{22} Trac tickets (2647 matches)

Results (401 - 500 of 2647)

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
Id Type Owner Reporter Milestone Status Resolution Summary Description Posixtime Modifiedtime
#34 defect somebody zool closed worksforme Page Not Found - returns with 200 rather than 404 as it should 1163008961000000 1253781550000000
#35 defect rgrp rgrp v0.4 closed fixed IP Address for non-logged in users is always 127.0.0.1 when deployed behind a proxy (e.g. on ckan.net)

When IP address is used to identify non-logged in users (for example on create and editing of packages) it is always 127.0.0.1 when using a reverse proxy (standard deployment configuration on a production machine and used e.g. on http://www.ckan.net).

This could be corrected by using HTTP_X_FORWARDED_FOR when available.

1177006633000000 1185471537000000
#36 enhancement rgrp rgrp v0.4 closed fixed Edit package page should support previews

When editing a package one would like to be able to preview one's changes before saving.

1177007112000000 1185470035000000
#37 enhancement rgrp rgrp v0.5 closed fixed Purge a Revision (i.e. purge all changes associated with that revision)

Spam entries have started to occur on ckan.net in the last few months. It would be useful to be able to purge these revisions -- that is permanently delete all changes to domain objects associated with those revision (one might also permanently delete that revision -- or alternatively simply mark it as purged).

In addition to providing this facility from the shell it would also be useful to be able to do this from the web interface (with associated restrictions on usage via an authorization controller of some sort).

1192650660000000 1199786536000000
#38 enhancement rgrp rgrp v0.5 closed fixed Make data available in machine-usable form

Currently all data is only available via the web interface which makes it difficult to obtain in bulk. Data should be provided in other more convenient, machine usable forms:

  • DB Dump
  • JSON for each package page (maybe Atom as well)
1194521614000000 1200903004000000
#39 enhancement johnbywater rgrp v0.7 closed fixed When listing packages show more information than just name.

When a package listing is shown (as on http://ckan.net/package/list) more information than just name should be shown. For example package titles should be shown as well as names (could also list tags and other stuff but simplest is just title).

Cost: 1

1194608920000000 1223908298000000
#40 defect rgrp rgrp v0.5 closed fixed Reserved html characters (such as &) in urls mean package does not render for read view

A url such as: http://someurl.com/xyz?x=1&VERSION=1.1&Service=WFS when set as url or download_url breaks the rendering of the package with an error like:

There was an error rendering the package: not well-formed (invalid token): line 1, column 181

Have checked that removing the & stuff makes the error go away so this looks like an issue with escaping urls when displaying them ...

1195565228000000 1200993319000000
#41 task rgrp rgrp v0.5 closed fixed Upgrade to Latest Version of Pylons (0.9.6.*) and Deploy on Production Machine

Should do this sooner rather than later to avoid 'clear water' opening up and need to deploy then asap onto production machine to avoid 'clear water' between trunk and production (which then prevents pushing from trunk to production).

1199786854000000 1199787967000000
#42 enhancement rgrp rgrp v0.6 closed fixed In WUI where List of Items to Display is Large Results should be Paged

As A

Visitor

I Want To

View lists of items but not have too many on a page (as this leads to slow page loads and difficulty navigating the list). Where there are more items in the results of my action that can be fit on a single page the results should be 'paged' in some manner.

Details

Main place this issue arises:

  • List of tags
  • List of packages
  • Repository history (/revision)

Should probably have no more than 50 (or so) items on a page. Obvious solution is for actions that return lists to have some kind of pageno parameter and then use this in controller to select what to display.

1199787162000000 1204133257000000
#43 enhancement rgrp rgrp v0.10 closed fixed Generic Attributes for Packages

As A

User

I Want To

Add arbitrary named attributes to packages (an attribute being a name, type, value triple).

Details

  • We will do this using a dedicated (versioned) table associated to Package
  • Do we allow multiple attributes of the same name?
    • For the present: No (since we will key by attribute name)
    • Could allow for single attribute but with multiple values using json list ...
  • What types do we allow or do we just rely on JSON to take care of this?

Questions (Original)

  • How complex is this to implement?
  • What would an arbitrary user be able to edit? Possibilities:
    1. 'create new attribute' and setting the value (so name and type would be chosen from predefined list).
    2. 'create', setting of name and value (but not type -- type already set in predefined list)
  • Could just use (machine) tags -- though this could be seen as a bit of a hack.
  • Would solve having to create special file/url attributes (though I think that perhaps file stuff is important enough to merit first class support in the domain model -- though, that said, since one won't want to have a file limit adding unlimited file support is very similar to unlimited attributes of arbitrary type).
1199788109000000 1253709802000000
#44 enhancement johnbywater rgrp v0.7 closed fixed Provide RSS/Atom Feed of Repository History

As A

Visitor

I Want To

Get an RSS/Atom Feed of the Repository History to use in my feed reader (or elsewhere).

