Ticket #1050 (assigned enhancement) — at Version 5
refactoring of ckan/lib/authztool.py
| Reported by: | johnlawrenceaspden | Owned by: | johnlawrenceaspden |
|---|---|---|---|
| Priority: | major | Milestone: | |
| Component: | ckan | Keywords: | refactoring auth |
| Cc: | Repository: | ckan | |
| Theme: | none |
Description (last modified by johnlawrenceaspden) (diff)
start looking at ckan/lib/authztool.py
various administrative options are only available from the command line.
This file should be refactored so that the relevant methods are callable from code, in preparations for the creation of a web gui administrative interface.
The extracted methods should live in a new file ckan/lib/authz.py, called from authztool.py, which should do all command line parsing and printing.
Tests should be made. There's already a file ckan/tests/test_authz.py, which looks like the appropriate place for new tests.
Change History
comment:1 Changed 3 years ago by johnlawrenceaspden
- Owner set to johnlawrenceaspden
- Status changed from new to assigned
comment:2 Changed 3 years ago by johnlawrenceaspden
there's already a file ckan/tests/test_authz.py, which looks like the appropriate place for new tests.
comment:3 Changed 3 years ago by johnlawrenceaspden
- Keywords refactoring auth added
- Type changed from defect to enhancement
comment:4 Changed 3 years ago by dread
I may misunderstand how you intend to build the WUI Admin interface, but I think most of the stuff in authztool is just marshalling command line parameters anyway. The bits which do anything are factored out.
For example, to list rights you just loop over obj_classes to call model.Session.query(obj_class).all() and then display the values: type(subj).__name__, subj.name, role, type(obj).__name__, obj.name.
To change a right you simply call model.add_user_to_role(subj, role, obj) or model.add_authorization_group_to_role(subj, role, obj).
But of course if there is useful stuff to factor out then be my guest!
