Ticket #321 (closed enhancement: duplicate)
Delegate authentication to Drupal
|Reported by:||johnbywater||Owned by:||thejimmyg|
Description (last modified by johnbywater) (diff)
When CKAN is included in a Drupal front-end, CKAN edit pages are used in a slave-mode, such that authentication is delegated to the Drupal front-end user model.
The Drupal front-end shall have:
1. Login page - fixed location, can authenticate users, on successful authentication sets auth cookie and redirects to HTTP_REFERER.
2. Access control resource - fixed location, can authorise users, on receipt of valid auth cookie return message listing account details and permitted actions.
3. Access denied page - fixed location, static resource, gently indicates what has happened, and how to ask for permission.
The CKAN slave edit page shall:
1. Try to detect a Drupal session key (passed as cookie or as request param).
2. Redirect to Drupal login page if no session key.
3. Check authorisation if session key is found.
4. Redirect to access denied page if session key not authorised.
5. Present the Package edit page.
6. Reject unauthenticated or unauthorised edit submissions.
7. Snag invalid edit submissions from authenticated and authorised users.
8. Respond to valid edit submissions from authenticated and authorised users, by saving the new package state, and redirecting to Package read page in Drupal front-end.