Details

  • Preference for Atom.
  • should just add parameter to /revision/list/ (or /revision/) to select atom format e.g. ?format=atom.
  • should have a 'days' attribute specifying number of days back to go e.g. &days=30

Cost

Low

1199788457000000 1223390660000000
#45 enhancement rgrp johnbywater v0.6 closed fixed Immunity to SQL injection attacks 1201110894000000 1204133342000000
#46 enhancement rgrp johnbywater v0.9 closed fixed Return error documents that look and feel like normal CKAN pages 1201111018000000 1265891789000000
#47 enhancement rgrp johnbywater v0.6 closed fixed Return OpenID signin pages that look and feel like normal pages 1201183920000000 1215543616000000
#48 enhancement rgrp johnbywater ckan-v1.4-sprint-1 closed fixed Create favicon

Because CKAN's worth it!

1201202789000000 1297077492000000
#49 enhancement rgrp rgrp closed invalid Filter Spam in Changes to CKAN Data

As A

sysadmin

I Want To

Have revisions to the CKAN data filtered in order to reduce the spam in the system.

Details

In the long run this is a quite a generic problem common across several OKF systems and probably can become a general component in the okfmisc repo. For time being focus on a well-factored CKAN-specific solution.

Suggest we follow path of trac: http://trac.edgewall.org/wiki/SpamFilter

Could have a general engine that aggregates spam scores from many different 'plugins' and then marks spam appropriately (actions should be configurable depending on spam level from 'purge' to 'delete' (mark revision as inactive) to 'flag' to 'do nothing').

Main initial plugins would be:

  • regex filter (this would seem very useful here, e.g. do not allow urls in commit messages ...)
    • could augment using the badcontent list approach (can find list on e.g. moinmoin)
  • spambayes and/or akismet
1204134691000000 1257244973000000
#50 task rgrp rgrp closed fixed Investigate apt-get in more detail

Research apt-get especially wajig and python wrappers for apt-get. Post results on the wiki.

1215456052000000 1267648356000000
#51 enhancement rgrp rgrp v0.7 closed fixed Upgrade CKAN to use sqlalchemy and vdm v0.2

Move CKAN codebase to use sqlalchemy (rather than sqlobject) along with vdm v0.2.

NB: the upgrade itself should not be too hard, the work will be in providing a satisfactory migration script to convert existing data on ckan.net service.

1220900438000000 1223908230000000
#52 enhancement rgrp rgrp v0.7 closed invalid Paginated results sets should be customizable across domain objects
  1. Tag results could/should show number of associated packages
  2. Package results should show title (and be in list)
  3. Pagination should be able to be applied to other result sets than simply register listing (e.g. search results ...)
  4. Revisions should be listed in a table with full details
1223549648000000 1223908425000000
#53 enhancement rgrp rgrp v0.8 closed fixed View Information about Package history (i.e. package revisions)

As A

Visitor/User?

I want to

View information about a package history, i.e. what revisions it has.

Details

  • History info should be available at package/history/pkg-name
  • Most basic info is just info from revision (when it occurred, author etc)
  • More sophisticated would be to have diff support to see differences between revisions
1223552139000000 1239133021000000
#54 enhancement johnbywater rgrp v0.7 closed fixed Support dump and load of CKAN data to JSON

As a

Sysadmin

I want to

Dump (serialize) CKAN data to a simple transport format (e.g. JSON) and be able to load it again.

Details

  • Already have simple db dump. However dumping to JSON has various advantages, particularly where changes to the data need to be made upon reloading (e.g. during a migration).
  • Dump should include *all* CKAN data (i.e. all the data in the CKAN db tables)
1223907883000000 1230211256000000
#55 enhancement rgrp rgrp v0.7 closed fixed Code to migrate data from v0.6 to v0.7 using dump and load

Associated to ticket:51 (upgrade CKAN to new vdm) and ticket:54 (dump/load) need to convert v0.6 data for v0.7.

Obvious way to do this is via alteration to data load method.

1223908240000000 1223909891000000
#56 enhancement rgrp rgrp v0.8 closed fixed Show icons indicating package openness

As A

User or Visitor

I Want To

See simple icons (e.g. tick/cross) next to packages (in lists or on main page) indicating openness status of package.

