Skip to content

Commit

Permalink
Release 17.12 (#5)
Browse files Browse the repository at this point in the history
* update BerlinOnline name

* Open code & new release (#4)

* Add publiccode.yml

* Switch to user root for Github actions

* Changes in Changelog for release

---------

Co-authored-by: Jovanka <[email protected]>

---------

Co-authored-by: Knud Möller <[email protected]>
Co-authored-by: Jovanka <[email protected]>
  • Loading branch information
3 people authored Dec 17, 2024
1 parent e55a098 commit 153ba2b
Show file tree
Hide file tree
Showing 4 changed files with 169 additions and 1 deletion.
1 change: 1 addition & 0 deletions .github/workflows/test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ jobs:
runs-on: ubuntu-latest
container:
image: ckan/ckan-dev:${{ matrix.ckan-base-version }}-${{ matrix.ckan-version }}
options: --user root
services:
solr:
image: ckan/ckan-solr:${{ matrix.ckan-base-version }}-${{ matrix.solr-version }}
Expand Down
7 changes: 7 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,14 @@

## Development

## [0.2.8](https://github.com/berlinonline/ckanext-berlinauth/releases/tag/0.2.8)

_(2024-12-17)_

- Allow authorization via tokens, in addition to browser cookies and api keys.
- Update BerlinOnline name.
- Fix failing CI/CD
- Add publiccode.yml for OpenCode

## [0.2.7](https://github.com/berlinonline/ckanext-berlinauth/releases/tag/0.2.7)

Expand Down
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -94,7 +94,7 @@ If there is no `__version__` attribute, the version number will be `unknown`:

## License

This material is copyright © [BerlinOnline Stadtportal GmbH & Co. KG](https://www.berlinonline.net/).
This material is copyright © [BerlinOnline GmbH](https://www.berlinonline.net/).

This extension is open and licensed under the GNU Affero General Public License (AGPL) v3.0.
Its full text may be found at:
Expand Down
160 changes: 160 additions & 0 deletions publiccode.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,160 @@
# This repository adheres to the publiccode.yml standard by including this
# metadata file that makes public software easily discoverable.
# More info at https://github.com/italia/publiccode.yml

publiccodeYmlVersion: '0.2'
name: ckanext-berlinauth
applicationSuite: CKAN
url: 'https://github.com/berlinonline/ckanext-berlinauth'
releaseDate: '2020-07-28'
softwareVersion: 0.2.8
developmentStatus: stable
softwareType: addon
platforms:
- web
categories:
- it-development
- knowledge-management
maintenance:
type: internal
contacts:
- name: Dr. Knud Möller
email: [email protected]
legal:
license: AGPL-3.0-only
mainCopyrightOwner: ' BerlinOnline GmbH'
repoOwner: ' BerlinOnline GmbH'
localisation:
localisationReady: false
availableLanguages:
- en
description:
en:
genericName: ckanext-berlinauth
documentation: >-
https://github.com/berlinonline/ckanext-berlinauth?tab=readme-ov-file#ckanext-berlinauth
shortDescription: >-
This plugin belongs to a set of plugins for the Datenregister – the
non-public CKAN instance that is part of Berlin's open data portal
daten.berlin.de
longDescription: >
This plugin belongs to a set of plugins for the _Datenregister_ – the
non-public [CKAN](https://ckan.org/) instance that is part of Berlin's
open data portal [daten.berlin.de](https://daten.berlin.de/).
`ckanext-berlinauth` provides a custom authorization model. Among other
things, access for anonymous users is restricted, file upload is
deactivated
The plugin implements the following CKAN interfaces:
-
[IAuthFunctions](http://docs.ckan.org/en/latest/extensions/plugin-interfaces.html#ckan.plugins.interfaces.IAuthFunctions)
-
[IActions](http://docs.ckan.org/en/latest/extensions/plugin-interfaces.html#ckan.plugins.interfaces.IActions)
-
[IMiddleware](http://docs.ckan.org/en/latest/extensions/plugin-interfaces.html#ckan.plugins.interfaces.IMiddleware)
## Requirements
This plugin has been tested with CKAN 2.9.8 (which requires Python 3).
## Register-mode
"Register-mode" is the implementation for the use case where we have CKAN
as a separate "backend" system, only accessible to administrative staff
who add and manage datasets. In this scenario, CKAN is called the
"Datenregister".
The general authorization model is as follows:
- Anonymous users have no access to the website
([https://datenregister.berlin.de](https://datenregister.berlin.de/)),
except for the `/about` and `/datenschutzerklaerung`. All requests are
redirected to the login page.
- Anonymous has access to a subset of the CKAN API (most GET-able
functions) and the DCAT API.
- Logged-in users have restricted access to site and API.
- no user list/show (except for self)
- no vocabulary list/show
- hide certain groups from `group\_list`, `organization\_list`
- hide users except self from `group\_show`, `organization\_show`
- ...
- File upload has been disabled.
## Monitoring, Liveness and Readiness Probes
The fact that the home page (`/`) is no longer available to anonymous
users has implications for monitoring services such as liveness and
readiness probes in Kubernetes. If `ckanext-berlinauth` is installed and
activated, such services should not point to the home page, but instead
to a page that is available to anonymous users as well. A good candidate
is the info page at `/about`.
## Additional Configuration Options
- `berlin.technical\_groups`: A space-separated list of
group/organizations that are considered 'technical'. A technical
organization is one which does not reflect a real-world organization, but
has only been introduced to structure permissions. Technical groups are
hidden for non-sysadmin users.
berlin.technical\_groups = simplesearch harvester-fis-broker
- `berlin.public\_pages`: By default, access to the Datenregister is
restricted to logged-in users. This setting contains a space-separated
list of paths that should be visible to the public, i.e., to anonymous
users.
berlin.public\_pages = about datenschutzerklaerung
## Version Numbers for Plugins
The CKAN API's
[status\_show](https://docs.ckan.org/en/2.9/api/#ckan.logic.action.get.status_show)
method includes a list of plugins as configured in the `ckan.plugins`
setting. `ckanext-berlinauth` includes an extended version of
`status\_show` that also shows the version number of each plugin. This
assumes that the plugin module defines a `\_\_version\_\_` attribute that
contains the version number. If there is no `\_\_version\_\_` attribute,
the version number will be `unknown`:
{
"help": "http://ckandev.bln/api/3/action/help\_show?name=status\_show",
"success": true,
"result": {
"site\_title": "Datenregister Dev",
"site\_description": "",
"site\_url": "http://ckandev.bln",
"ckan\_version": "2.9.8",
"error\_emails\_to": null,
"locale\_default": "en",
"extensions": {
"stats": {
"version": "unknown"
},
"berlintheme": {
"version": "0.3.6"
},
"berlinauth": {
"version": "0.2.6"
}
}
}
}

0 comments on commit 153ba2b

Please sign in to comment.