Resourceauthorizer is a extension for enalbing the acl-based permission control at resource-level in CKAN, which currently only support role-based access permission at dataset-level.
This extension provides an ability to let users specify who (users or organizations) can or cannot access a certain resource.
Notes:
- Access permission setting for an organization will affect all members of the organization.
- Extension always uses access permission at user-level as the final decision if there exist both rules for user and organization.
- Allowing user/organization to access a resource will enable the access of the dataset metadata for that user/organization.
This extension was developed and tested under CKAN-2.7.3
To install ckanext-resourceauthorizer:
Activate your CKAN virtual environment, for example:
. /usr/lib/ckan/default/bin/activate
Install the ckanext-resourceauthorizer Python package into your virtual environment:
pip install ckanext-resourceauthorizer
Add
resourceauthorizerto theckan.pluginssetting in your CKAN config file (by default the config file is located at/etc/ckan/default/production.ini).Restart CKAN. For example if you've deployed CKAN with Apache on Ubuntu:
sudo service apache2 reload
Run the following command to create the necessary tables in the database (ensuring the pyenv is activated):
(pyenv) $ paster --plugin=ckanext-resourceauthorizer resourceauthorizer initdb --config=/etc/ckan/default/production.ini
Run the following command to reindex the CKAN metadata in solr (ensuring the pyenv is activated):
(pyenv) $ paster --plugin=ckan search-index rebuild --config=/etc/ckan/default/production.ini
Finally, restart CKAN to have the changes take affect:
sudo service apache2 restart
To install ckanext-resourceauthorizer for development, activate your CKAN virtualenv and do:
git clone https://github.com/etri-odp/ckanext-resourceauthorizer.git cd ckanext-resourceauthorizer python setup.py develop pip install -r dev-requirements.txt
To run the tests, do:
nosetests --nologcapture --with-pylons=test.ini
To run the tests and produce a coverage report, first make sure you have
coverage installed in your virtualenv (pip install coverage) then run:
nosetests --nologcapture --with-pylons=test.ini --with-coverage --cover-package=ckanext.resourceauthorizer --cover-inclusive --cover-erase --cover-tests
ckanext-resourceauthorizer should be availabe on PyPI as https://pypi.python.org/pypi/ckanext-resourceauthorizer. If that link doesn't work, then you can register the project on PyPI for the first time by following these steps:
Create a source distribution of the project:
python setup.py sdist
Register the project:
python setup.py register
Upload the source distribution to PyPI:
python setup.py sdist upload
Tag the first release of the project on GitHub with the version number from the
setup.pyfile. For example if the version number insetup.pyis 0.0.1 then do:git tag 0.0.1 git push --tags
This work was supported by Institute for Information & communications Technology Promotion (IITP) grant funded by the Korea government (MSIT) (No.2017-00253, Development of an Advanced Open Data Distribution Platform based on International Standards)