So That

It is easy to see the openness status of a package.

Details

  • Suggested by Liz Turner
  • Openness = open license at present (no easy way to determine whether accessible)
  • Have separate tick for downloadability (i.e. existence of download url)
  • Could do more stuff in future (e.g. money where tag price- exists, etc etc)
1230211123000000 1239018857000000
#57 enhancement rgrp rgrp v0.8 closed fixed Basic datapkg integration with CKAN

Using datapkg a user can:

  • list packages on CKAN
  • get info about package on CKAN
  • register and update a package on CKAN
1238750826000000 1239018717000000
#58 enhancement rgrp rgrp v0.9 closed fixed Make bookmarklet to enable easy package registration on CKAN

Make bookmarklet to enable easy package registration on CKAN

Details

  1. This requires redoing web interface to allow 1-step package creation/editing (as opposed to name then everything else approach at the moment)
1239018517000000 1239974365000000
#59 enhancement johnbywater rgrp v1.0 closed fixed Provide a basic guide to CKAN on the site
  1. Use contents from ckan package notes section (rgrp)
  2. Update that section to be more guide-like (jwyg)
1239018583000000 1273080019000000
#60 enhancement rgrp rgrp v0.9 closed fixed Front page usability improvements
  1. List in sidebar 3 latest created/updated packages.
  1. Put package search box on front page (might also want to move some of front page content into an about page).
  1. Similarly might want package creation box on front page.
1239094266000000 1246434921000000
#61 enhancement rgrp rgrp v0.10 closed fixed When dumping data to json do not dump private information like API keys

Cost: 1h

1239123529000000 1265890790000000
#62 enhancement dread rgrp v0.10 closed fixed Change tags to contain any character (other than space)

Requires us to url encode the tag names when displaying them ...

1240585095000000 1250181376000000
#63 defect rgrp rgrp v0.9 closed fixed Purge is broken after upgrade of vdm

Since we upgraded to new vdm (v0.4) which has built in purge support existing purge support looks to be broken. Should be reasonably easy to fix this.

Cost: 1h

1245148623000000 1245656000000000
#64 enhancement rgrp rgrp v0.10 closed fixed Switch to repoze.who for authentication

Switch to repoze.who + openid plugin for authentication from authkit.

Already did this in microfacts so should be fairly easy.

1245168853000000 1246127063000000
#65 enhancement rgrp rgrp v0.9 closed fixed Add version attribute to package

It is essential packages have a version attribute to assist in tracking releases etc (and to allow compatibility with other packaging systems e.g. distutils which is being used by datapkg).

cost: 2h

1245262864000000 1246434569000000
#66 enhancement rgrp rgrp v0.10 closed fixed Improve user account UI
  1. Link at top should say "Your Account" when you are logged in
    • when not logged in should say: "Log in via openid"
    • Open Id info on /account/ should move to /account/login/ or be deleted
    • Going to /account/ when not logged in should redirect to /account/login/
  1. When logged in the basic account index page should not give generic information but should reflect fact you are logged in by:
  • Saying something like: "You are logged in as: ..."
  • Showing your apikey or a link to apikey
  • Giving you a logout link

We can think of a bunch of other stuff that could go on their (recent edits, packages you own etc) but these will be separate tickets.

1245263685000000 1250785405000000
#67 enhancement rgrp rgrp v0.10 closed fixed List all of a user's recent edits on their home page

Additional feature related to ticket:66.

cost: 2h

1245263731000000 1250785122000000
#68 enhancement rgrp rgrp v0.9 closed fixed Show affected packages in revision list view

When listing revisions (at /revision/ or in atom feed) show affected packages. Minor but v. useful UI improvement.

Cost: 1h

1245656153000000 1245697554000000
#69 enhancement rgrp rgrp v0.9 closed fixed Change to text-only license field and use external license repo

Switch from license domain object to a simple license field and use license list from new centralised license repo:

<http://knowledgeforge.net/okfn/licenses/>

  • This will require a migration

Cost: 4h (plus migration ...)

1245687449000000 1246437494000000
#70 enhancement rgrp rgrp v0.9 closed fixed Convert from py.test to nosetests

Cost: 1h

1246434753000000 1247827053000000
#71 enhancement rgrp rgrp v0.10 closed fixed Upgrade to Pylons 0.9.7

Cost: 2h

1246435041000000 1250181211000000
#72 enhancement rgrp rgrp v0.10 closed fixed Integrate new logo

Integrate new logo from http://wiki.okfn.org/ckan/logo into site:

  • In title

Also can do favicon (separate ticket:48)

Cost: 1h

1246441021000000 1251451954000000
#73 enhancement rgrp rgrp closed invalid Put enquiry template in db so it can be edited by admins

Currently stored in the python controller file. This is not the right place and putting it in db will allow editing by admins.

