Ticket #1001 (new enhancement) — at Version 2
API should use normal user credentials if available
Reported by: | rgrp | Owned by: | rgrp |
---|---|---|---|
Priority: | critical | Milestone: | ckan-v1.4-sprint-4 |
Component: | ckan | Keywords: | bitesize core |
Cc: | Repository: | ckan | |
Theme: | none |
Description (last modified by rgrp) (diff)
When using the API 'locally' i.e. from the CKAN instance (as would be the case with an ajax interface) the API, especially that allowing READ requests should use the normal user credentials if they are available prior to looking for an API key.
The key change appears to be to change _get_user_for_apikey method in lib/base.py BaseController? to check the c.user attribute (may wish to rename as the name may now be a bit misleading ...).
This is critical to incorporating any ajax editing into the frontend.
As part of this ticket we should do a general consolidation of the identification system in lib/base.py so that both api_key and normal user auth lead to the same set of auth-related objects being available (suggest c.user and c.userobj and c.author).