Custom Query (2152 matches)
Results (463 - 465 of 2152)
| Ticket | Resolution | Summary | Owner | Reporter |
|---|---|---|---|---|
| #1042 | fixed | 'Ckanext' split-up | dread | dread |
| Description |
It's not good to have ckanext doing lots of different things with different dependencies. Split it off into:
etc. And then deprecate the ckanext repo itself. |
|||
| #1044 | fixed | Sysadmins locked-out of API without Right: (visitor, SITE_READ, System) | pudo | dread |
| Description |
The problem is that in ckan/controllers/rest.py the BaseApiController? has this method: def __before__(self, action, **env):
BaseController.__before__(self, action, **env)
if not self.authorizer.am_authorized(c, model.Action.SITE_READ, model.System):
abort(401, _('Not authorized to see this page'))
which works on the basis of your c.user, rather than your apikey. All API users are treated as visitors (since API users don't get a login cookie) and even a sysadmin's apikey is blocked unless there is a right for a Visitor to SITE_READ. Also needs tests. (Also, why is this restriction only on the API, package search, group index and tags and agroup index? I'm guessing SITE_READ is only for places where other authz don't apply, but maybe it should not be called 'SITE_READ' but 'OTHER_READ' or something?) |
|||
| #1045 | fixed | Group identified by ID in API | dread | dread |
| Description |
http://ckan.net/api/2/rest/group returns group IDs but I can only reach a group by name: http://ckan.net/api/2/rest/group/economics when I also want to get a group by ID: http://ckan.net/api/2/rest/group/04fb43d2-8ddf-4485-9bf5-66d47d3672f3 |
|||
