[QCDP24-26] show the datarequest created by current user after user m…

…oved to diff org (#9) * [QCDP24-26] show the datarequest created by current user after user moved to diff org * [QCDP24-26] renamed the facet name
salsadigitalauorg · Sep 9, 2024 · 414ad3f · 414ad3f
1 parent 7c7bb91
commit 414ad3f
Show file tree

Hide file tree

Showing 5 changed files with 56 additions and 51 deletions.
diff --git a/ckanext/datarequests/actions.py b/ckanext/datarequests/actions.py
@@ -469,10 +469,10 @@ def list_datarequests(context, data_dict):
     tk.check_access(constants.LIST_DATAREQUESTS, context, data_dict)
 
     # Get the organization
-    organization_id = data_dict.get('organization_id', None)
-    if organization_id:
+    requesting_organisation = data_dict.get('requesting_organisation', None)
+    if requesting_organisation:
         # Get organization ID (organization name is received sometimes)
-        organization_id = organization_show({'ignore_auth': True}, {'id': organization_id}).get('id')
+        requesting_organisation = organization_show({'ignore_auth': True}, {'id': requesting_organisation}).get('id')
 
     user_id = data_dict.get('user_id', None)
     if user_id:
@@ -493,7 +493,7 @@ def list_datarequests(context, data_dict):
         desc = True
 
     # Call the function
-    db_datarequests = db.DataRequest.get_ordered_by_date(organization_id=organization_id,
+    db_datarequests = db.DataRequest.get_ordered_by_date(requesting_organisation=requesting_organisation,
                                                          user_id=user_id, status=status,
                                                          q=q, desc=desc)
 
@@ -514,24 +514,24 @@ def list_datarequests(context, data_dict):
         'Assign to Internal Data Catalogue Support': 0
     }
     for data_req in db_datarequests:
-        organization_id = data_req.organization_id
+        requesting_organisation = data_req.requesting_organisation
         status = data_req.status
 
-        if organization_id:
-            no_processed_organization_facet[organization_id] = no_processed_organization_facet.get(organization_id, 0) + 1
+        if requesting_organisation:
+            no_processed_organization_facet[requesting_organisation] = no_processed_organization_facet.get(requesting_organisation, 0) + 1
 
         if status in no_processed_status_facet:
             no_processed_status_facet[status] += 1
 
     # Format facets
-    organization_facet = []
-    for organization_id in no_processed_organization_facet:
+    requesting_organization_facet = []
+    for requesting_organisation in no_processed_organization_facet:
         try:
-            organization = organization_show({'ignore_auth': True}, {'id': organization_id})
-            organization_facet.append({
+            organization = organization_show({'ignore_auth': True}, {'id': requesting_organisation})
+            requesting_organization_facet.append({
                 'name': organization.get('name'),
                 'display_name': organization.get('display_name'),
-                'count': no_processed_organization_facet[organization_id]
+                'count': no_processed_organization_facet[requesting_organisation]
             })
         except Exception:
             pass
@@ -552,8 +552,8 @@ def list_datarequests(context, data_dict):
     }
 
     # Facets can only be included if they contain something
-    if organization_facet:
-        result['facets']['organization'] = {'items': organization_facet}
+    if requesting_organization_facet:
+        result['facets']['requesting_organisation'] = {'items': requesting_organization_facet}
 
     if status_facet:
         result['facets']['status'] = {'items': status_facet}

diff --git a/ckanext/datarequests/auth.py b/ckanext/datarequests/auth.py
@@ -21,7 +21,7 @@
 from ckan.plugins.toolkit import current_user, h
 from ckan.plugins.toolkit import asbool, auth_allow_anonymous_access, config, get_action
 
-from . import constants, db, request_helpers
+from . import constants, db
 from .actions import _dictize_datarequest
 
 
@@ -41,34 +41,23 @@ def _is_any_group_member(context):
     return user_name and authz.has_user_permission_for_some_org(user_name, 'read')
 
