Custom Query (2152 matches)
Results (568 - 570 of 2152)
Ticket | Resolution | Summary | Owner | Reporter |
---|---|---|---|---|
#1050 | invalid | Authz lib improvement and refactor of ckan/lib/authztool.py | thejimmyg | johnlawrenceaspden |
Description |
Refactor ckan/lib/authztool.py so that the relevant methods are independent of the command line interface. The extracted methods should live in a new file ckan/authz.py. authztool.py should probably move into cli.py and will just do command line parsing and printing and use ckan/authz.py. The updated web gui for authz will also use this code. Tests should be made. There's already a file ckan/tests/test_authz.py, which looks like the appropriate place for new tests. all to go on a branch feature-1050-refactor-authtoolz Optional extras
|
|||
#1086 | wontfix | no way to delete authorization groups from web interface | thejimmyg | johnlawrenceaspden |
Description |
as title. |
|||
#1094 | duplicate | [super] Refactor the Auth System | thejimmyg | thejimmyg |
Description |
Here are some proposed changes related to CKAN's authorization system - they aren't very big, but should provide for some forthcoming use cases including #787. Two man reasons for the changes are:
The first two changes revolve around the is_authorized method, which is called by the logic layer to ask whether a particular user (e.g. Bob) is allowed to do a certain action (e.g. edit) on a certain object (e.g. Package).
which *overrides* the current call with its own implementation (note: in previous discussions we have considered allowing a chain of plugins, no longer!) Reason: authorization can be completely delegated to another system (or partially)
but for action=create_package, the object supplied is System, and for action=edit the object supplied is the package. Instead action should always be the string name of a function in the logic layer and object should always be the object passed to that function. This means our auth system is based around the actual actions we are performing (rather than a model them) and with the actual data that forms the action (rather than a related object). You never need a System object in this model.
Although this sounds a bit radical we already have auth extensions. Read-only CKAN Web UI(Additional requirement from #764) Whilse using CKAN web interface, you are not tempted to edit stuff:
|