May also want to do this for the footer (also in the controller file).

Details:

  • Will need to create a new domain object/db table. Suggest called miscellaneous and consist of key value pairs utilizing JSON type for values.

Cost: 2h.

1247705786000000 1266510385000000
#74 enhancement dread rgrp v0.10 closed fixed Add Is It Open links to package pages

On each package page in the openness field if the package is not open provide a link to is it open create enquiry page.

Details:

  • may want to add to the url a query parameter indicating which package this relates to e.g. ?ckan-package=...
  • http://isitopen.ckan.net/enquiry/create/?ckan-package=...
  • do we provide link even if package is open (e.g. so that people can make enquiries about e.g. adding open data/content buttons ...)

Cost: 0.5h

1247828218000000 1250182938000000
#75 enhancement dread rgrp closed duplicate Record and display package "usage" information
  • Number of package page visits on ckan (can we get this straight from google analytics)
  • Number of times url or download url is used - now ticket:937 (Record download stats for resoures)

How do we do this?

  • Google analytics will miss a lot of this usage (and how do we get that data out anyway)
  • Could use javascript but again misses usage.
  • One option is to redirect link but that is kind of nasty (but may be only option ...)
1247828785000000 1296341223000000
#76 enhancement dread rgrp v0.10 closed fixed Convert to use formalchemy for all forms

Current form stuff is not very good (uses formencode). Switch to formalchemy would improve this, especially on validation.

As an extra we could utilize the formalchemy pylons admin interface (pretty much for free).

Cost: 12h

Details

  1. Replace htmlfill and formencode extract in controllers/templates with formalchemy
    1. Crude and simple
    2. Suppress unwanted fields (revision, state, all revisions) and sort out ordering to be similar to before.
    3. Sort out tag field with a special renderer
  2. Validation - testing definitely required.
  3. Fix up description and pretty css etc
1247829041000000 1251301765000000
#77 enhancement dread rgrp v0.11 closed fixed Rate packages

As a User or Visitor

I wish to rate a package in some way. On the package view, below Openness, there is a 'Rating' heading with the star rating which is selectable.

Rating out of 5. One user or IP, one vote.

package_rating table:

package | user | rating annakarenina | joe.bloggs.openid.com | 4 annakarenina | 154.2.5.47 | 1

1247829193000000 1255176732000000
#78 enhancement rgrp rgrp ckan-sprint-2011-10-28 closed fixed Extend login cookie lifetime

When you login you get given a cookie but it is very short (life of your browser session I think).

Work out how to extend to something reasonable (30 days or perhaps forever with logout unsetting cookie).

  1. A quick investigation to see whether this is possible
  2. If possible do it

Cost: ?

1247829310000000 1314877169000000
#79 enhancement dread rgrp v0.10 closed fixed Improvements to package search

Several things:

  • Default package search (used e.g. on front page) should deal well with multiple items: "abc xyz" means search for both abc and xyz (as separate searches)
  • Should automatically display a list of matching tags in a line at top with number of associated packages
  • have an option to only search for fully open material (or openly licensed material ...)

Since we should be moving to a more sophisticated search solution anyway (to allow prioritisation etc) maybe we should cautious as to what we do now.

1247829864000000 1265890806000000
#80 enhancement dread rgrp v0.10 closed fixed Refactor or remove modes code

Get rid of modes in the RESTful API. Do json stuff directly in controllers.

  • package will have to_dict and from_dict methods (called by rest controller) which provide and consume JSON friendly dictionaries representing the object. from_dict - class_method. stuff in forms for tags as_string, maybe factor out. reuse validation stuff.
1247844263000000 1265890912000000
#81 enhancement rgrp rgrp vdm-0.7 closed fixed Support for sqlalchemy 0.5 1248285433000000 1268487327000000
#82 enhancement rgrp rgrp closed fixed Support diffing of versioned objects

Should have function/facility to get a diff of a version object between 2 revisions. Function should return a dictionary of fields with diffs.

Details:

  • Do we deal with m2m relationships (and m2one on the many side)?
  • What is diff?
    • For text fields output of python diff command
    • For non-text field guess just simple +/- for what was there before and now

Cost: 4h (don't think this is a huge request)

1248289499000000 1256565441000000
#83 enhancement rgrp rgrp vdm-0.6 closed fixed Allow "ignored" fields on versioned objects

Allow 'ignored' fields on versioned objects (i.e. attributes which are not 'versioned'). This is not hard to do as we already have most of the necessary mechanisms set up in the Revisioner object.

