[DATAVIC-953] hide add new member button and added auth function#309
[DATAVIC-953] hide add new member button and added auth function#309
Conversation
| return {"success": False} | ||
|
|
||
| @tk.chained_auth_function | ||
| def organization_member_create(next_auth, context, data_dict): |
There was a problem hiding this comment.
Here is a tip with auth functions in CKAN.
If the auth check is only to allow sysadmin access, all the auth function needs to do is return {'success': False}.
This is because when the CKAN helper check_access is used, it includes logic that skips the auth check for sysadmin users in ckan.authz.is_authorized (which ckan.plugins.toolkit.check_access uses).
As long as the auth function does not use @auth_sysadmins_check docstring in ckan/logic/init.py)
This means only non-sysadmin users would reach this code and we can just return false with a optional message.
|
|
||
| {% block page_primary_action %} | ||
| {% if h.check_access('organization_update', {'id': organization.id}) %} | ||
| {% if g.userobj.sysadmin %} |
There was a problem hiding this comment.
This is absolutely fine because it is inside the above if check_access, but be aware that g.userobj is '' for anonymous users.
Just a FYI, another way to check sysadmin user access is h.check_access('sysadmin').
Both work fine and are just a preference.
2 participants
https://digital-vic.atlassian.net/browse/DATAVIC-953
changes