Raise privileges to get email address information #505
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There are two changes needed to get access to a user's email address for harvester emails.
The first change gives privileged access to a user's details. This is needed to access the email address.
The second change requests the "extra" information about a user, including the email address.
The first change could be avoided if, for example, the
user_show
action in CKAN 2.9 is changed to honor theignore_auth
value in the context. But I am not sure if the long-term plan is to honorignore_auth
. It could also be avoided ifuser_show
honored the running user's administrative privileges, but the logic does not do this at the moment.We are running this command as the user "harvest", which is configured to have administrative rights. But the logic in
user_show
is honoring the context's 'user' field in CKAN 2.9, instead of looking at the user's privileges. So it seems that a 'user' value must be added to the context with the current authorization logic used inuser_show
.