Cost: 2h

1248339384000000 1267648301000000
#85 enhancement rgrp rgrp closed fixed Convert state from an object to an enumeration

No real benefit of having State object as opposed to a simple text field with enumerated values and this second option is both simpler and more flexible.

Main hassle here is that it requires migration in all projects that use vdm.

If we're going to do this we should do it sooner rather than later.

Cost: 2h (+ 1h for a conversion method)

1248339662000000 1263206391000000
#86 enhancement rgrp rgrp closed fixed Support for stateful dict-like collections

Already support stateful list-like collections and should extend this to dict-like collections.

(This is prerequisite for implementing versioned "extra" (key/value) attributes on packages in CKAN and elsewhere).

1248430798000000 1249050202000000
#87 enhancement rgrp rgrp closed duplicate Multiple download links

Multiple download links, including links to mirrors and multiple formats/versions

1248693302000000 1258470719000000
#88 enhancement rgrp rgrp v0.11 closed fixed Download (link) metadata

Support for download metadata (file size, file formats, version information).

See also: ticket:87 (multiple download links)

1248693385000000 1265891491000000
#89 enhancement nickstenning rgrp closed fixed Tag cloud for package tags

Should not be hard to do (lots of existing libraries) but not sure that this is very important.

1248693939000000 1265892698000000
#90 enhancement nickstenning rgrp v0.11 closed fixed Link to RDF versions of CKAN data

We should link to representations on semantic.ckan.net

  • Each package page could link to its RDF representation
    • "Alternative formats" near star rating. Has logo for RDF (link to RDF) and JSON (link via CKAN REST i/f).
    • Some instances of ckan won't need this, so have option in ini file for this. rdf_store_url=xyz
    • Include machine-readable link to the RDF:
      <meta http-equiv=... />
      
    • 303 redirect to RDF when content negotiation requires RDF. Test:
      curl -I -H "Accept: application/rdf+xml" http://localhost:5000/package/warandpeace
      

Cost: 3h

Future

1248943742000000 1265890334000000
#91 enhancement dread rgrp v0.10 closed fixed Add author and maintainer attributes to package

Add the following attributes to package:

  • author, author_email
  • maintainer, maintainer_email

Gives us full compatibility to: http://docs.python.org/distutils/setupscript.html#additional-meta-data

Column ordering - should come after name, title, url, download_url.

1249049780000000 1250864156000000
#92 enhancement rgrp rgrp closed wontfix Add RDFa to package pages 1249049927000000 1297344859000000
#93 enhancement rgrp rgrp v0.10 closed fixed Access control for packages

Should be able to limit ability to a user's ability to do things with packages (read, edit etc). This is a big ticket (it may required splitting) and full details are in separate wiki page: AccessControl.

Cost: 8d

1249055049000000 1253613274000000
#94 enhancement dread rgrp v0.10 closed fixed Use sqlalchemy-migrate to handle db/model upgrades

Details of how to go about this here <http://www.rufuspollock.org/2009/07/27/sqlalchemy-migrate-with-pylons/>

Cost: 2h

1249134185000000 1250604808000000
#95 enhancement rgrp rgrp closed fixed Add manifest support

Support for listing files (manifest) contained within a package.

Traditional manifests just list the files. Suggest in addition we have support for optional metadata in form of key, value pairs.

1249981842000000 1251454716000000
#96 defect rgrp rgrp closed invalid info command must give up to date information for python-type distributions

(2008-09-10) at present when setup.py is edited info command may not give up to date information if pkg-info (in egg.info) is not rebuilt.

Suggest: info command needs to rebuilds pkg-info in python-type distributions.

1249982410000000 1311176063000000
#97 enhancement rgrp rgrp closed duplicate Do not create a distribution on a path is something already exists there

(2009-03-09) Do not create a distribution at path X if path X already exists and contains material (unless forced via a force option).

Cost: 1h

1249983557000000 1318181317000000
#98 enhancement rgrp rgrp datapkg-0.7 closed fixed Replace use of pastescript templates in PythonDistribution with of something simpler

Replace use of pastescript templates in PythonDistribution? (write) with of something simpler (allowing us to remove dependency on pastescript).

1249983810000000 1297210774000000
#99 enhancement rgrp rgrp closed wontfix Test DbIndex with sqla 0.5

Test DbIndex? with sqla 0.5 (and get it working if it does not work).

Cost: ??

