Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Loading…

restrict use of some logic functions #372

Merged
merged 2 commits into from

1 participant

@wardi
Owner

No description provided.

@wardi wardi merged commit c2abcb1 into open-data:master

1 check failed

Details default The Travis CI build failed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
This page is out of date. Refresh to see the latest.
Showing with 41 additions and 11 deletions.
  1. +41 −11 ckanext/canada/logic.py
View
52 ckanext/canada/logic.py
@@ -18,24 +18,37 @@ def limit_api_logic():
'organization_show': (5, 20),
}
data_dict_limit = {
- 'user_activity_list': (20, 100),
- 'current_package_list_with_resources': (20, 100),
- 'group_package_show': (20, 100),
'package_search': (int(config.get('ckan.datasets_per_page', 20)), 100),
- 'resource_search': (20, 100),
'package_activity_list': (20, 100),
- 'group_activity_list': (20, 100),
- 'organization_activity_list': (20, 100),
'recently_changed_packages_activity_list': (20, 100),
- 'user_activity_list_html': (20, 100),
'package_activity_list_html': (20, 100),
- 'group_activity_list_html': (20, 100),
- 'organization_activity_list_html': (20, 100),
- 'recently_changed_packages_activity_list_html': (20, 100),
'dashboard_activity_list': (20, 100),
'dashboard_activity_list_html': (20, 100),
}
+ # shields up
+ disable_anon_logic = [
+ 'current_package_list_with_resources',
+ 'revision_list',
+ 'package_revision_list',
+ 'user_list',
+ 'resource_search',
+ 'user_activity_list',
+ 'member_list',
+ 'group_revision_list',
+ 'user_show',
+ 'package_autocomplete',
+ 'format_autocomplete',
+ 'user_autocomplete',
+ 'group_activity_list',
+ 'organization_activity_list',
+ 'user_activity_list_html',
+ 'group_activity_list_html',
+ 'organization_activity_list_html',
+ 'recently_changed_packages_activity_list_html',
+ 'group_package_show',
+ ]
+
out = {}
for name, (default, limit) in context_limit_packages.items():
action = getattr(core_get, name)
@@ -56,15 +69,32 @@ def wrapper(context, data_dict,
@functools.wraps(action)
def wrapper(context, data_dict,
default=default, limit=limit, action=action, param=param):
- value = int(data_dict.get(param, default))
+ try:
+ if int(data_dict.get('offset', '0')) > 1000:
+ return [] # no.
+ value = int(data_dict.get(param, default))
+ except ValueError:
+ return []
data_dict[param] = min(value, limit)
return action(context, data_dict)
if hasattr(action, 'side_effect_free'):
wrapper.side_effect_free = action.side_effect_free
out[name] = wrapper
+ for name in disable_anon_logic:
+ action = getattr(core_get, name)
+ @functools.wraps(action)
+ def wrapper(context, data_dict, action=action):
+ if context.get('user', 'visitor') in ('', 'visitor'):
+ return []
+ return action(context, data_dict)
+
+ out[name] = wrapper
+
return out
+
+
@side_effect_free
def changed_packages_activity_list_since(context, data_dict):
'''Return the activity stream of all recently added or changed packages.
Something went wrong with that request. Please try again.