Add Dataset-level Permissions #2

Gordonei · 2020-02-26T21:52:11Z

Right now permissions are scoped using the organisation - it would be a good idea to add dataset-level permissions, too. The best route is probably this extension.

The main benefit is that this enable individuals to be stewards (editors).

Gordonei · 2020-02-26T21:54:48Z

This one looks like it might be of use for secret datasets.

Gordonei · 2020-02-26T21:58:28Z

Yet another one, this time on the resource level.

Gordonei · 2020-03-02T17:06:20Z

Taking a look at the dataset level roles one, seem to be getting some sort of DB issue:

Existing dataset edit:

Exception happened during processing of request from ('127.0.0.1', 49706)
Traceback (most recent call last):
  File "/usr/lib/ckan/default/local/lib/python2.7/site-packages/paste/httpserver.py", line 1068, in process_request_in_thread
    self.finish_request(request, client_address)
  File "/usr/lib/python2.7/SocketServer.py", line 334, in finish_request
    self.RequestHandlerClass(request, client_address, self)
  File "/usr/lib/python2.7/SocketServer.py", line 655, in __init__
    self.handle()
  File "/usr/lib/ckan/default/local/lib/python2.7/site-packages/paste/httpserver.py", line 442, in handle
    BaseHTTPRequestHandler.handle(self)
  File "/usr/lib/python2.7/BaseHTTPServer.py", line 340, in handle
    self.handle_one_request()
  File "/usr/lib/ckan/default/local/lib/python2.7/site-packages/paste/httpserver.py", line 437, in handle_one_request
    self.wsgi_execute()
  File "/usr/lib/ckan/default/local/lib/python2.7/site-packages/paste/httpserver.py", line 287, in wsgi_execute
    self.wsgi_start_response)
  File "/usr/lib/ckan/default/src/ckan/ckan/config/middleware/__init__.py", line 202, in __call__
    return self.apps[app_name](environ, start_response)
  File "/usr/lib/ckan/default/local/lib/python2.7/site-packages/repoze/who/middleware.py", line 86, in __call__
    app_iter = app(environ, wrapper.wrap_start_response)
  File "/usr/lib/ckan/default/local/lib/python2.7/site-packages/webob/dec.py", line 147, in __call__
    resp = self.call_func(req, *args, **self.kwargs)
  File "/usr/lib/ckan/default/local/lib/python2.7/site-packages/webob/dec.py", line 208, in call_func
    return self.func(req, *args, **kwargs)
  File "/usr/lib/ckan/default/local/lib/python2.7/site-packages/fanstatic/publisher.py", line 234, in __call__
    return request.get_response(self.app)
  File "/usr/lib/ckan/default/local/lib/python2.7/site-packages/webob/request.py", line 1053, in get_response
    application, catch_exc_info=False)
  File "/usr/lib/ckan/default/local/lib/python2.7/site-packages/webob/request.py", line 1022, in call_application
    app_iter = application(self.environ, start_response)
  File "/usr/lib/ckan/default/local/lib/python2.7/site-packages/webob/dec.py", line 147, in __call__
    resp = self.call_func(req, *args, **self.kwargs)
  File "/usr/lib/ckan/default/local/lib/python2.7/site-packages/webob/dec.py", line 208, in call_func
    return self.func(req, *args, **kwargs)
  File "/usr/lib/ckan/default/local/lib/python2.7/site-packages/fanstatic/injector.py", line 54, in __call__
    response = request.get_response(self.app)
  File "/usr/lib/ckan/default/local/lib/python2.7/site-packages/webob/request.py", line 1053, in get_response
    application, catch_exc_info=False)
  File "/usr/lib/ckan/default/local/lib/python2.7/site-packages/webob/request.py", line 1022, in call_application
    app_iter = application(self.environ, start_response)
  File "/usr/lib/ckan/default/local/lib/python2.7/site-packages/flask/app.py", line 1997, in __call__
    return self.wsgi_app(environ, start_response)
  File "/usr/lib/ckan/default/local/lib/python2.7/site-packages/beaker/middleware.py", line 156, in __call__
    return self.wrap_app(environ, session_start_response)
  File "/usr/lib/ckan/default/local/lib/python2.7/site-packages/flask/app.py", line 1985, in wsgi_app
    response = self.handle_exception(e)
  File "/usr/lib/ckan/default/local/lib/python2.7/site-packages/flask/app.py", line 1547, in handle_exception
    return self.finalize_request(handler(e), from_error_handler=True)
  File "/usr/lib/ckan/default/src/ckan/ckan/config/middleware/flask_app.py", line 439, in error_handler
    return base.render(u'error_document_template.html', extra_vars), 500
  File "/usr/lib/ckan/default/src/ckan/ckan/lib/base.py", line 127, in render
    return flask_render_template(template_name, **extra_vars)
  File "/usr/lib/ckan/default/local/lib/python2.7/site-packages/flask/templating.py", line 134, in render_template
    context, ctx.app)
  File "/usr/lib/ckan/default/local/lib/python2.7/site-packages/flask/templating.py", line 116, in _render
    rv = template.render(context)
  File "/usr/lib/ckan/default/local/lib/python2.7/site-packages/jinja2/environment.py", line 989, in render
    return self.environment.handle_exception(exc_info, True)
