geosolutions-it/c195-CKAN

Grace period for resources

Opened this issue · 3 comments

etj commented

Plugin for CKAN in the CREA extension.
Resource data should be available after the dataset is created and made public.

  • Add a new date field "available since" in resources (model, edit, view)
  • Modify resource data access so that only admin and owners user can view/download the data before the "available since" date
etj commented

Quick recap for @korotkin

When you create a resource and upload the data, the data can be downloaded as it was uploaded (zip file, xsl, csv, whatever). And that is one of the endpoints that should be controlled by the grace period check.

datastore / datapusher are optional plugins (that we are going to install anyway)
https://docs.ckan.org/en/2.9/maintaining/datastore.html#datastore-extension
the datapusher is split in 2: a plugin inside ckan, and a standalone webapp

  • the plugin is meant to send to the standalone webapp a link to the data. the link is sent whenever new data is uploaded, or when a button "send to datapusher" is pressed in the resource maange page
  • the standalone webapp will read the file containing tabular data, and store the data in a new table in the datastore db.

the datastore is a plugin on ckan side that reads from the datastore table and allows access to data in a fine grained way: you can retrieve single rows or pages of data, not only the whole data a single file
So, the datapusher should be able to read the data, bc it's a backend work
Grace persiod checks should be performed on the datastore entrypoints anyway, bc datastore returns the data, even if sliced

Datastore doc reports:

The DataStore is integrated into the CKAN API and authorization system

Doc about authorization interface
https://docs.ckan.org/en/2.9/extensions/plugin-interfaces.html#ckan.plugins.interfaces.IAuthFunctions

Default resource_show auth only checks for auth at package level (package = dataset more or less).
It's to be checked if that function blocks access to the resource data or also the resource metadata (title, name, description, etc)

https://github.com/ckan/ckan/blob/2.9/ckanext/datastore/logic/auth.py#L49
Datastore auth is based on resource_show indeed.

I guess the way to go is

  • Implement IAuthFunctions
  • declare a "resource_show" auth function
  • implement the function so it checks :
    • if the grace persiod is set and the user is not owner or an admin --> do not allow access
etj commented

if you extend the model via extra you have to customize the editing form
you have to create a file in template/package/snippets/resource_form.html
this will override the file in the same path with the same name
start the file with {% ckan_extends %} so that all from the override file is imported

create a block called
{% block metadata_fields %}
in order to override it
inside the block call {% super %} to include all from the overriden block

https://docs.ckan.org/en/2.9/extensions/adding-custom-fields.html#adding-custom-fields-to-resources

etj commented

When navigating datasets, the resource list may appear like this
image

without the "request access" button, and with "available starting from " instead of "not authorized".

(Image taken from https://github.com/EnviDat/ckanext-restricted)