ckanext-restricted
CKAN extension to restrict the accessibility to the resources of a dataset. This way the package metadata is accesible but not the data itself (resource). The resource access restriction level can be individualy defined for every package. Users can request access to a dataset by pressing a button. The package owner can allow individual users to access the resource. It also includes notifying by mail on every new user registration.
restricted_resources_metadata.PNG restricted_resources_preview.PNG
Package view with restricted resources
Resource metadata including restriction configuration
Request form for restricted resources
Requirements
This extension has been developed for CKAN version 2.5.2.
The resource access restriction level can be individualy defined for every package. This requires adding an extra field to package metadata with (some of) the possible values: "public", "registered", "any_organization", "same_organization" (as the package).
The allowed user list is also defined in an additional field that includes autocomplete.
If you use ckanext-scheming and ckanext-composite, this is the field definition in JSON:
{
"scheming_version": 1,
"dataset_type": "dataset",
"about": "",
"about_url": "http://github.com/ckan/ckanext-scheming",
"dataset_fields": [...],
"resource_fields": [
[...]
{
"field_name": "restricted",
"label": "Access Restriction",
"preset": "composite",
"subfields":
[
{
"field_name": "level",
"label": "Level",
"preset": "select",
"form_include_blank_choice": false,
"required": true,
"choices": [
{
"value": "public",
"label": "Public"
},
{
"value": "registered",
"label": "Registered Users"
},
{
"value": "any_organization",
"label": "Any Organization Members (Trusted Users)"
},
{
"value": "same_organization",
"label": "Same Organization Members"
}
]
},
{
"field_name": "allowed_users",
"label": "Allowed Users",
"preset": "tag_string_autocomplete",
"data-module-source":"/api/2/util/user/autocomplete?q=?"
}
]
}
]
}
The usage of this extension, regarding the level "any_organization", makes more sense if the CKAN administrator sets some users as members of an organization. In our case we created an organization called "trusted_users" where the mail accounts have been double checked. Therefore this extension sends a mail to the defined 'mail_to' in the CKAN config file at every new user registration. To swithch off this functionality, just comment out the code at: https://github.com/espona/ckanext-restricted/blob/master/ckanext/restricted/plugin.py#L14
Installation
To install ckanext-restricted:
-
Activate your CKAN virtual environment, for example:
. /usr/lib/ckan/default/bin/activate
-
Install the ckanext-restricted Python package into your virtual environment:
pip install ckanext-restricted
-
Add
restrictedto theckan.pluginssetting in your CKAN config file (by default the config file is located at/etc/ckan/default/production.ini). -
Restart CKAN. For example if you've deployed CKAN with Apache on Ubuntu:
sudo service apache2 reload
Config Settings
Document any optional config settings here. For example:
# The minimum number of hours to wait before re-checking a resource # (optional, default: 24). ckanext.restricted.some_setting = some_default_value
Development Installation
To install ckanext-restricted for development, activate your CKAN virtualenv and do:
git clone https://github.com/espona/ckanext-restricted.git cd ckanext-restricted python setup.py develop pip install -r dev-requirements.txt
Running the Tests
To run the tests, do:
nosetests --nologcapture --with-pylons=test.ini
To run the tests and produce a coverage report, first make sure you have
coverage installed in your virtualenv (pip install coverage) then run:
nosetests --nologcapture --with-pylons=test.ini --with-coverage --cover-package=ckanext.restricted --cover-inclusive --cover-erase --cover-tests
Registering ckanext-restricted on PyPI
ckanext-restricted should be availabe on PyPI as https://pypi.python.org/pypi/ckanext-restricted. If that link doesn't work, then you can register the project on PyPI for the first time by following these steps:
-
Create a source distribution of the project:
python setup.py sdist
-
Register the project:
python setup.py register
-
Upload the source distribution to PyPI:
python setup.py sdist upload
-
Tag the first release of the project on GitHub with the version number from the
setup.pyfile. For example if the version number insetup.pyis 0.0.1 then do:git tag 0.0.1 git push --tags
Releasing a New Version of ckanext-restricted
ckanext-restricted is availabe on PyPI as https://pypi.python.org/pypi/ckanext-restricted. To publish a new version to PyPI follow these steps:
-
Update the version number in the
setup.pyfile. See PEP 440 for how to choose version numbers. -
Create a source distribution of the new version:
python setup.py sdist
-
Upload the source distribution to PyPI:
python setup.py sdist upload
-
Tag the new release of the project on GitHub with the version number from the
setup.pyfile. For example if the version number insetup.pyis 0.0.2 then do:git tag 0.0.2 git push --tags
