diff --git a/README.md b/README.md index 7aaf640..5ac7de4 100755 --- a/README.md +++ b/README.md @@ -3,7 +3,7 @@ A CKAN extension to allow any user with admin or editor role in an organisation ## Compatibility -This extension has been tested with CKAN v2.8.3. +This extension has been tested with CKAN v2.8.3 & v2.9.2. While not tested with v2.7.0+ - the required permission was changed from 'update' to 'manage_group' in v2.7.0, so this **should** work in v2.7.0+. diff --git a/ckanext/package_group_permissions/helpers.py b/ckanext/package_group_permissions/helpers.py index 48c652f..5cff74c 100755 --- a/ckanext/package_group_permissions/helpers.py +++ b/ckanext/package_group_permissions/helpers.py @@ -1,5 +1,3 @@ -from ckan.common import c - import ckan.plugins.toolkit as toolkit @@ -8,12 +6,12 @@ def is_user_sysadmin(user=None): :rtype: boolean """ if user is None: - user = toolkit.c.userobj + user = toolkit.g.userobj return user is not None and user.sysadmin def user_has_admin_access(include_editor_access=False): - user = toolkit.c.userobj + user = toolkit.g.userobj # If user is "None" - they are not logged in. if user is None: return False @@ -31,7 +29,7 @@ def get_all_groups(): groups = toolkit.get_action('group_list')( data_dict={'include_dataset_count': False, 'all_fields': True}) pkg_group_ids = set(group['id'] for group - in c.pkg_dict.get('groups', [])) + in toolkit.g.pkg_dict.get('groups', [])) return [[group['id'], group['display_name']] for group in groups if group['id'] not in pkg_group_ids] diff --git a/ckanext/package_group_permissions/plugin.py b/ckanext/package_group_permissions/plugin.py index fe9cfd5..97f2a77 100755 --- a/ckanext/package_group_permissions/plugin.py +++ b/ckanext/package_group_permissions/plugin.py @@ -1,10 +1,11 @@ -from ckan.common import _, c - import ckan.authz as authz import ckan.logic.auth as logic_auth import ckan.plugins as plugins import ckan.plugins.toolkit as toolkit -import helpers +from ckanext.package_group_permissions import helpers + +_ = toolkit._ +g = toolkit.g class PackageGroupPermissionsPlugin(plugins.SingletonPlugin): @@ -26,7 +27,8 @@ def get_auth_functions(self): } return auth_functions - def member_create(self, context, data_dict): + @toolkit.chained_auth_function + def member_create(self, next_auth, context, data_dict): """ This code is largely borrowed from /src/ckan/ckan/logic/auth/create.py With a modification to allow users to add datasets to any group @@ -34,30 +36,13 @@ def member_create(self, context, data_dict): :param data_dict: :return: """ - group = logic_auth.get_group_object(context, data_dict) - user = context['user'] - - # User must be able to update the group to add a member to it - permission = 'update' - # However if the user is member of group then they can add/remove datasets - if not group.is_organization and data_dict.get('object_type') == 'package': - permission = 'manage_group' - - if c.controller in ['package', 'dataset'] and c.action in ['groups']: + authorized = False + if g.controller in ['package', 'dataset'] and g.action in ['groups']: authorized = helpers.user_has_admin_access(include_editor_access=True) - # Fallback to the default CKAN behaviour - if not authorized: - authorized = authz.has_user_permission_for_group_or_org(group.id, - user, - permission) - else: - authorized = authz.has_user_permission_for_group_or_org(group.id, - user, - permission) + if not authorized: - return {'success': False, - 'msg': _('User %s not authorized to edit group %s') % - (str(user), group.id)} + # Fallback to the default CKAN behaviour + return next_auth(context, data_dict) else: return {'success': True}