No project description provided
Project description
ckanext-vip-portal
Generic access restrictions for anonymous user.
Configure the set or endpoints/URLs that are available for the anonymous user, and redirect to the login page if he attempts to visit non-whitelisted page.
Requirements
Compatibility with core CKAN versions:
| CKAN version | Compatible? |
|---|---|
| 2.9 | yes |
| 2.10 | yes |
| 2.11(master) | yes |
Installation
To install ckanext-vip-portal:
-
Install it using pip
pip install ckanext-vip-portal
-
Add
vip_portalto theckan.pluginssetting in your CKAN config file.
Config settings
# Configure endpoint that handles unauthorized page access
# (optional, default: user.login)
ckanext.vip_portal.login_endpoint = auth_ext.login
# Allow anonymous access to all the pages. It basically disables current
# extensions
# (optional, default: false)
ckanext.vip_portal.free_anonymous_access = true
# Allow any authenticated user to visit pages normally
# (optional, default: true)
ckanext.vip_portal.free_authenticated_access = false
# Unless endpoint is blocked by one of IVipAccess implementations, it can be
# accessed by anyone. Use it in combination with IVipPortal interface if you
# want to leave the portal generally open and block only certain endpoints
# (optional, default: false)
ckanext.vip_portal.free_access_by_default = true
# Allow anonymous access to login pages
# (optional, default: true)
ckanext.vip_portal.allow_login = false
# Allow anonymous access to password reset page
# (optional, default: true)
ckanext.vip_portal.allow_password_reset = false
# Allow anonymous access to registration pages
# (optional, default: true)
ckanext.vip_portal.allow_registration = false
# Allow anonymous access to API endpoints
# (optional, default: true)
ckanext.vip_portal.allow_api = false
# Additional endpoints that are accessible by anonymous user
# (optional, default: )
ckanext.vip_portal.extra_allowed_endpoints = home.index home.about dataset.search
# Additional paths(URLs) that are accessible by anonymous user
# (optional, default: )
ckanext.vip_portal.extra_allowed_paths = / /about /dataset
# Allow anonymous user to access any path that starts with the following
# prefixes
# (optional, default: )
ckanext.vip_portal.extra_allowed_prefixes = /dataset /organization /group /static
# Allow anonymous user to access any path that ends with the following
# suffixes
# (optional, default: )
ckanext.vip_portal.extra_allowed_suffixes = .svg .html .css
# Allows to customize the route that the user will get redirected to
# after a successful login. Empty value allow user to be redirected to the page
# requested before displaying login page
# (optional, default: )
ckan.auth.route_after_login = dataset.search
Advanced
For more specific scenarios, implement
ckanext.vip_portal.interfaces.IVipPortal
class IVipPortal(Interface):
def check_vip_access_for_endpoint(
self,
endpoint: Union[tuple[str, str], tuple[None, None]],
user: Optional[str],
) -> Access:
"""Check if user allowed to visit the endpoint.
Return `ckanext.vip_portal.interfaces.Access` enum member from this
method:
* Access.allowed: user is allowed to see the endpoint
* Access.forbidden: user is not allowed to see the endpoint
* Access.unknown: use default logic that depends on settings
Use `forbidden` only when you explicitly want to disallow access to the
ednpoint. Otherwise use `unknown`: it will check configuration of the
extension and other plugins first and only then allow/disallow visiting
the page.
"""
return Access.unknown
def check_vip_access_for_path(
self, path: str, user: Optional[str]
) -> Access:
"""Check if user allowed to visit the endpoint.
See IVipPortal.check_vip_access_for_endpoint
"""
return Access.unknown
def make_vip_rejection_response(
self, user: Optional[str]
) -> Optional[Response]:
"""Create a response for forbiddent page.
By default, authenticated user sees 403 page and anonymous user is
redirected to login page.
"""
return None
def alter_vip_rejection_response(
self, resp: Response, user: Optional[str]
) -> Response:
"""Modify rejection response before it's sent to user.
Here you can add additional headers to the rejection response. For
anything more complex consider using
IVipPortal.make_vip_rejection_response.
"""
return resp
Developer installation
To install ckanext-vip-portal for development, activate your CKAN virtualenv and
do:
git clone https://github.com/DataShades/ckanext-vip-portal.git
cd ckanext-vip-portal
pip install -e '.[dev]'
License
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
ckanext_vip_portal-0.2.5.tar.gz
(21.3 kB
view hashes)
Built Distribution
Close
Hashes for ckanext_vip_portal-0.2.5-py3-none-any.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 3f54e9583da393942d9d42694f6e8eb90f55cbce5f9050fecf225cb6db712d9c |
|
| MD5 | fb8d49b270ac8ccd8086ac9f8a49a654 |
|
| BLAKE2b-256 | 0601ca220dd2296e3e885acfebe1145c5ba8ed6aa6170252cf820bf49787896a |