  File "/usr/lib/ckan/default/local/lib/python2.7/site-packages/jinja2/environment.py", line 754, in handle_exception
    reraise(exc_type, exc_value, tb)
  File "/usr/lib/ckan/default/src/ckan/ckan/templates/error_document_template.html", line 1, in top-level template code
    {% extends "page.html" %}
  File "/usr/lib/ckan/default/src/ckan/ckan/templates/page.html", line 1, in top-level template code
    {% extends "base.html" %}
  File "/usr/lib/ckan/default/src/ckan/ckan/templates/base.html", line 101, in top-level template code
    {%- block page %}{% endblock -%}
  File "/usr/lib/ckan/default/src/ckan/ckan/templates/page.html", line 14, in block "page"
    {%- block header %}
  File "/usr/lib/ckan/default/src/ckan/ckan/templates/page.html", line 15, in block "header"
    {% include "header.html" %}
  File "/usr/lib/ckan/default/src/ckan/ckan/templates/header.html", line 1, in top-level template code
    {% block header_wrapper %} {% block header_account %}
  File "/usr/lib/ckan/default/src/ckan/ckan/templates/header.html", line 1, in block "header_wrapper"
    {% block header_wrapper %} {% block header_account %}
  File "/usr/lib/ckan/default/src/ckan/ckan/templates/header.html", line 4, in block "header_account"
    {% block header_account_container_content %} {% if c.userobj %}
  File "/usr/lib/ckan/default/src/ckan/ckan/templates/header.html", line 7, in block "header_account_container_content"
    {% block header_account_logged %} {% if c.userobj.sysadmin %}
  File "/usr/lib/ckan/default/src/ckan/ckan/templates/header.html", line 21, in block "header_account_logged"
    {% set new_activities = h.new_activities() %}
  File "/usr/lib/ckan/default/src/ckan/ckan/lib/helpers.py", line 2395, in new_activities
    return action({}, {})
  File "/usr/lib/ckan/default/src/ckan/ckan/logic/__init__.py", line 464, in wrapped
    result = _action(context, data_dict, **kw)
  File "/usr/lib/ckan/default/src/ckan/ckan/logic/action/get.py", line 3376, in dashboard_new_activities_count
    _check_access('dashboard_new_activities_count', context, data_dict)
  File "/usr/lib/ckan/default/src/ckan/ckan/logic/__init__.py", line 297, in check_access
    model.User.by_name(context['user'])
  File "/usr/lib/ckan/default/src/ckan/ckan/model/domain_object.py", line 46, in by_name
    .filter_by(name=name).first()
  File "/usr/lib/ckan/default/local/lib/python2.7/site-packages/sqlalchemy/orm/query.py", line 2755, in first
    ret = list(self[0:1])
  File "/usr/lib/ckan/default/local/lib/python2.7/site-packages/sqlalchemy/orm/query.py", line 2547, in __getitem__
    return list(res)
  File "/usr/lib/ckan/default/local/lib/python2.7/site-packages/sqlalchemy/orm/query.py", line 2855, in __iter__
    return self._execute_and_instances(context)
  File "/usr/lib/ckan/default/local/lib/python2.7/site-packages/sqlalchemy/orm/query.py", line 2878, in _execute_and_instances
    result = conn.execute(querycontext.statement, self._params)
  File "/usr/lib/ckan/default/local/lib/python2.7/site-packages/sqlalchemy/engine/base.py", line 945, in execute
    return meth(self, multiparams, params)
  File "/usr/lib/ckan/default/local/lib/python2.7/site-packages/sqlalchemy/sql/elements.py", line 263, in _execute_on_connection
    return connection._execute_clauseelement(self, multiparams, params)
  File "/usr/lib/ckan/default/local/lib/python2.7/site-packages/sqlalchemy/engine/base.py", line 1053, in _execute_clauseelement
    compiled_sql, distilled_params
  File "/usr/lib/ckan/default/local/lib/python2.7/site-packages/sqlalchemy/engine/base.py", line 1189, in _execute_context
    context)
  File "/usr/lib/ckan/default/local/lib/python2.7/site-packages/sqlalchemy/engine/base.py", line 1402, in _handle_dbapi_exception
    exc_info
  File "/usr/lib/ckan/default/local/lib/python2.7/site-packages/sqlalchemy/util/compat.py", line 203, in raise_from_cause
    reraise(type(exception), exception, tb=exc_tb, cause=cause)
  File "/usr/lib/ckan/default/local/lib/python2.7/site-packages/sqlalchemy/engine/base.py", line 1182, in _execute_context
    context)
  File "/usr/lib/ckan/default/local/lib/python2.7/site-packages/sqlalchemy/engine/default.py", line 470, in do_execute
    cursor.execute(statement, parameters)
InternalError: (psycopg2.InternalError) current transaction is aborted, commands ignored until end of transaction block
 [SQL: 'SELECT "user".password AS user_password, "user".id AS user_id, "user".name AS user_name, "user".fullname AS user_fullname, "user".email AS user_email, "user".apikey AS user_apikey, "user".created AS user_created, "user".reset_key AS user_reset_key, "user".about AS user_about, "user".activity_streams_email_notifications AS user_activity_streams_email_notifications, "user".sysadmin AS user_sysadmin, "user".state AS user_state \nFROM "user" \nWHERE "user".name = %(name_1)s ORDER BY "user".name \n LIMIT %(param_1)s'] [parameters: {'name_1': u'ckan_admin', 'param_1': 1}]
----------------------------------------

