How to use the ckan.plugins.toolkit.check_access function in ckan

To help you get started, we’ve selected a few ckan examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github alexandrainst / ckanext-realtime / ckanext / realtime / logic / auth.py View on Github external
def realtime_auth(context, data_dict, privilege='resource_update'):
    user = context.get('user')
    authorized = p.toolkit.check_access(privilege, context, data_dict)

    if not authorized:
        return {
            'success': False,
            'msg': p.toolkit._('User {0} not authorized to update resource {1}'
                    .format(str(user), data_dict['resource_id']))
        }
    else:
        return {'success': True}
github alexandrainst / ckanext-realtime / ckanext / realtime / logic / action.py View on Github external
def datastore_make_observable(context, data_dict):
    '''Changes a simple datastore to an observable datastore.
    
    :param resource_id: id of the resource to which the datastore is bound
    :type resource_id: string
    
    '''
    schema = context.get('schema',
                         realtime_schema.datastore_make_observable_schema())
     
    data_dict, errors = _validate(data_dict, schema, context)
    if errors:
        raise p.toolkit.ValidationError(errors)
    
    p.toolkit.check_access('datastore_make_observable', context, data_dict)

    db.add_datastore_notifier_trigger(data_dict['resource_id'])
github ckan / ckanext-pages / ckanext / pages / auth.py View on Github external
def org_admin(context, data_dict):
    return p.toolkit.check_access('group_update', context, data_dict)
github ckan / ckanext-issues / ckanext / issues / logic / action / action.py View on Github external
dataset_id = data_dict['dataset_id']
    issue_number = data_dict['issue_number']
    issue = issuemodel.Issue.get_by_name_or_id_and_number(
        dataset_name_or_id=dataset_id,
        issue_number=issue_number,
        session=session)
    if not issue:
        raise p.toolkit.ObjectNotFound(p.toolkit._('Issue does not exist'))

    context['issue'] = issue
    issue_dict = issue.as_dict()

    user = context.get('user')
    if user:
        try:
            can_edit = p.toolkit.check_access(
                'package_update',
                context,
                data_dict={'id': issue.dataset_id}
            )
        except p.toolkit.NotAuthorized:
            can_edit = False
    else:
        can_edit = False

    if issue.visibility != 'visible' and not can_edit:
        raise p.toolkit.ObjectNotFound(
            p.toolkit._('Issue marked as spam/abuse'))

    include_reports = data_dict.get('include_reports')

    comments = []
github ckan / ckanext-issues / ckanext / issues / auth.py View on Github external
def issue_auth(context, data_dict, privilege='package_update'):
    '''Returns whether the current user is allowed to do the action
    (privilege).'''
    auth_data_dict = dict(data_dict)
    # we're checking package access so it is dataset/package id
    auth_data_dict['id'] = auth_data_dict['dataset_id']
    try:
        p.toolkit.check_access(privilege, context, auth_data_dict)
        return {'success': True}
    except p.toolkit.NotAuthorized:
        return {
            'success': False,
            'msg': p.toolkit._(
                'User {0} not authorized for action on issue {1}'.format(
                    str(context['user']),
                    auth_data_dict['id']
                )
github ckan / ckanext-pages / ckanext / pages / actions.py View on Github external
db.init_db(context['model'])
    org_id = data_dict.get('org_id')
    ordered = data_dict.get('order')
    order_publish_date = data_dict.get('order_publish_date')
    page_type = data_dict.get('page_type')
    private = data_dict.get('private', True)
    if ordered:
        search['order'] = True
    if page_type:
        search['page_type'] = page_type
    if order_publish_date:
        search['order_publish_date'] = True
    if not org_id:
        search['group_id'] = None
        try:
            p.toolkit.check_access('ckanext_pages_update', context, data_dict)
            if not private:
                search['private'] = False
        except p.toolkit.NotAuthorized:
            search['private'] = False
    else:
        group = context['model'].Group.get(org_id)
        user = context['user']
        member = authz.has_user_permission_for_group_or_org(
            group.id, user, 'read')
        search['group_id'] = org_id
        if not member:
            search['private'] = False
    out = db.Page.pages(**search)
    out_list = []
    for pg in out:
        parser = HTMLFirstImage()
github ckan / ckanext-pages / ckanext / pages / actions.py View on Github external
def org_pages_show(context, data_dict):
    try:
        p.toolkit.check_access('ckanext_org_pages_show', context, data_dict)
    except p.toolkit.NotAuthorized:
        p.toolkit.abort(401, p.toolkit._('Not authorized to see this page'))
    return _pages_show(context, data_dict)
github ckan / ckanext-archiver / ckanext / archiver / logic / action.py View on Github external
def archiver_dataset_show(context, data_dict=None):
    '''Return a details of the archival of a dataset, aggregated across its
    resources.

    :param id: the name or id of the dataset
    :type id: string

    :rtype: dictionary
    '''
    id_ = _get_or_bust(data_dict, 'id')
    dataset = model.Package.get(id_)
    if not dataset:
        raise ObjectNotFound
    archivals = Archival.get_for_package(dataset.id)
    archival_dict = aggregate_archivals_for_a_dataset(archivals)
    p.toolkit.check_access('archiver_dataset_show', context, data_dict)
    return archival_dict
github NaturalHistoryMuseum / ckanext-nhm / ckanext / nhm / routes / statistics.py View on Github external
def before_request():
    u'''set context and check authorization'''
    try:
        toolkit.check_access(u'site_read', _context())
    except toolkit.NotAuthorized:
        toolkit.abort(401, toolkit._(u'Not authorized to see this page'))