Custom Query (2152 matches)
Results (715 - 717 of 2152)
Ticket | Resolution | Summary | Owner | Reporter |
---|---|---|---|---|
#120 | fixed | Security audit | dread | dread |
Description |
Look for all places where model is accessed and check authorization is checked. Document holes (and, as necessary, suggestions for fixes) as new tickets. Likely areas that need looking at:
Write holes are obviously much more significant to us than read holes. |
|||
#129 | invalid | Secure db access by channelling query generation through authz module | rgrp | dread |
Description |
Controllers and templates should not access db objects directly - they should do all access via authz module giving username. They are handed by a query that has already been filtered by the packages they are authorized to read. (Additional idea to be discussed: When they request a package object, they are handed an copy of the db object - disconnected from the database - so it the db object can't be changed.) A couple of tests can be reenabled when this is done: ckan.tests.functional.test_authz.TestUsage?.test_admin_list_deleted ckan.tests.functional.test_authz.TestUsage?.test_search_deleted |
|||
#834 | worksforme | Searching in CKAN | Alexander | |
Description |
Hello. I've installed stable CKAN v1.1 from PyPI. I can't find any docs about using CKAN API in order to query packages. Query ./api/search/package?q=str works fine, but with extra parameters, such as limit, offset, fullinfo, order_by, search_notes, don't. Should I use new version for this? How can I perform this query via Ckanclient? Is it possible? Also I'm interested how to find open-licensed files? I tied URL ./api/search/package?q=str&open_only=1&downloadable_only=1 and Ckanclient: result = ckan.package_search('str', {'open_only': 1, 'downloadable_only': 1}) As result nothing found. Thanks. |