Skip to content

Commit

Permalink
HDX-10398 only sysadmins can access the url
Browse files Browse the repository at this point in the history
  • Loading branch information
danmihaila committed Dec 11, 2024
1 parent 915af9c commit b16e21d
Show file tree
Hide file tree
Showing 4 changed files with 19 additions and 3 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -40,3 +40,6 @@ def hdx_organization_follower_list(context, data_dict):
# if authz.auth_is_anon_user(context):
# return {'success': False, 'msg': _('Only logged in users can join an organization')}
# return {'success': True}

def hdx_datagrid_show(context, data_dict):
return {'success': False, 'msg': _('Only sysadmins can see the datagrid for location')}
3 changes: 3 additions & 0 deletions ckanext-hdx_org_group/ckanext/hdx_org_group/actions/get.py
Original file line number Diff line number Diff line change
Expand Up @@ -338,6 +338,9 @@ def _user_list_dictize(obj_list, context,

@side_effect_free
def hdx_datagrid_show(context, data_dict):

_check_access('hdx_datagrid_show', context, data_dict)

id = _get_or_bust(data_dict, 'id')
if id:
grp_dict = get_action('hdx_light_group_show')(context, {'id':id})
Expand Down
1 change: 1 addition & 0 deletions ckanext-hdx_org_group/ckanext/hdx_org_group/plugin.py
Original file line number Diff line number Diff line change
Expand Up @@ -80,6 +80,7 @@ def get_auth_functions(self):
'member_delete': authorize.member_delete,
'invalidate_data_completeness_for_location': authorize.invalidate_data_completeness_for_location,
'hdx_organization_follower_list': authorize.hdx_organization_follower_list,
'hdx_datagrid_show': authorize.hdx_datagrid_show,
# 'hdx_org_join_request': authorize.hdx_org_join_request,
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,8 @@


USER = 'some_user'
SYSADMIN = 'test_sysadmin'
SYSADMIN_EMAIL = '[email protected]'
LOCATION = 'some_location'
LOCATION_DISPLAY_NAME = LOCATION_TITLE = 'Some Location'
ORG = 'org_name_4_completeness'
Expand Down Expand Up @@ -91,6 +93,7 @@ def _generate_dataset_dict(dataset_name, org_id, group_name, review_date, user=U
@pytest.fixture()
def setup_data():
factories.User(name=USER, email='[email protected]')
factories.Sysadmin(name=SYSADMIN, email=SYSADMIN_EMAIL, fullname='Sysadmin User')
group = factories.Group(name=LOCATION, title=LOCATION_TITLE, display_name=LOCATION_DISPLAY_NAME)
factories.Organization(
name=ORG,
Expand Down Expand Up @@ -245,9 +248,15 @@ def test_data_completeness_dataset_up_to_date(self, patched_DataCompleteness):
@mock.patch('ckanext.hdx_org_group.helpers.data_completeness.DataCompleteness')
def test_data_completeness_datagrid_show(self, patched_DataCompleteness):
data = self.__compute_data_completeness(_generate_test_yaml_dict(), patched_DataCompleteness)
# datagrid_dict = grp_h.hdx_replace_datagrid_labels(data, {'name':LOCATION, 'title': LOCATION_TITLE, 'display_name': LOCATION_DISPLAY_NAME})
context = {'model': model, 'session': model.Session, 'user': USER, 'ignore_auth': True}
datagrid_dict = _get_action('hdx_datagrid_show')(context, {'id':LOCATION})
context_sysadmin = {'model': model, 'session': model.Session, 'user': SYSADMIN}
context_user = {'model': model, 'session': model.Session, 'user': USER}
try:
datagrid_dict = _get_action('hdx_datagrid_show')(context_user, {'id': LOCATION})
assert False
except Exception:
assert True
datagrid_dict = _get_action('hdx_datagrid_show')(context_sysadmin, {'id':LOCATION})

assert datagrid_dict['iso3'] == LOCATION
assert datagrid_dict['title'] == LOCATION_TITLE
assert 'date' in datagrid_dict
Expand Down

0 comments on commit b16e21d

Please sign in to comment.