Merge branch 'master' of github.com:okfn/ckan into DO_NOT_MERGE_3010-…

…serve-unminified-files-in-production-hack
ckan · Nov 6, 2012 · e66c0f7 · e66c0f7
2 parents 0e2d216 + c59b304
commit e66c0f7
Show file tree

Hide file tree

Showing 6 changed files with 679 additions and 639 deletions.
diff --git a/ckan/config/routing.py b/ckan/config/routing.py
@@ -237,7 +237,8 @@ def make_map():
           'edit',
           'authz',
           'delete',
-          'history'
+          'history',
+          'activity',
           ]))
           )
         m.connect('group_read', '/group/{id}', action='read')

diff --git a/ckan/controllers/group.py b/ckan/controllers/group.py
@@ -233,12 +233,6 @@ def pager_url(q=None, page=None):
             c.facets = {}
             c.page = h.Page(collection=[])
 
-        # Add the group's activity stream (already rendered to HTML) to the
-        # template context for the group/read.html template to retrieve later.
-        c.group_activity_stream = \
-            get_action('group_activity_list_html')(context,
-                                                   {'id': c.group_dict['id']})
-
         return render(self._read_template(c.group_dict['type']))
 
     def new(self, data=None, errors=None, error_summary=None):
@@ -498,6 +492,30 @@ def history(self, id):
             return feed.writeString('utf-8')
         return render(self._history_template(c.group_dict['type']))
 
+    def activity(self, id):
+        '''Render this group's public activity stream page.'''
+
+        context = {'model': model, 'session': model.Session,
+                   'user': c.user or c.author, 'for_view': True}
+        data_dict = {'id': id}
+
+        try:
+            c.group_dict = get_action('group_show')(context, data_dict)
+            c.group = context['group']
+        except NotFound:
+            abort(404, _('Group not found'))
+        except NotAuthorized:
+            abort(401,
+                  _('Unauthorized to read group {group_id}').format(
+                      group_id=id))
+
+        # Add the group's activity stream (already rendered to HTML) to the
+        # template context for the group/read.html template to retrieve later.
+        c.group_activity_stream = get_action('group_activity_list_html')(
+                context, {'id': c.group_dict['id']})
+
+        return render('group/activity_stream.html')
+
     def _render_edit_form(self, fs):
         # errors arrive in c.error and fs.errors
         c.fieldset = fs

diff --git a/ckan/logic/action/get.py b/ckan/logic/action/get.py
@@ -1717,12 +1717,17 @@ def vocabulary_show(context, data_dict):
 def user_activity_list(context, data_dict):
     '''Return a user's public activity stream.
 
+    You must be authorized to view the user's profile.
+
     :param id: the id or name of the user
     :type id: string
 
     :rtype: list of dictionaries
 
     '''
+    # FIXME: Filter out activities whose subject or object the user is not
+    # authorized to read.
+    _check_access('user_show', context, data_dict)
     model = context['model']
     user_id = _get_or_bust(data_dict, 'id')
     query = model.Session.query(model.Activity)
@@ -1735,12 +1740,17 @@ def user_activity_list(context, data_dict):
 def package_activity_list(context, data_dict):
     '''Return a package's activity stream.
 
+    You must be authorized to view the package.
+
     :param id: the id or name of the package
     :type id: string
 
     :rtype: list of dictionaries
 
     '''
+    # FIXME: Filter out activities whose subject or object the user is not
+    # authorized to read.
+    _check_access('package_show', context, data_dict)
     model = context['model']
     package_id = _get_or_bust(data_dict, 'id')
     query = model.Session.query(model.Activity)
@@ -1753,19 +1763,38 @@ def package_activity_list(context, data_dict):
 def group_activity_list(context, data_dict):
     '''Return a group's activity stream.
 
+    You must be authorized to view the group.
+
     :param id: the id or name of the group
     :type id: string
 
     :rtype: list of dictionaries
 
     '''
+    # FIXME: Filter out activities whose subject or object the user is not
+    # authorized to read.
+    _check_access('group_show', context, data_dict)
+
     model = context['model']
     group_id = _get_or_bust(data_dict, 'id')
+
+    # Convert group_id (could be id or name) into id.
+    group_show = logic.get_action('group_show')
+    group_id = group_show(context, {'id': group_id})['id']
+
+    # Get a list of the IDs of the group's datasets.
+    group_package_show = logic.get_action('group_package_show')
+    datasets = group_package_show(context, {'id': group_id})
+    dataset_ids = [dataset['id'] for dataset in datasets]
+
+    # Get the group's activities.
     query = model.Session.query(model.Activity)
-    query = query.filter_by(object_id=group_id)
+    query = query.filter(_or_(model.Activity.object_id == group_id,
+        model.Activity.object_id.in_(dataset_ids)))
     query = query.order_by(_desc(model.Activity.timestamp))
     query = query.limit(15)
     activity_objects = query.all()
+
     return model_dictize.activity_list_dictize(activity_objects, context)
 
 def recently_changed_packages_activity_list(context, data_dict):
@@ -1774,6 +1803,8 @@ def recently_changed_packages_activity_list(context, data_dict):
     :rtype: list of dictionaries
 
     '''
+    # FIXME: Filter out activities whose subject or object the user is not
+    # authorized to read.
     model = context['model']
     query = model.Session.query(model.Activity)
     query = query.filter(model.Activity.activity_type.endswith('package'))
@@ -1790,14 +1821,15 @@ def activity_detail_list(context, data_dict):
     :rtype: list of dictionaries.
 
     '''
+    # FIXME: Filter out activities whose subject or object the user is not
+    # authorized to read.
     model = context['model']
     activity_id = _get_or_bust(data_dict, 'id')
     activity_detail_objects = model.Session.query(
         model.activity.ActivityDetail).filter_by(activity_id=activity_id).all()
     return model_dictize.activity_detail_list_dictize(activity_detail_objects, context)
 
 
-
 def user_activity_list_html(context, data_dict):
     '''Return a user's public activity stream as HTML.
 
@@ -2081,6 +2113,8 @@ def dashboard_activity_list(context, data_dict):
     :rtype: list of dictionaries
 
     '''
+    # FIXME: Filter out activities whose subject or object the user is not
+    # authorized to read.
     model = context['model']
     user_id = _get_or_bust(data_dict, 'id')
 

diff --git a/ckan/templates/group/activity_stream.html b/ckan/templates/group/activity_stream.html
@@ -0,0 +1,6 @@
+{% extends "page.html" %}
+
+{% block primary_content %}
+  <h2 class="hide-heading">{{ _('Activity Stream') }}</h2>
+  {{ c.group_activity_stream | safe }}
+{% endblock %}