Merge pull request #90 from qld-gov-au/develop

Captcha and create data request controls
qld-gov-au · Jul 11, 2023 · 3cd82d7 · 3cd82d7
2 parents cb4e89e + b168394
commit 3cd82d7
Show file tree

Hide file tree

Showing 4 changed files with 46 additions and 12 deletions.
diff --git a/ckanext/datarequests/auth.py b/ckanext/datarequests/auth.py
@@ -17,13 +17,26 @@
 # You should have received a copy of the GNU Affero General Public License
 # along with CKAN Data Requests Extension. If not, see <http://www.gnu.org/licenses/>.
 
-from ckan.plugins.toolkit import auth_allow_anonymous_access, get_action
+from ckan import authz
+from ckan.plugins.toolkit import asbool, auth_allow_anonymous_access, config, get_action
 
 from . import constants
 
 
 def create_datarequest(context, data_dict):
-    return {'success': True}
+    return {
+        'success': asbool(config.get("ckanext.auth.create_datarequest_if_not_in_organization", "True"))
+        or _is_any_group_member(context)
+    }
+
+
+def _is_any_group_member(context):
+    user_name = context.get('user')
+    if not user_name:
+        user_obj = context.get('auth_user_obj')
+        if user_obj:
+            user_name = user_obj.name
+    return user_name and authz.has_user_permission_for_some_org(user_name, 'read')
 
 
 @auth_allow_anonymous_access

diff --git a/ckanext/datarequests/controllers/controller_functions.py b/ckanext/datarequests/controllers/controller_functions.py
@@ -8,13 +8,12 @@
 from six.moves.urllib.parse import urlencode
 
 from ckan import model
-from ckan.lib import helpers
+from ckan.lib import helpers, captcha
 from ckan.plugins import toolkit as tk
-from ckan.plugins.toolkit import c, h
+from ckan.plugins.toolkit import c, h, request, _
 
 from ckanext.datarequests import constants, request_helpers
 
-
 _link = re.compile(r'(?:(https?://)|(www\.))(\S+\b/?)([!"#$%&\'()*+,\-./:;<=>?@[\\\]^_`{|}~]*)(\s|$)', re.I)
 
 log = logging.getLogger(__name__)
@@ -60,7 +59,6 @@ def _get_context():
 
 
 def _show_index(user_id, organization_id, include_organization_facet, url_func, file_to_render, extra_vars=None):
-
     def pager_url(state=None, sort=None, q=None, page=None):
         params = []
 
@@ -155,7 +153,8 @@ def pager_url(state=None, sort=None, q=None, page=None):
 
 
 def index():
-    return _show_index(None, request_helpers.get_first_query_param('organization', ''), True, search_url, 'datarequests/index.html')
+    return _show_index(None, request_helpers.get_first_query_param('organization', ''), True, search_url,
+                       'datarequests/index.html')
 
 
 def _process_post(action, context):
@@ -170,6 +169,7 @@ def _process_post(action, context):
             data_dict['id'] = request_helpers.get_first_post_param('id', '')
 
         try:
+            captcha.check_recaptcha(request)
             result = tk.get_action(action)(context, data_dict)
             return tk.redirect_to(tk.url_for('datarequest.show', id=result['id']))
 
@@ -184,6 +184,16 @@ def _process_post(action, context):
             }
             c.errors = e.error_dict
             c.errors_summary = _get_errors_summary(c.errors)
+        except captcha.CaptchaError:
+            error_msg = _(u'Bad Captcha. Please try again.')
+            h.flash_error(error_msg)
+            # Fill the fields that will display some information in the page
+            c.datarequest = {
+                'id': data_dict.get('id', ''),
+                'title': data_dict.get('title', ''),
+                'description': data_dict.get('description', ''),
+                'organization_id': data_dict.get('organization_id', '')
+            }
 
 
 def new():
@@ -267,7 +277,8 @@ def organization(id):
     context = _get_context()
     c.group_dict = tk.get_action('organization_show')(context, {'id': id})
     url_func = functools.partial(org_datarequest_url, id=id)
-    return _show_index(None, id, False, url_func, 'organization/datarequests.html', extra_vars={'group_dict': c.group_dict})
+    return _show_index(None, id, False, url_func, 'organization/datarequests.html',
+                       extra_vars={'group_dict': c.group_dict})
 
 
 def user(id):
@@ -277,7 +288,8 @@ def user(id):
     except tk.NotAuthorized:
         tk.abort(403, tk._(u'Not authorized to see this page'))
     url_func = functools.partial(user_datarequest_url, id=id)
-    return _show_index(id, request_helpers.get_first_query_param('organization', ''), True, url_func, 'user/datarequests.html',
+    return _show_index(id, request_helpers.get_first_query_param('organization', ''), True, url_func,
+                       'user/datarequests.html',
                        extra_vars={'user': c.user_dict, 'user_dict': c.user_dict})
 
 
@@ -331,15 +343,16 @@ def _return_page(errors=None, errors_summary=None):
             data_dict['id'] = id
             if h.closing_circumstances_enabled:
                 data_dict['close_circumstance'] = request_helpers.get_first_post_param('close_circumstance', None)
-                data_dict['approx_publishing_date'] = request_helpers.get_first_post_param('approx_publishing_date', None)
+                data_dict['approx_publishing_date'] = request_helpers.get_first_post_param('approx_publishing_date',
+                                                                                           None)
                 data_dict['condition'] = request_helpers.get_first_post_param('condition', None)
 
             tk.get_action(constants.CLOSE_DATAREQUEST)(context, data_dict)
             return tk.redirect_to(tk.url_for('datarequest.show', id=data_dict['id']))
-        else:   # GET
+        else:  # GET
             return _return_page()
 
-    except tk.ValidationError as e:     # Accepted Dataset is not valid
+    except tk.ValidationError as e:  # Accepted Dataset is not valid
         log.warn(e)
         errors_summary = _get_errors_summary(e.error_dict)
         return _return_page(e.error_dict, errors_summary)

diff --git a/ckanext/datarequests/templates/datarequests/snippets/comment_form.html b/ckanext/datarequests/templates/datarequests/snippets/comment_form.html
@@ -25,6 +25,10 @@
     <span class="editor-info-block">{% trans %}You can use <a href="#markdown" title="Markdown quick reference" data-target="popover" data-content="{{ markdown_tooltip }}" data-html="true">Markdown formatting</a> here. You can refer datasets by adding their URL.{% endtrans %}</span>
   </div>
 
+  {% if g.recaptcha_publickey %}
+    {% snippet "user/snippets/recaptcha.html", public_key=g.recaptcha_publickey %}
+  {% endif %}
+
   <div class="comment-form-actions">
     {% if comment_id %}
       <button id="comment-discard-{{ comment_id }}" class="btn btn-danger" name="discard">{{ _('Cancel') }}</button>

diff --git a/ckanext/datarequests/templates/datarequests/snippets/datarequest_form.html b/ckanext/datarequests/templates/datarequests/snippets/datarequest_form.html
@@ -40,6 +40,10 @@
   </div>
   {% endblock %}
 
+  {% if g.recaptcha_publickey %}
+    {% snippet "user/snippets/recaptcha.html", public_key=g.recaptcha_publickey %}
+  {% endif %}
+
   {% block form_actions %}
     <div class="form-actions">
       {% block delete_button %}