 
-def _check_organization_access(data_dict, is_listing=False):
-    # Sysadmins can see all data requests, other users can only see their own organization's data requests.
+@auth_allow_anonymous_access
+def show_datarequest(context, data_dict):
     if not current_user.sysadmin:
-        if is_listing:
-            organization_name = request_helpers.get_first_query_param('organization')
-            if not organization_name:
-                return {'success': True}
-
-            organization = get_action('organization_show')({'ignore_auth': True}, {'id': organization_name})
-            organization_id = organization.get('id', None)
-        else:
-            result = db.DataRequest.get(id=data_dict.get('id'))
-            data_req = result[0]
-            data_dict = _dictize_datarequest(data_req)
-            organization_id = data_dict.get('organization_id', None)
+        result = db.DataRequest.get(id=data_dict.get('id'))
+        data_req = result[0]
+        data_dict = _dictize_datarequest(data_req)
+        if data_dict.get('user_id', None) == current_user.id:
+            return {'success': True}
 
+        requesting_organisation = data_dict.get('requesting_organisation', None)
         current_user_orgs = [org['id'] for org in h.organizations_available('read')] or []
-        if organization_id not in current_user_orgs:
+        if requesting_organisation not in current_user_orgs:
             return {'success': False}
 
     return {'success': True}
 
 
-@auth_allow_anonymous_access
-def show_datarequest(context, data_dict):
-    return _check_organization_access(data_dict)
-
-
 def auth_if_creator(context, data_dict, show_function):
     # Sometimes data_dict only contains the 'id'
     if 'user_id' not in data_dict:
@@ -104,7 +93,7 @@ def update_datarequest(context, data_dict):
 
 @auth_allow_anonymous_access
 def list_datarequests(context, data_dict):
-    return _check_organization_access(data_dict, True)
+    return {'success': True}
 
 
 def delete_datarequest(context, data_dict):

diff --git a/ckanext/datarequests/controllers/controller_functions.py b/ckanext/datarequests/controllers/controller_functions.py
@@ -58,7 +58,7 @@ def _get_context():
             'user': c.user, 'auth_user_obj': c.userobj}
 
 
-def _show_index(user_id, organization_id, include_organization_facet, url_func, file_to_render, extra_vars=None):
+def _show_index(user_id, requesting_organisation, include_organization_facet, url_func, file_to_render, extra_vars=None):
     def pager_url(status=None, sort=None, q=None, page=None):
         params = []
 
@@ -88,8 +88,8 @@ def pager_url(status=None, sort=None, q=None, page=None):
         if q:
             data_dict['q'] = q
 
-        if organization_id:
-            data_dict['organization_id'] = organization_id
+        if requesting_organisation:
+            data_dict['requesting_organisation'] = requesting_organisation
 
         if user_id:
             data_dict['user_id'] = user_id
@@ -105,7 +105,7 @@ def pager_url(status=None, sort=None, q=None, page=None):
         c.filters = [(tk._('Newest'), 'desc'), (tk._('Oldest'), 'asc')]
         c.sort = sort
         c.q = q
-        c.organization = organization_id
+        c.requesting_organisation = requesting_organisation
         c.status = status
         c.datarequest_count = datarequests_list['count']
         c.datarequests = datarequests_list['result']
@@ -123,14 +123,14 @@ def pager_url(status=None, sort=None, q=None, page=None):
 
         # Organization facet cannot be shown when the user is viewing an org
         if include_organization_facet is True:
-            c.facet_titles['organization'] = tk._('Organizations')
+            c.facet_titles['requesting_organisation'] = tk._('Organizations')
 
         if not extra_vars:
             extra_vars = {}
         extra_vars['filters'] = c.filters
         extra_vars['sort'] = c.sort
         extra_vars['q'] = c.q
-        extra_vars['organization'] = c.organization
+        extra_vars['requesting_organisation'] = c.requesting_organisation
         extra_vars['status'] = c.status
         extra_vars['datarequest_count'] = c.datarequest_count
         extra_vars['datarequests'] = c.datarequests
@@ -141,7 +141,7 @@ def pager_url(status=None, sort=None, q=None, page=None):
             extra_vars['user'] = None
         if 'user_dict' not in extra_vars:
             extra_vars['user_dict'] = None
-        extra_vars['group_type'] = 'organization'
+        extra_vars['group_type'] = 'requesting_organisation'
         return tk.render(file_to_render, extra_vars=extra_vars)
     except ValueError as e:
         # This exception should only occur if the page value is not valid
@@ -153,7 +153,7 @@ def pager_url(status=None, sort=None, q=None, page=None):
 
