http://localhost/ticket/133 <p> Using WUI or REST interface you can search packages and groups without authorization being checked. </p> <p> On the REST interface you can also read all the attributes of the packages using the 'all-fields' option. </p> <p> Can be fixed using more advanced query to check authz. </p> en-us http://assets.okfn.org/p/ckan/img/ckan_logo_shortname.png http://localhost/ticket/133 Trac 0.12.3 dread Fri, 07 May 2010 17:39:37 GMT http://localhost/ticket/133#comment:1 http://localhost/ticket/133#comment:1 <ul> <li><strong>status</strong> changed from <em>new</em> to <em>closed</em> </li> <li><strong>resolution</strong> set to <em>fixed</em> </li> </ul> <p> WUI and REST interfaces recently updated. You can't read, list or search for packages or groups not-authorised for. </p> <p> The only remaining view of a non-authorised group is that the group is named when viewing a package using all_fields option in REST interface. But no details of other packages in the group are given. </p> Ticket