New dataset:

2020-03-02 19:07:28,718 INFO  [ckan.lib.base]  /dataset/new render time 0.153 seconds
Error - <class 'sqlalchemy.exc.InternalError'>: (psycopg2.InternalError) current transaction is aborted, commands ignored until end of transaction block
 [SQL: 'SELECT system_info.id AS system_info_id, system_info.key AS system_info_key, system_info.value AS system_info_value, system_info.state AS system_info_state, system_info.revision_id AS system_info_revision_id \nFROM system_info \nWHERE system_info.key = %(key_1)s \n LIMIT %(param_1)s'] [parameters: {'key_1': 'ckan.config_update', 'param_1': 1}]
URL: http://localhost:5000/dataset/new
File '/usr/lib/ckan/default/local/lib/python2.7/site-packages/weberror/errormiddleware.py', line 171 in __call__
  app_iter = self.application(environ, sr_checker)
File '/usr/lib/ckan/default/local/lib/python2.7/site-packages/webob/dec.py', line 147 in __call__
  resp = self.call_func(req, *args, **self.kwargs)
File '/usr/lib/ckan/default/local/lib/python2.7/site-packages/webob/dec.py', line 208 in call_func
  return self.func(req, *args, **kwargs)
File '/usr/lib/ckan/default/local/lib/python2.7/site-packages/fanstatic/publisher.py', line 234 in __call__
  return request.get_response(self.app)
File '/usr/lib/ckan/default/local/lib/python2.7/site-packages/webob/request.py', line 1053 in get_response
  application, catch_exc_info=False)
File '/usr/lib/ckan/default/local/lib/python2.7/site-packages/webob/request.py', line 1022 in call_application
  app_iter = application(self.environ, start_response)
File '/usr/lib/ckan/default/local/lib/python2.7/site-packages/webob/dec.py', line 147 in __call__
  resp = self.call_func(req, *args, **self.kwargs)
File '/usr/lib/ckan/default/local/lib/python2.7/site-packages/webob/dec.py', line 208 in call_func
  return self.func(req, *args, **kwargs)
File '/usr/lib/ckan/default/local/lib/python2.7/site-packages/fanstatic/injector.py', line 54 in __call__
  response = request.get_response(self.app)
File '/usr/lib/ckan/default/local/lib/python2.7/site-packages/webob/request.py', line 1053 in get_response
  application, catch_exc_info=False)
File '/usr/lib/ckan/default/local/lib/python2.7/site-packages/webob/request.py', line 1022 in call_application
  app_iter = application(self.environ, start_response)
File '/usr/lib/ckan/default/src/ckan/ckan/config/middleware/pylons_app.py', line 265 in inner
  result = application(environ, start_response)
File '/usr/lib/ckan/default/local/lib/python2.7/site-packages/beaker/middleware.py', line 73 in __call__
  return self.app(environ, start_response)
File '/usr/lib/ckan/default/local/lib/python2.7/site-packages/beaker/middleware.py', line 156 in __call__
  return self.wrap_app(environ, session_start_response)
File '/usr/lib/ckan/default/local/lib/python2.7/site-packages/routes/middleware.py', line 131 in __call__
  response = self.app(environ, start_response)
File '/usr/lib/ckan/default/src/ckan/ckan/config/middleware/common_middleware.py', line 30 in __call__
  return self.app(environ, start_response)
File '/usr/lib/ckan/default/src/ckan/ckan/config/middleware/common_middleware.py', line 56 in __call__
  return self.app(environ, start_response)
File '/usr/lib/ckan/default/local/lib/python2.7/site-packages/pylons/wsgiapp.py', line 125 in __call__
  response = self.dispatch(controller, environ, start_response)
File '/usr/lib/ckan/default/local/lib/python2.7/site-packages/pylons/wsgiapp.py', line 324 in dispatch