Priority: low because DbIndex? is not currently that important to us (also wonder whether we should try using CKAN code here to stop us reinventing the wheel).

1249985537000000 1297081088000000
#100 enhancement rgrp rgrp closed fixed Convert existing data on disk to a datapkg distribution

(2008-10-29) convert existing directory on disk to a datapkg distribution (PythonDistribution? by default). This would be presented in the CLI as a convert command.

Details:

  • Add a metadata file (setup.py), perhaps prompting for input
  • List all existing data in that directory

Cost: 4h

1249986628000000 1318181227000000
#101 enhancement rgrp rgrp closed fixed (Improved) Download support
  1. Given a url download from that url to disk
  2. Given a package use download url to download to disk

Once on disk should uncompress (if necessary).

Details

  • Should download either to tmp directory (defaulted in config) or a specified path on disk
  • In download would like to support as many types of target urls as possible:
    1. Single files (usually compressed filesets but could be individual files)
    2. Index pages listing files to download
    3. Revision control repositories
    4. ...

This will obviously be a significant amount of work. Suggest:

  1. Start off just supporting the first option.
  2. Have something like a plugin system to handle new target types
  3. Reuse existing work (e.g. easy_install and pip handle standard vcs such as svn, hg, git etc)

Cost: 1d

1249988866000000 1267648607000000
#102 enhancement rgrp rgrp closed fixed Switch to using UUIDs for revision ids

This is better for long term sustainability, especially if we want to "push and pull" from unrelated repositories in the future.

Details:

  • May wish to retain a number field updated in the usual incremental way (what's the cost/benefit here?)
1250068175000000 1260285104000000
#103 enhancement kindly rgrp ckan-v1.5 closed fixed View a package at a given revision

As a user I want to view a package at a given revision:

  • When I visit /package/read/xyz?rev=yyy I should be shown package at revision yyy
  • package history page should provide links to these pages

Cost: 2h

1251289897000000 1311180850000000
#104 enhancement rgrp rgrp closed fixed View a package at a given version

As a user i want to see a package at "version" X (NB: not revision X).

  • When I visit e.g. /package/read/xyz?version=0.7 I should be shown package at version 0.7 (or a message saying no such version)
  • Implementation:
    • Find revision for this version (search revision history for when version field was last 0.7)
    • Show pacakge at that revision (as in ticket:103)
  • On history page also shows versions in list of revisions associated with the package
1251292672000000 1311181303000000
#105 enhancement dread rgrp v0.10 closed fixed Package groups (view)

As a user I want to be able to create groups of packages.

This functionality is different from tags:

  • The ability to add a package to a given group is restricted whereas anyone can add a given tag to a package
  • Specifically groups have owners and only the owners can add a package to that group

Group properties

  • id (primarykey, uuid style)
  • name (restricted content - same rules as package)
  • title (no restrictions)
  • owners -- many:many with user object
  • description (markdown)
  • packages -- many:many with package object

Don't version groups for now.

Groups address in the WUI will be:

  • /group - browse list of groups (reuse list action)
  • /group/list - same thing for now
  • /group/<groupname> - display: group properties with links to packages. No links to user pages (yet).

Group editing and searching will be another ticket.

Cost: 3d

1251392282000000 1252488496000000
#106 enhancement dread rgrp closed duplicate Regularly convert CKAN data to RDF and put on Talis CC

Sister to ticket:90 (Link to RDF version of CKAN data on Talis Connected Commons).

Talis have already kindly done an initial conversion. We should repeat this process regularly and re-upload the data to Talis CC.

In the long run may wish to only re-convert packages changed since the last upload. However given relatively smaller size of full dataset this optimization is probably not yet required.

Attached is the ruby script used by Talis for conversion

Cost: ? (1d+ depending on e.g. how easy integration with Talis CC is)

1251454474000000 1256140649000000
#107 enhancement rgrp rgrp closed invalid Provide information about uploading material

Often people who are registering resources want to make the associated material available. We should:

  • Provide a dedicated upload page giving instructions as to upload process
    1. Explain we don't store the data itself on CKAN. Suggest uploading to a store somewhere and then linking using download_url (that is its purpose)
    2. Upload to
      • Talis CC for RDF
      • archive.org
      • grid.okfn.org
  • link to this page from next to download_url item on new package page

In long run (now ticket:186) we may automate this by providing a ckan upload facility which caches the data and then reuploads it to relevant service (disadvantage is "we" are the owner of the data on that service ...)

