Coverage for ckanext/udc/user/auth.py: 64%

28 statements  

« prev     ^ index     » next       coverage.py v7.7.1, created at 2026-01-19 23:48 +0000

1"""Authorization functions for user management actions.""" 

2from ckan.types import Context, AuthResult 

3from ckan import model 

4 

5 

6def _is_sysadmin(context: Context) -> bool: 

7 user = context.get("user") 

8 if not user: 

9 return False 

10 user_obj = model.User.get(user) 

11 return bool(user_obj and user_obj.sysadmin) 

12 

13 

14def deleted_users_list(context: Context, data_dict: dict) -> AuthResult: 

15 """Only sysadmins can list deleted users.""" 

16 if _is_sysadmin(context): 

17 return {"success": True} 

18 return {"success": False, "msg": "Only sysadmins can list deleted users."} 

19 

20 

21def purge_deleted_users(context: Context, data_dict: dict) -> AuthResult: 

22 """Only sysadmins can purge deleted users.""" 

23 if _is_sysadmin(context): 

24 return {"success": True} 

25 return {"success": False, "msg": "Only sysadmins can purge deleted users."} 

26 

27 

28def udc_user_list(context: Context, data_dict: dict) -> AuthResult: 

29 """Only sysadmins can list users.""" 

30 if _is_sysadmin(context): 

31 return {"success": True} 

32 return {"success": False, "msg": "Only sysadmins can list users."} 

33 

34 

35def udc_user_reset_password(context: Context, data_dict: dict) -> AuthResult: 

36 """Only sysadmins can reset passwords.""" 

37 if _is_sysadmin(context): 

38 return {"success": True} 

39 return {"success": False, "msg": "Only sysadmins can reset passwords."} 

40 

41 

42def udc_user_delete(context: Context, data_dict: dict) -> AuthResult: 

43 """Only sysadmins can delete users.""" 

44 if _is_sysadmin(context): 

45 return {"success": True} 

46 return {"success": False, "msg": "Only sysadmins can delete users."}