Merge pull request #1 from salsadigitalauorg/feature/upgrade-to-CKAN-…

…2.9-compatibility

Upgraded to CKAN 2.9 compatibility

README.md

@@ -3,7 +3,7 @@ A CKAN extension to allow any user with admin or editor role in an organisation
 
 ## Compatibility
 
-This extension has been tested with CKAN v2.8.3.
+This extension has been tested with CKAN v2.8.3 & v2.9.2.
 
 While not tested with v2.7.0+ - the required permission was changed from 'update' to 'manage_group' in v2.7.0, so this **should** work in v2.7.0+.
 

ckanext/package_group_permissions/helpers.py

@@ -1,5 +1,3 @@
-from ckan.common import c
-
 import ckan.plugins.toolkit as toolkit
 
 
@@ -8,12 +6,12 @@ def is_user_sysadmin(user=None):
     :rtype: boolean
     """
     if user is None:
-        user = toolkit.c.userobj
+        user = toolkit.g.userobj
     return user is not None and user.sysadmin
 
 
 def user_has_admin_access(include_editor_access=False):
-    user = toolkit.c.userobj
+    user = toolkit.g.userobj
     # If user is "None" - they are not logged in.
     if user is None:
         return False
@@ -31,7 +29,7 @@ def get_all_groups():
     groups = toolkit.get_action('group_list')(
         data_dict={'include_dataset_count': False, 'all_fields': True})
     pkg_group_ids = set(group['id'] for group
-                        in c.pkg_dict.get('groups', []))
+                        in toolkit.g.pkg_dict.get('groups', []))
     return [[group['id'], group['display_name']]
             for group in groups if
             group['id'] not in pkg_group_ids]

ckanext/package_group_permissions/plugin.py

@@ -1,10 +1,11 @@
-from ckan.common import _, c
-
 import ckan.authz as authz
 import ckan.logic.auth as logic_auth
 import ckan.plugins as plugins
 import ckan.plugins.toolkit as toolkit
-import helpers
+from ckanext.package_group_permissions import helpers
+
+_ = toolkit._
+g = toolkit.g
 
 
 class PackageGroupPermissionsPlugin(plugins.SingletonPlugin):
@@ -26,38 +27,22 @@ def get_auth_functions(self):
         }
         return auth_functions
 
-    def member_create(self, context, data_dict):
+    @toolkit.chained_auth_function
+    def member_create(self, next_auth, context, data_dict):
         """
         This code is largely borrowed from /src/ckan/ckan/logic/auth/create.py
         With a modification to allow users to add datasets to any group
         :param context:
         :param data_dict:
         :return:
         """
-        group = logic_auth.get_group_object(context, data_dict)
-        user = context['user']
-
-        # User must be able to update the group to add a member to it
-        permission = 'update'
-        # However if the user is member of group then they can add/remove datasets
-        if not group.is_organization and data_dict.get('object_type') == 'package':
-            permission = 'manage_group'
-
-        if c.controller in ['package', 'dataset'] and c.action in ['groups']:
+        authorized = False
+        if g.controller in ['package', 'dataset'] and g.action in ['groups']:
             authorized = helpers.user_has_admin_access(include_editor_access=True)
-            # Fallback to the default CKAN behaviour
-            if not authorized:
-                authorized = authz.has_user_permission_for_group_or_org(group.id,
-                                                                        user,
-                                                                        permission)
-        else:
-            authorized = authz.has_user_permission_for_group_or_org(group.id,
-                                                                    user,
-                                                                    permission)
+
         if not authorized:
-            return {'success': False,
-                    'msg': _('User %s not authorized to edit group %s') %
-                           (str(user), group.id)}
+            # Fallback to the default CKAN behaviour
+            return next_auth(context, data_dict)
         else:
             return {'success': True}