1251466274000000 1296341644000000
#108 enhancement dread rgrp v0.10 closed fixed Package search in the REST API

Add package search facility in the rest api at /api/search

Queries can be provided as for the normal package search either by posting to that url or by performing a get with a query string.

E.g. .../api/search/package?q=xyz

Query parameters:

  • q is keyword string (searches name, title, tags by default)
    • split by words and ANDed
  • additional parameters for specific fields
  • qjson is alternative to q for Searching by specific fields (in addition to keyword string). Payload to json is a JSON-encoded dict which is a dictionary with a q field for free text (keywords) and additional key/value pairs for specific fields
    • if q and qjson specified ignore q and just process qjson value

Additional parameters in addition to query ("q" or "qjson") are:

  • limit
  • offset
  • fullinfo=0/1 - return full record for each result (default=0)
  • order_by=field_name
  • search_notes=0/1 (default 0) do we search notes field in a keyword search

Return value is json encoded dictionary with keys:

  • 'results': list of results
  • 'count': total number of results

Extras (for the future)

  • Prioritisation is not part of this ticket (requires fulltext support in DB or in external app such as Xapian)
1251915845000000 1252340511000000
#109 enhancement rgrp dread closed fixed Tag search in the REST API

Similar to ticket:108 but for tags:

/api/search/tag?q

For tags search is extremely simple since you can only search by name.

Possible Extras

  • Allow "exotic" ordering of results e.g. ordering by number of packages with that tag.
  • Return this number with tag list.
1251976297000000 1291829457000000
#110 enhancement dread dread v0.10 closed fixed Integrate groups into packages
  1. Package needs a groups property (backref Group.packages).
  2. Put groups in the search api.
  3. Display them on the package, but not editable. (Only editable from the group page.)

Follow up to ticket:105 (Groups).

Cost: 1d

1252315956000000 1252488660000000
#111 enhancement rgrp dread v0.10 closed fixed Create user object

Object properties:

  • id (uuid)
  • apikey (uuid) -- migrated from the apikey table
  • name (username = openid)

/account is being renamed to /user in the wui.

1252315994000000 1252331626000000
#112 enhancement rgrp dread v0.11 closed wontfix Test db schema created via migration scripts

'paster db upgrade' should result in the same database as 'paster db create' on a clean system. In particular, all tests should pass.

Note: equivalent of paster db upgrade isn't being run from tests at the moment (we haven't been able to get this to work).

1252316495000000 1265294069000000
#113 enhancement dread dread v0.11 closed fixed Simple script to test data migration on a production db

Must not alter the db.

Related to ticket:112.

1252316523000000 1265294054000000
#114 enhancement dread dread v0.10 closed fixed Access Control - model

Create in the model basic operation of Access Control.

roles table

name | context | action
-----------------------
admin| package | edit
admin| package | edit-permissions
admin| package | read
editor| package | update
editor| package | read
reader| package | read
This data is set-up on db init and will have no interface.

user-roles table:

username | context_type | objectid | role
rgrp     | system  | n/a | admin
visitor  | package | * | reader
bob      | package | geonames | admin
visitor  | package | geonames | editor
visitor  | package | geonames | reader
john     | group | ukgov | admin
dread    | group | ukgov | editor
visitor  | group | ukgov | reader
This data will be added when someone is given permissions for the system, a package or a group.

Pseudo code:

class Package

def is_allowed(name, action):

is_allowed(name, action, context=self)

class Group

def is_allowed(name, action):

is_allowed(name, action, context=self)

def is_allowed(name, action, context=None): name: string - a username or IP for 'visitor'

action: string - 'read', 'edit', 'delete', 'edit-permissions' context: object - a Group or a Package or None (which means system)

# look up user from name. # look up in user-roles table what roles this user has for this context. # for each roles, look up in roles table what actions are allowed. # return True if action is allowed, else False.

1252494527000000 1253034529000000
#115 enhancement dread dread v0.10 closed fixed Access Control - wui constrained by model

Based on a section of AccessControl design: Reading and writing to packages in the WUI and REST API are now dependent on the authz tables.

1253034394000000 1253091426000000
#116 enhancement dread dread v0.10 closed fixed Access Control - edited in wui

Based on a section of AccessControl design: WUI gives controls to user and administrator to change permissions on a package.

1253034802000000 1253709460000000
#117 enhancement dread dread v0.10 closed fixed Access Control - group core functionality

Based on a section of AccessControl design: Group reads and edits are controlled by access control. WUI and REST interfaces covered.

1253271333000000 1254735855000000
#118 enhancement dread dread v0.10 closed fixed Use paginate in webhelpers

Take out import of paginate in setup.py. Use paginate in webhelpers instead. Make changes to take account of any i/f changes.

