 @@ def datastore_delete(context, data_dict):
 
 
 def datastore_search(context, data_dict):
-    return {'success': True}
+    return _datastore_auth(context, data_dict, 'resource_show')