No project description provided
Project description
ckanext-vip-portal
Generic access restrictions for anonymous user.
Configure the set or endpoints/URLs that are available for the anonymous user, and redirect to the login page if he attempts to visit non-whitelisted page.
Requirements
Compatibility with core CKAN versions:
| CKAN version | Compatible? |
|---|---|
| 2.9 | yes |
| 2.10 | yes |
| 2.11(master) | yes |
Installation
To install ckanext-vip-portal:
-
Install it using pip
pip install ckanext-vip-portal
-
Add
vip_portalto theckan.pluginssetting in your CKAN config file.
Config settings
# Configure endpoint that handles unauthorized page access
# (optional, default: user.login)
ckanext.vip_portal.login_endpoint = auth_ext.login
# Allow anonymous access to all the pages. It basically disables current
# extensions
# (optional, default: false)
ckanext.vip_portal.free_anonymous_access = true
# Allow any authenticated user to visit pages normally
# (optional, default: true)
ckanext.vip_portal.free_authenticated_access = false
# Unless endpoint is blocked by one of IVipAccess implementations, it can be
# accessed by anyone. Use it in combination with IVipPortal interface if you
# want to leave the portal generally open and block only certain endpoints
# (optional, default: false)
ckanext.vip_portal.free_access_by_default = true
# Allow anonymous access to login pages
# (optional, default: true)
ckanext.vip_portal.allow_login = false
# Allow anonymous access to password reset page
# (optional, default: true)
ckanext.vip_portal.allow_password_reset = false
# Allow anonymous access to registration pages
# (optional, default: true)
ckanext.vip_portal.allow_registration = false
# Allow anonymous access to API endpoints
# (optional, default: true)
ckanext.vip_portal.allow_api = false
# Additional endpoints that are accessible by anonymous user
# (optional, default: )
ckanext.vip_portal.extra_allowed_endpoints = home.index home.about dataset.search
# Additional paths(URLs) that are accessible by anonymous user
# (optional, default: )
ckanext.vip_portal.extra_allowed_paths = / /about /dataset
# Allow anonymous user to access any path that starts with the following
# prefixes
# (optional, default: )
ckanext.vip_portal.extra_allowed_prefixes = /dataset /organization /group /static
# Allow anonymous user to access any path that ends with the following
# suffixes
# (optional, default: )
ckanext.vip_portal.extra_allowed_suffixes = .svg .html .css
# Allows to customize the route that the user will get redirected to
# after a successful login. Empty value allow user to be redirected to the page
# requested before displaying login page
# (optional, default: )
ckan.auth.route_after_login = dataset.search
Advanced
For more specific scenarios, implement
ckanext.vip_portal.interfaces.IVipPortal
class IVipPortal(Interface):
def check_vip_access_for_endpoint(
self,
endpoint: Union[tuple[str, str], tuple[None, None]],
user: Optional[str],
) -> Access:
"""Check if user allowed to visit the endpoint.
Return `ckanext.vip_portal.interfaces.Access` enum member from this
method:
* Access.allowed: user is allowed to see the endpoint
* Access.forbidden: user is not allowed to see the endpoint
* Access.unknown: use default logic that depends on settings
Use `forbidden` only when you explicitly want to disallow access to the
ednpoint. Otherwise use `unknown`: it will check configuration of the
extension and other plugins first and only then allow/disallow visiting
the page.
"""
return Access.unknown
def check_vip_access_for_path(
self, path: str, user: Optional[str]
) -> Access:
"""Check if user allowed to visit the endpoint.
See IVipPortal.check_vip_access_for_endpoint
"""
return Access.unknown
def make_vip_rejection_response(
self, user: Optional[str]
) -> Optional[Response]:
"""Create a response for forbiddent page.
By default, authenticated user sees 403 page and anonymous user is
redirected to login page.
"""
return None
def alter_vip_rejection_response(
self, resp: Response, user: Optional[str]
) -> Response:
"""Modify rejection response before it's sent to user.
Here you can add additional headers to the rejection response. For
anything more complex consider using
IVipPortal.make_vip_rejection_response.
"""
return resp
Developer installation
To install ckanext-vip-portal for development, activate your CKAN virtualenv and
do:
git clone https://github.com/DataShades/ckanext-vip-portal.git
cd ckanext-vip-portal
pip install -e '.[dev]'
License
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
ckanext_vip_portal-0.3.0.tar.gz
(21.4 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file ckanext_vip_portal-0.3.0.tar.gz.
File metadata
- Download URL: ckanext_vip_portal-0.3.0.tar.gz
- Upload date:
- Size: 21.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/5.1.1 CPython/3.9.19
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
ed062bc51f64f96fff2735fd45c37b6801ae2ee7f1f52e871d1660bc26bbfdc5
|
|
| MD5 |
19c35d0ee3f26b051638b88ec9e2648d
|
|
| BLAKE2b-256 |
08938726cd650aab82b9329f3b5bb57a424232d80de22bf3a53fb64aa57f80a9
|
File details
Details for the file ckanext_vip_portal-0.3.0-py3-none-any.whl.
File metadata
- Download URL: ckanext_vip_portal-0.3.0-py3-none-any.whl
- Upload date:
- Size: 22.4 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/5.1.1 CPython/3.9.19
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
f0978d44e5103f3c8fa7787bb9929b21102ed2d8fff28af01841d14d06b119ee
|
|
| MD5 |
b815aef5db20e200997a2eb69f507c7f
|
|
| BLAKE2b-256 |
a3e748374ae694b6276bfb08ae6f2e6598c12e517c7634d8eb3a2a415fef4248
|
