Raise privileges to get email address information #505
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
bonnland
changed the title
amercader
reviewed
Jun 9, 2022
Co-authored-by: Adrià Mercader <amercadero@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There are two changes needed to get access to a user's email address for harvester emails.
The first change gives privileged access to a user's details. This is needed to access the email address.
The second change requests the "extra" information about a user, including the email address.
The first change could be avoided if, for example, the
user_showaction in CKAN 2.9 is changed to honor theignore_authvalue in the context. But I am not sure if the long-term plan is to honorignore_auth. It could also be avoided ifuser_showhonored the running user's administrative privileges, but the logic does not do this at the moment.We are running this command as the user "harvest", which is configured to have administrative rights. But the logic in
user_showis honoring the context's 'user' field in CKAN 2.9, instead of looking at the user's privileges. So it seems that a 'user' value must be added to the context with the current authorization logic used inuser_show.