Commit d58d4df5 authored by Marko Kuder's avatar Marko Kuder
Browse files

apply uploading fix for resource_update too (was only for resource_create)

parent 72037e97
......@@ -133,6 +133,33 @@ def opsi_resource_create(context, data_dict):
(str(user), package_id)}
else:
return {'success': True}
def opsi_resource_update(context, data_dict):
model = context['model']
user = context.get('user')
resource = get_resource_object(context, data_dict)
query = model.Session.query(model.Package)\
.join(model.ResourceGroup)\
.join(model.Resource)\
.filter(model.ResourceGroup.id == resource.resource_group_id)
pkg = query.first()
if not pkg:
raise logic.NotFound(
_('No package found for this resource, cannot check auth.')
)
# check authentication against package
pkg_dict = { 'id': pkg.id }
authorized = opsi_package_update(context, pkg_dict).get('success')
if not authorized:
return {'success': False,
'msg': _('User %s not authorized to update resources on dataset %s') %
(str(user), pkg.id)}
else:
return {'success': True}
def opsi_resource_delete(context, data_dict):
# check authentication against package
......
......@@ -86,15 +86,21 @@ def opsi_action_resource_update(context, data_dict):
try:
context['defer_commit'] = True
context['use_cache'] = False
context['ignore_auth'] = True #content editor will otherwise not be able to upload to active datasets
pkg_dict = _get_action('package_update')(context, pkg_dict)
context.pop('defer_commit')
except ValidationError, e:
# For debugging #1281
if 'resources' not in e.error_dict:
if 'resources' not in e.error_dict and 'individual_resources' not in e.error_dict and 'timeseries_resources' not in e.error_dict:
raise Exception('resource_update error: %r' %
e.error_dict)
errors = e.error_dict['resources'][n]
if 'resources' in e.error_dict:
errors = e.error_dict['resources'][n]
elif 'individual_resources' in e.error_dict:
errors = e.error_dict['individual_resources'][n]
elif 'timeseries_resources' in e.error_dict:
errors = e.error_dict['timeseries_resources'][n]
raise ValidationError(errors)
upload.upload(id, uploader.get_max_resource_size())
......
......@@ -13,6 +13,7 @@ from ckanext.dgu.authorize import (
opsi_resource_delete,
opsi_package_show,
opsi_resource_create,
opsi_resource_update,
opsi_package_update,
opsi_extra_fields_editable,
opsi_dataset_delete, opsi_user_list, opsi_user_show,
......@@ -255,6 +256,7 @@ class AuthApiPlugin(p.SingletonPlugin):
'package_create': opsi_package_create,
'package_show': opsi_package_show,
'resource_create': opsi_resource_create,
'resource_update': opsi_resource_update,
'resource_delete': opsi_resource_delete,
'package_update': opsi_package_update,
'package_extra_fields_editable': opsi_extra_fields_editable,
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment