Custom Query (2152 matches)

Filters
 
Or
 
  
 
Columns

Show under each result:


Results (436 - 438 of 2152)

Ticket Resolution Summary Owner Reporter
#645 fixed Domain object and migration script to associate packages and harvester objects johnbywater johnbywater
#647 fixed Authorization Groups for group-based access control pudo pudo

Reported by pudo, 4 years ago.

Description

allow group-level authorization on all system entities

#648 fixed Enable lock-down of package creation pudo

Reported by pudo, 4 years ago.

Description
  • copy exisiting tests, modify authz in setUp, adapt and extend tests
    • Problem: default_role_actions is read by init_db
    • Solution: nuke db after monkey-patching
    • role = model.Role('Reader'), del role.actions[...]

self.PRE_MAUTHZ_RULES = copy(mauthz.default_role_actions) mauthz.default_role_actions.remove((Role.READER, Action.CREATE)) #raise Exception(mauthz.default_role_actions) model.Session.remove() model.repo.rebuild_db()

  1. Start from the functional

is_authorized(user, Action.Create, model.Package)

-> Doing this will put 'Package' in the context field of the user_object_role table. This will trigger SQLAlchemy to attempt a join towards PackageRole? in all queries. Since for class-level role assignments there never is a PackageRole? join table entry, this will never return any results.

  • have a ckan install that would not allow visitors to either list packages or list groups
    • two paths: create the listing, but for each group/pkg decide that you cannot show this
    • lock down the whole page (/package/list)
      • this is class-based, not object-based

is_authorized(user, Action.Package_Create, model.System()) is_authorized(user, Action.Group_Create, model.System())

[Separating Package and Group roles may be useful going forward: PackageEditor?, GroupEditor? etc]

  1. Find a standard way to lock down classes
    • possibly add default rows in user_object_role
    • introduce lock-down into controllers: group new, package new, REST equivalents,
    • confirm tests
Note: See TracQuery for help on using queries.