  return controller(environ, start_response)
File '/usr/lib/ckan/default/src/ckan/ckan/lib/base.py', line 240 in __call__
  res = WSGIController.__call__(self, environ, start_response)
File '/usr/lib/ckan/default/local/lib/python2.7/site-packages/pylons/controllers/core.py', line 217 in __call__
  response = self._inspect_call(self.__before__)
File '/usr/lib/ckan/default/local/lib/python2.7/site-packages/pylons/controllers/core.py', line 107 in _inspect_call
  result = self._perform_call(func, args)
File '/usr/lib/ckan/default/local/lib/python2.7/site-packages/pylons/controllers/core.py', line 60 in _perform_call
  return func(**args)
File '/usr/lib/ckan/default/src/ckan/ckan/lib/base.py', line 227 in __before__
  app_globals.app_globals._check_uptodate()
File '/usr/lib/ckan/default/src/ckan/ckan/lib/app_globals.py', line 202 in _check_uptodate
  value = model.get_system_info('ckan.config_update')
File '/usr/lib/ckan/default/src/ckan/ckan/model/system_info.py', line 59 in get_system_info
  obj = meta.Session.query(SystemInfo).filter_by(key=key).first()
File '/usr/lib/ckan/default/local/lib/python2.7/site-packages/sqlalchemy/orm/query.py', line 2755 in first
  ret = list(self[0:1])
File '/usr/lib/ckan/default/local/lib/python2.7/site-packages/sqlalchemy/orm/query.py', line 2547 in __getitem__
  return list(res)
File '/usr/lib/ckan/default/local/lib/python2.7/site-packages/sqlalchemy/orm/query.py', line 2855 in __iter__
  return self._execute_and_instances(context)
File '/usr/lib/ckan/default/local/lib/python2.7/site-packages/sqlalchemy/orm/query.py', line 2878 in _execute_and_instances
  result = conn.execute(querycontext.statement, self._params)
File '/usr/lib/ckan/default/local/lib/python2.7/site-packages/sqlalchemy/engine/base.py', line 945 in execute
  return meth(self, multiparams, params)
File '/usr/lib/ckan/default/local/lib/python2.7/site-packages/sqlalchemy/sql/elements.py', line 263 in _execute_on_connection
  return connection._execute_clauseelement(self, multiparams, params)
File '/usr/lib/ckan/default/local/lib/python2.7/site-packages/sqlalchemy/engine/base.py', line 1053 in _execute_clauseelement
  compiled_sql, distilled_params
File '/usr/lib/ckan/default/local/lib/python2.7/site-packages/sqlalchemy/engine/base.py', line 1189 in _execute_context
  context)
File '/usr/lib/ckan/default/local/lib/python2.7/site-packages/sqlalchemy/engine/base.py', line 1402 in _handle_dbapi_exception
  exc_info
File '/usr/lib/ckan/default/local/lib/python2.7/site-packages/sqlalchemy/util/compat.py', line 203 in raise_from_cause
  reraise(type(exception), exception, tb=exc_tb, cause=cause)
File '/usr/lib/ckan/default/local/lib/python2.7/site-packages/sqlalchemy/engine/base.py', line 1182 in _execute_context
  context)
File '/usr/lib/ckan/default/local/lib/python2.7/site-packages/sqlalchemy/engine/default.py', line 470 in do_execute
  cursor.execute(statement, parameters)
InternalError: (psycopg2.InternalError) current transaction is aborted, commands ignored until end of transaction block
 [SQL: 'SELECT system_info.id AS system_info_id, system_info.key AS system_info_key, system_info.value AS system_info_value, system_info.state AS system_info_state, system_info.revision_id AS system_info_revision_id \nFROM system_info \nWHERE system_info.key = %(key_1)s \n LIMIT %(param_1)s'] [parameters: {'key_1': 'ckan.config_update', 'param_1': 1}]

