Authz lib improvement and refactor of ckan/lib/authztool.py

[johnlawrenceaspden]

Refactor ckan/lib/authztool.py so that the relevant methods are independent of the command line interface.

The extracted methods should live in a new file ckan/authz.py. authztool.py should probably move into cli.py and will just do command line parsing and printing and use ckan/authz.py. The updated web gui for authz will also use this code.

Tests should be made. There's already a file ckan/tests/test_authz.py, which looks like the appropriate place for new tests.

all to go on a branch feature-1050-refactor-authtoolz

Optional extras

• Rename ckan/authz.py to ckan/lib/authz.py or even ckan/logic/authz.py

[johnlawrenceaspden]

there's already a file ckan/tests/test_authz.py, which looks like the appropriate place for new tests.

[dread]

I may misunderstand how you intend to build the WUI Admin interface, but I think most of the stuff in authztool is just marshalling command line parameters anyway. The bits which do anything are factored out.

For example, to list rights you just loop over obj_classes to call model.Session.query(obj_class).all() and then display the values: type(subj).__name__, subj.name, role, type(obj).__name__, obj.name.

To change a right you simply call model.add_user_to_role(subj, role, obj) or model.add_authorization_group_to_role(subj, role, obj).

But of course if there is useful stuff to factor out then be my guest!

[thejimmyg]

This should also feed into #1075 which will be being worked on this week.

[dread]

There's been no objections to my comment 6 months ago saying this is invalid, so marking it invalid. Feel free to reopen if there is indeed a case here.