1253273657000000 1253784902000000
#119 enhancement dread dread v0.10 closed fixed Ensure non-active packages don't show up

Ensure pending packages don't show up in search or browse

cost: 4h

1253529414000000 1253791147000000
#120 enhancement dread dread v0.10 closed fixed Security audit

Look for all places where model is accessed and check authorization is checked.

Document holes (and, as necessary, suggestions for fixes) as new tickets. Likely areas that need looking at:

  • search i/f
  • package WUI commit

Write holes are obviously much more significant to us than read holes.

1253529427000000 1254406544000000
#121 enhancement dread dread v0.10 closed fixed Add 'Group' to main menu

And associated page to browse group.

1253694827000000 1253716782000000
#122 enhancement dread dread v0.10 closed fixed Add Group authz page 1253694842000000 1253716757000000
#123 enhancement dread dread v0.10 closed fixed Ability to edit Group in WUI

Add Group editing page.

If no permissions to change group can't edit group. Also cannot view edit page.

Editable attributes: name, title, description

No preview needed

1253708041000000 1254321447000000
#124 enhancement rgrp rgrp v1.0 closed fixed Display Generic Package Attributes in WUI

Split out from ticket:43

1253709702000000 1254735558000000
#125 enhancement dread rgrp v1.0 closed duplicate Edit Generic Package Attributes in WUI

Split out from ticket:43

1253709712000000 1258377621000000
#126 enhancement dread dread v0.10 closed fixed Change package state in the WUI (delete and undelete)

As a Package Admin I want to change the state of the package. In particular I wish to delete and undelete it.

(NB: this is quite separate from "purging" objects which is the term we shall use for irrevocable removal of an object from the domain model).

  • Only Package Admins (and sysadmins) should be able to change state

Implementation Suggestions

  • 'delete' action should be renamed to 'change-state' (NB: this requires a db migration ...)
  • Have new package formalchemy form (created via inheritance?) to incorporate state attribute. Suggest this is rendered as a dropdown (and may be simple object rendering of state, i.e. do NOT need to change it to a single name such 'active').
  • This form should then be used when the user satisfies is_authorized(..., model.Action.CHANGE_STATE) instead of the usual fieldset
1253789571000000 1254740244000000
#127 enhancement dread dread v0.10 closed fixed Minor form and UI improvements
  • group form: description field for needs to be a text area
  • group form: make title and name field wider
  • package view: need to move tags and license above notes
1253798659000000 1253868048000000
#128 enhancement dread rgrp v0.11 closed fixed Add ckan_url attribute to REST JSON representation of a Package

Add ckan_url attribute to REST JSON representation of a Package pointing to the (read) url of package on CKAN.

Cost: 30m

1253866713000000 1275694573000000
#129 enhancement rgrp dread ckan-backlog closed invalid Secure db access by channelling query generation through authz module

Controllers and templates should not access db objects directly - they should do all access via authz module giving username. They are handed by a query that has already been filtered by the packages they are authorized to read.

(Additional idea to be discussed: When they request a package object, they are handed an copy of the db object - disconnected from the database - so it the db object can't be changed.)

A couple of tests can be reenabled when this is done: ckan.tests.functional.test_authz.TestUsage?.test_admin_list_deleted ckan.tests.functional.test_authz.TestUsage?.test_search_deleted

1253886136000000 1267719162000000
#130 enhancement dread rgrp v0.10 closed fixed Create a New Group via the WUI

As a

User

I want to

Create a new group via the WUI

Details

  • locate at /group/new/
  • You must be logged in to create a group
  • Group creator is automatically given role of group admin
  • Edit screen is same as edit screen ...
1254130212000000 1254735501000000
#131 enhancement dread dread v0.10 closed fixed Groups REST interface

Controlling Groups through a REST interface.

1254307959000000 1254308115000000
#132 defect rgrp dread closed fixed Security hole - read package/group list (REST)

Using REST interface you can list packages and groups without authorization being checked.

Can be fixed using more advanced query to check authz.

1254389493000000 1273254514000000
#133 defect rgrp dread closed fixed Security hole - search package/group (WUI & REST)

Using WUI or REST interface you can search packages and groups without authorization being checked.

On the REST interface you can also read all the attributes of the packages using the 'all-fields' option.

Can be fixed using more advanced query to check authz.

1254390168000000 1273253977000000
#134 defect rgrp dread v0.11 closed fixed admin interface is only available to sysadmins 1254735314000000 1255430998000000
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
Note: See TracReports for help on using and creating reports.