Gordonei · 2020-03-02T17:23:10Z

Turns out I had missed this command: paster --plugin=ckanext-collaborators collaborators init-db -c /etc/ckan/default/development.ini

This is needed to generate the DB tables.

See cityofcapetown/ckanext-cct_metadata#2 for more detail.

Gordonei · 2020-03-02T18:23:57Z

Hmm, it works in test, but getting the following error when navigating to the collaborators tab of the prod data-catalogue:

2020-03-02 18:17:42,655 ERROR [ckan.config.middleware.flask_app] 'pkg_dict' is undefined

Traceback (most recent call last):

  File "/usr/lib/ckan/venv/local/lib/python2.7/site-packages/flask/app.py", line 1612, in full_dispatch_request

    rv = self.dispatch_request()

  File "/usr/lib/ckan/venv/local/lib/python2.7/site-packages/flask/app.py", line 1598, in dispatch_request

    return self.view_functions[rule.endpoint](**req.view_args)

  File "/usr/lib/ckan/venv/local/lib/python2.7/site-packages/ckanext/collaborators/blueprint.py", line 25, in collaborators_read

    return toolkit.render('collaborator/collaborators.html')

  File "/usr/lib/ckan/venv/src/ckan/ckan/lib/base.py", line 150, in render

    return flask_render_template(template_name, **extra_vars)

  File "/usr/lib/ckan/venv/local/lib/python2.7/site-packages/flask/templating.py", line 134, in render_template

    context, ctx.app)

  File "/usr/lib/ckan/venv/local/lib/python2.7/site-packages/flask/templating.py", line 116, in _render

    rv = template.render(context)

