I have a CKAN site running with the ckanext-ldap extension configured, but I only wan't authenticated users to be able access the site.
This is my solution so far, but I'm not totally satisfied:
import ckan.plugins as plugins
import ckan.plugins.toolkit as toolkit
def site_read(context, data_dict):
# List of allowed paths, when not logged in
allowed_anon_paths = ['/user/login', '/ldap_login_handler']
# Prevent "site read" if the user is not logged in and the
# request path is not in the list of allowed anonymous paths
if not context.get('user') and toolkit.request.path not in allowed_anon_paths:
return {'success': False}
return {'success': True}
class Disable_Anon_AccessPlugin(plugins.SingletonPlugin):
plugins.implements(plugins.IAuthFunctions)
def get_auth_functions(self):
return {'site_read': site_read}
It prevents anonymous users from accessing any pages (other than login related), but it provides a 403 Forbidden error, on all pages until logged in.
(also API requests fails with 500 error, unless logged in or providing an API key, but I can live with that)
I can't figure a way to redirect, to the login page, if not logged in and/or making the "remember me" feature work.
Adding something like: toolkit.redirect_to('/user/login') instead of return {'success': False} does not have an effect.
I also looked into the IRoutes interface, but I cannot figure out how to get the current logged in user (or checking if a user is logged in)
See Question&Answers more detail:
os 与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…