Skip to content

Commit

Permalink
Add publiccode.yml
Browse files Browse the repository at this point in the history
  • Loading branch information
Jovanka committed Dec 17, 2024
1 parent 71753df commit e235a9e
Showing 1 changed file with 160 additions and 0 deletions.
160 changes: 160 additions & 0 deletions publiccode.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,160 @@
# This repository adheres to the publiccode.yml standard by including this
# metadata file that makes public software easily discoverable.
# More info at https://github.com/italia/publiccode.yml

publiccodeYmlVersion: '0.2'
name: ckanext-berlinauth
applicationSuite: CKAN
url: 'https://github.com/berlinonline/ckanext-berlinauth'
releaseDate: '2020-07-28'
softwareVersion: 0.2.8
developmentStatus: stable
softwareType: addon
platforms:
- web
categories:
- it-development
- knowledge-management
maintenance:
type: internal
contacts:
- name: Dr. Knud Möller
email: [email protected]
legal:
license: AGPL-3.0-only
mainCopyrightOwner: ' BerlinOnline GmbH'
repoOwner: ' BerlinOnline GmbH'
localisation:
localisationReady: false
availableLanguages:
- en
description:
en:
genericName: ckanext-berlinauth
documentation: >-
https://github.com/berlinonline/ckanext-berlinauth?tab=readme-ov-file#ckanext-berlinauth
shortDescription: >-
This plugin belongs to a set of plugins for the Datenregister – the
non-public CKAN instance that is part of Berlin's open data portal
daten.berlin.de
longDescription: >
This plugin belongs to a set of plugins for the _Datenregister_ – the
non-public [CKAN](https://ckan.org/) instance that is part of Berlin's
open data portal [daten.berlin.de](https://daten.berlin.de/).
`ckanext-berlinauth` provides a custom authorization model. Among other
things, access for anonymous users is restricted, file upload is
deactivated
The plugin implements the following CKAN interfaces:
-
[IAuthFunctions](http://docs.ckan.org/en/latest/extensions/plugin-interfaces.html#ckan.plugins.interfaces.IAuthFunctions)
-
[IActions](http://docs.ckan.org/en/latest/extensions/plugin-interfaces.html#ckan.plugins.interfaces.IActions)
-
[IMiddleware](http://docs.ckan.org/en/latest/extensions/plugin-interfaces.html#ckan.plugins.interfaces.IMiddleware)
## Requirements
This plugin has been tested with CKAN 2.9.8 (which requires Python 3).
## Register-mode
"Register-mode" is the implementation for the use case where we have CKAN
as a separate "backend" system, only accessible to administrative staff
who add and manage datasets. In this scenario, CKAN is called the
"Datenregister".
The general authorization model is as follows:
- Anonymous users have no access to the website
([https://datenregister.berlin.de](https://datenregister.berlin.de/)),
except for the `/about` and `/datenschutzerklaerung`. All requests are
redirected to the login page.
- Anonymous has access to a subset of the CKAN API (most GET-able
functions) and the DCAT API.
- Logged-in users have restricted access to site and API.
- no user list/show (except for self)
- no vocabulary list/show
- hide certain groups from `group\_list`, `organization\_list`
- hide users except self from `group\_show`, `organization\_show`
- ...
- File upload has been disabled.
## Monitoring, Liveness and Readiness Probes
The fact that the home page (`/`) is no longer available to anonymous
users has implications for monitoring services such as liveness and
readiness probes in Kubernetes. If `ckanext-berlinauth` is installed and
activated, such services should not point to the home page, but instead
to a page that is available to anonymous users as well. A good candidate
is the info page at `/about`.
## Additional Configuration Options
- `berlin.technical\_groups`: A space-separated list of
group/organizations that are considered 'technical'. A technical
organization is one which does not reflect a real-world organization, but
has only been introduced to structure permissions. Technical groups are
hidden for non-sysadmin users.
berlin.technical\_groups = simplesearch harvester-fis-broker
- `berlin.public\_pages`: By default, access to the Datenregister is
restricted to logged-in users. This setting contains a space-separated
list of paths that should be visible to the public, i.e., to anonymous
users.
berlin.public\_pages = about datenschutzerklaerung
## Version Numbers for Plugins
The CKAN API's
[status\_show](https://docs.ckan.org/en/2.9/api/#ckan.logic.action.get.status_show)
method includes a list of plugins as configured in the `ckan.plugins`
setting. `ckanext-berlinauth` includes an extended version of
`status\_show` that also shows the version number of each plugin. This
assumes that the plugin module defines a `\_\_version\_\_` attribute that
contains the version number. If there is no `\_\_version\_\_` attribute,
the version number will be `unknown`:
{
"help": "http://ckandev.bln/api/3/action/help\_show?name=status\_show",
"success": true,
"result": {
"site\_title": "Datenregister Dev",
"site\_description": "",
"site\_url": "http://ckandev.bln",
"ckan\_version": "2.9.8",
"error\_emails\_to": null,
"locale\_default": "en",
"extensions": {
"stats": {
"version": "unknown"
},
"berlintheme": {
"version": "0.3.6"
},
"berlinauth": {
"version": "0.2.6"
}
}
}
}

0 comments on commit e235a9e

Please sign in to comment.