  File "/usr/lib/ckan/venv/local/lib/python2.7/site-packages/jinja2/environment.py", line 1008, in render

    return self.environment.handle_exception(exc_info, True)

  File "/usr/lib/ckan/venv/local/lib/python2.7/site-packages/jinja2/environment.py", line 780, in handle_exception

    reraise(exc_type, exc_value, tb)

  File "/usr/lib/ckan/venv/local/lib/python2.7/site-packages/ckanext/collaborators/templates/collaborator/collaborators.html", line 1, in top-level template code

    {% extends "package/edit_base.html" %}

  File "/usr/lib/ckan/venv/local/lib/python2.7/site-packages/ckanext/collaborators/templates/package/edit_base.html", line 1, in top-level template code

    {% ckan_extends %}

  File "/usr/lib/ckan/venv/src/ckan/ckan/templates/package/edit_base.html", line 1, in top-level template code

    {% extends 'package/base.html' %}

  File "/usr/lib/ckan/venv/src/ckan/ckan/templates/package/base.html", line 3, in top-level template code

    {% set pkg = pkg_dict %}

  File "/usr/lib/ckan/venv/src/ckan/ckan/templates/page.html", line 1, in top-level template code

    {% extends "base.html" %}

  File "/usr/lib/ckan/venv/src/ckan/ckan/templates/base.html", line 106, in top-level template code

    {%- block page %}{% endblock -%}

  File "/usr/lib/ckan/venv/src/ckan/ckan/templates/page.html", line 19, in block "page"

    {%- block content %}

  File "/usr/lib/ckan/venv/src/ckan/ckan/templates/page.html", line 22, in block "content"

    {% block main_content %}

  File "/usr/lib/ckan/venv/src/ckan/ckan/templates/page.html", line 74, in block "main_content"

    {% block primary %}

  File "/usr/lib/ckan/venv/src/ckan/ckan/templates/page.html", line 87, in block "primary"

    {% block primary_content %}

  File "/usr/lib/ckan/venv/src/ckan/ckan/templates/page.html", line 89, in block "primary_content"

    {% block page_header %}

  File "/usr/lib/ckan/venv/src/ckan/ckan/templates/page.html", line 91, in block "page_header"

    {% if self.content_action() | trim %}

  File "/usr/lib/ckan/venv/src/ckan/ckan/templates/package/edit_base.html", line 13, in block "content_action"

    {% link_for _('View dataset'), named_route='dataset.read', id=pkg.name, class_='btn btn-default', icon='eye' %}

  File "/usr/lib/ckan/venv/local/lib/python2.7/site-packages/jinja2/environment.py", line 430, in getattr

    return getattr(obj, attribute)

UndefinedError: 'pkg_dict' is undefined

Looks like the template is failing to render because a variable, pkg_dict is missing. It looks like it comes from the CKAN context.

I wonder if this is down to the version of CKAN I have pinned the docker image to. Sigh I shouldn't be using different versions in test and in production.

I wonder how new it is...

Gordonei added enhancement New feature or request good first issue Good for newcomers labels Feb 26, 2020

Gordonei added a commit to cityofcapetown/Data-Portal that referenced this issue Mar 2, 2020

Adding collaborators extension

0339878

See cityofcapetown/ckanext-cct_metadata#2 for more detail.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add Dataset-level Permissions #2

Add Dataset-level Permissions #2

Gordonei commented Feb 26, 2020

Gordonei commented Feb 26, 2020

Gordonei commented Feb 26, 2020

Gordonei commented Mar 2, 2020 •

edited

Loading

Gordonei commented Mar 2, 2020

Gordonei commented Mar 2, 2020

Add Dataset-level Permissions #2

Add Dataset-level Permissions #2

Comments

Gordonei commented Feb 26, 2020

Gordonei commented Feb 26, 2020

Gordonei commented Feb 26, 2020

Gordonei commented Mar 2, 2020 • edited Loading

Gordonei commented Mar 2, 2020

Gordonei commented Mar 2, 2020

Gordonei commented Mar 2, 2020 •

edited

Loading