 
 def index():
-    return _show_index(None, request_helpers.get_first_query_param('organization', ''), True, search_url,
+    return _show_index(None, request_helpers.get_first_query_param('requesting_organisation', ''), True, search_url,
                        'datarequests/index.html')
 
 

diff --git a/ckanext/datarequests/db.py b/ckanext/datarequests/db.py
@@ -53,14 +53,14 @@ def datarequest_exists(cls, title):
         return query.filter(func.lower(cls.title) == func.lower(title)).first() is not None
 
     @classmethod
-    def get_ordered_by_date(cls, organization_id=None, user_id=None, closed=None, q=None, desc=False, status=None):
+    def get_ordered_by_date(cls, requesting_organisation=None, user_id=None, closed=None, q=None, desc=False, status=None):
         '''Personalized query'''
         query = model.Session.query(cls).autoflush(False)
 
         params = {}
 
-        if organization_id is not None:
-            params['organization_id'] = organization_id
+        if requesting_organisation is not None:
+            params['requesting_organisation'] = requesting_organisation
 
         if user_id is not None:
             params['user_id'] = user_id
@@ -82,11 +82,27 @@ def get_ordered_by_date(cls, organization_id=None, user_id=None, closed=None, q=
         # For sysadmins, we show all the data requests.
         restricted_org_id = None
 
-        # If it is regular user, and the organization_id is not provided, filter it based on current user's organizations.
-        if not current_user.sysadmin and organization_id is None:
+        # If it is regular user, and the requesting_organisation is not provided, filter it based on current user's organizations.
+        if not current_user.sysadmin:
             current_user_orgs = h.organizations_available('read') or []
             restricted_org_id = [org['id'] for org in current_user_orgs]
-            query = query.filter(cls.organization_id.in_(restricted_org_id))
+
+            if requesting_organisation is None:
+                # If the requesting_organisation is not provided, show the data requests created by the current user
+                # or all data request within the current user's organizations.
+                query = query.filter(or_(cls.user_id == current_user.id, cls.requesting_organisation.in_(restricted_org_id)))
+            else:
+                if requesting_organisation not in restricted_org_id:
+                    # If the requesting_organisation is not within the current user's organizations,
+                    # show only the data requests created by the current user.
+                    query = query.filter(cls.user_id == current_user.id)
+
+                    # Remove the requesting_organisation from the filter.
+                    query = query.filter(cls.requesting_organisation is not None)
+                else:
+                    # Else the requesting_organisation is within the current user's organizations,
+                    # show the data requests created by the current user or all data request within selected organization.
+                    query = query.filter(or_(cls.user_id == current_user.id, cls.requesting_organisation == requesting_organisation))
 
         current_user_id = current_user.id if current_user else None
         if current_user_id:

diff --git a/ckanext/datarequests/templates/datarequests/index.html b/ckanext/datarequests/templates/datarequests/index.html
@@ -4,7 +4,7 @@
   <section class="module">
     <div class="module-content">
       {% block page_primary_action %}
-        {% snippet 'snippets/custom_search_form.html', query=q, fields=(('organization', organization), ('state', state)), sorting=filters, sorting_selected=sort, placeholder=_('Search Data Requests...'), no_bottom_border=true, count=datarequest_count, no_title=True %}
+        {% snippet 'snippets/custom_search_form.html', query=q, fields=(('requesting_organisation', requesting_organisation), ('state', state)), sorting=filters, sorting_selected=sort, placeholder=_('Search Data Requests...'), no_bottom_border=true, count=datarequest_count, no_title=True %}
         {{ h.snippet('datarequests/snippets/datarequest_list.html', datarequest_count=datarequest_count, datarequests=datarequests, page=page, q=q)}}
       {% endblock %}
     </div>