如何在CKAN扩展中自定义authz.py文件?
[英]How to customize authz.py file in CKAN extension?
问题描述
I want to add new role in CKAN. 
我想在CKAN中添加新角色。 And I can do this in authz.py file. 我可以在authz.py文件中执行此操作。 I defined a new role and give some action to the role and it worked. 我定义了一个新角色,并对该角色进行了一些操作,并且它起了作用。 But i did this in baseline. 但我在基线做了这个。 I want to do this in extension. 我想在扩展中这样做。 So i created new extension that named "customroles". 所以我创建了名为“customroles”的新扩展。 And i copied the authz.py from "/usr/lib/ckan/default/src/ckan/ckan" to the custom folder "/usr/lib/ckan/default/src/ckanext-customroles/ckanext/customroles". 我将authz.py从“/ usr / lib / ckan / default / src / ckan / ckan”复制到自定义文件夹“/ usr / lib / ckan / default / src / ckanext-customroles / ckanext / customroles”。 Then i added new role(Super) as you can see below code. 然后我添加了新角色(超级),您可以在下面看到代码。
ROLE_PERMISSIONS = OrderedDict([
('admin', ['admin']),
('editor', ['read', 'delete_dataset', 'create_dataset', 'update_dataset', 'manage_group']),
('member', ['read', 'manage_group']),
**('super', ['read', 'delete_dataset', 'create_dataset', 'manage_group']),**
])
def _trans_role_admin():
return _('Admin')
def _trans_role_editor():
return _('Editor')
def _trans_role_member():
return _('Member')
def _trans_role_super():
return _('Super')
But I couldn't see the new role while i am adding the new member in organization page. 但是,当我在组织页面中添加新成员时,我无法看到新角色。 When i modify the base code, i saw the new role. 当我修改基本代码时,我看到了新角色。 But in extension it did not work. 但在扩展中它没有用。
Do i need to do anything else to modify authz.py file in extension? 我是否需要做任何其他事情来修改扩展名中的authz.py文件? Do you know how can i solve this problem? 你知道我怎么能解决这个问题?
Thanks, 谢谢,
1 个解决方案
解决方案1
0 已采纳 2018-09-19 12:49:35
As far as I know, this is currently not possible in an extension. 据我所知,目前这在扩展中是不可能的。
There are some parts of CKAN's authorization architecture that can be modified and extended via plugins, for example via the IAuthFunctions , IAuthenticator , and IPermissionLabels interfaces. CKAN的授权体系结构的某些部分可以通过插件进行修改和扩展,例如通过IAuthFunctions , IAuthenticator和IPermissionLabels接口。 The roles in ckan.authz , however, are hard-coded. 但是, ckan.authz的角色是硬编码的。
You could try to use IAuthFunctions to override CKAN's built-in auth functions to create a similar effect. 您可以尝试使用IAuthFunctions来覆盖CKAN的内置auth函数以创建类似的效果。 In particular, you could use that approach to remove some privileges from certain editor members, making them into the "super" users that you're trying to implement. 特别是,您可以使用该方法从某些editor成员中删除某些特权,使其成为您尝试实现的“超级”用户。 (Note that adding privileges to member users will probably not work, since those users will fail the checks based on their role even if your modified auth functions would grant them access) (请注意, 添加权限的member用户可能无法正常工作,因为这些用户将根据自己的角色失败检查,即使你修改的身份验证功能将授予他们访问)
It won't solve your immediate problem, but I do think that it would be nice for CKAN to support what you're trying to do. 它不会解决您当前的问题,但我认为CKAN支持您正在尝试做的事情会很好。 I've therefore created a ticket in CKAN's feature-discussion-tracker. 因此,我在CKAN的功能讨论跟踪器中创建了一张票 。 Feel free to add further information about your use case to it. 您可以随意添加有关您的用例的更多信息。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.