Ticket #321 (closed enhancement: duplicate)

Opened 4 years ago

Last modified 3 years ago

Delegate authentication to Drupal

Reported by: johnbywater Owned by: thejimmyg
Priority: critical Milestone:
Component: ckan Keywords:
Cc: Repository:

Description (last modified by johnbywater) (diff)

When CKAN is included in a Drupal front-end, CKAN edit pages are used in a slave-mode, such that authentication is delegated to the Drupal front-end user model.

The Drupal front-end shall have:

  1. Login page - fixed location, can authenticate users, on successful authentication sets auth cookie and redirects to HTTP_REFERER.
  1. Access control resource - fixed location, can authorise users, on receipt of valid auth cookie return message listing account details and permitted actions.
  1. Access denied page - fixed location, static resource, gently

indicates what has happened, and how to ask for permission.

The CKAN slave edit page shall:

  1. Try to detect a Drupal session key (passed as cookie or as request param).
  1. Redirect to Drupal login page if no session key.
  1. Check authorisation if session key is found.
  1. Redirect to access denied page if session key not authorised.
  1. Present the Package edit page.
  1. Reject unauthenticated or unauthorised edit submissions.
  1. Snag invalid edit submissions from authenticated and authorised users.
  1. Respond to valid edit submissions from authenticated and authorised users, by saving the new package state, and redirecting to Package read page in Drupal front-end.

Change History

comment:1 Changed 4 years ago by johnbywater

  • Description modified (diff)

comment:2 Changed 4 years ago by rgrp

  • Milestone v1.1 deleted

comment:3 Changed 3 years ago by anonymous

  • Owner changed from johnbywater to thejimmyg

comment:4 Changed 3 years ago by anonymous

  • Status changed from new to closed
  • Resolution set to duplicate

This has now been superseded with this proposal: #787

Note: See TracTickets for help on using tickets.