Ticket #1027 (closed enhancement: fixed)

Opened 3 years ago

Last modified 3 years ago

Authorization checks on all controller actions

Reported by: pudo Owned by: pudo
Priority: critical Milestone: ckan-v1.4-sprint-3
Component: ckan Keywords:
Cc: Repository:
Theme:

Description

We want to have authz checks on all controller actions so that we can lock down CKAN to a login-only mode.

Change History

comment:1 Changed 3 years ago by pudo

  • Status changed from new to assigned
  1. home controller -> before (check "site-read" on model.System)
  2. user -> each individually (repoze-who pseudo action must not be blocked)
    • user-read (index/read/update pages for users)
    • user-create (register)
  3. revision -> before (check "site-read" on model.System)
  4. tag -> site-read (before)

functional/test_authz.py

  • denies site-read ...
  • checks for visitor / logged in user ..
  • checks you can still visit login

comment:2 Changed 3 years ago by pudo

  • Status changed from assigned to closed
  • Resolution set to fixed

fixed in cset:532c3ad2743b

Note: See TracTickets for help on using tickets.