Custom Query (2152 matches)

Filters
 
Or
 
  
 
Columns

Show under each result:


Results (1003 - 1005 of 2152)

Ticket Resolution Summary Owner Reporter
#1044 fixed Sysadmins locked-out of API without Right: (visitor, SITE_READ, System) pudo dread

Reported by dread, 3 years ago.

Description

The problem is that in ckan/controllers/rest.py the BaseApiController? has this method:

    def __before__(self, action, **env):
        BaseController.__before__(self, action, **env)
        if not self.authorizer.am_authorized(c, model.Action.SITE_READ, model.System):
            abort(401, _('Not authorized to see this page'))

which works on the basis of your c.user, rather than your apikey. All API users are treated as visitors (since API users don't get a login cookie) and even a sysadmin's apikey is blocked unless there is a right for a Visitor to SITE_READ.

Also needs tests.

(Also, why is this restriction only on the API, package search, group index and tags and agroup index? I'm guessing SITE_READ is only for places where other authz don't apply, but maybe it should not be called 'SITE_READ' but 'OTHER_READ' or something?)

#1045 fixed Group identified by ID in API dread dread

Reported by dread, 3 years ago.

Description
http://ckan.net/api/2/rest/group

returns group IDs but I can only reach a group by name:

http://ckan.net/api/2/rest/group/economics

when I also want to get a group by ID:

http://ckan.net/api/2/rest/group/04fb43d2-8ddf-4485-9bf5-66d47d3672f3
#1046 fixed Dictization and the new logic layer kindly thejimmyg

Reported by thejimmyg, 3 years ago.

Description

The stages involved with doing this.

  • Convert model objects to standard dict format (DONE)
  • Convert standard dicts to current api formats (DONE)
  • Make standard dicts savable (DONE)
  • Validate standard dict format. (DONE)
  • Authorize actions
Note: See TracQuery for help on using queries.