2

How can I change the permissions in CKAN, so every editor/admin of an organization can add a group to a dataset (right now, the editor or admin has to be a member of the group to be able to add a certain group to a dataset)?

The dataportal I am developing only has 8 groups and every admin/editor should be able to add these groups to a dataset.

ekad
  • 14,436
  • 26
  • 44
  • 46
xFinitive
  • 23
  • 3

1 Answers1

1

It seems to me that Group permissions are a bit of a hangover from the past (there was a time in CKAN without Organizations and only groups, and groups are based heavily on Organizations internally) and I wanted to make a proposal to the CKAN developers for providing an option to remove them (i.e. every Org editor or Admin can add anything to any group). Apart from that possibility there are a couple of workarounds:

  • Make everyone of these users a superuser (probably bad)

  • Make a "master" group which contains all existing groups (this is only possible via the API) and then use the cascading authorization configuration: http://docs.ckan.org/en/latest/maintaining/configuration.html#ckan-auth-roles-that-cascade-to-sub-groups

  • Make an extension that hooks into the user creation process and automatically adds all Org editors and Admins to all groups

  • Make an extension that doesn't check or relaxes auth when trying to add datasets to groups (this seems like overkill compared to the general change I mentioned at the beginning: both would need to be coded and I am more interested in doing the first one!)
Matt Fullerton
  • 535
  • 3
  • 8