# CKAN Restricted API
<div align="center">
<em>Extension to allow dataset restriction via CKAN API.</em>
</div>
<div align="center">
<a href="https://pypi.org/project/ckanext-restricted_api" target="_blank">
<img src="https://img.shields.io/pypi/v/ckanext-restricted_api?color=%2334D058&label=pypi%20package" alt="Package version">
</a>
<a href="https://pypistats.org/packages/ckanext-restricted_api" target="_blank">
<img src="https://img.shields.io/pypi/dm/ckanext-restricted_api.svg" alt="Downloads">
</a>
<a href="https://gitlabext.wsl.ch/EnviDat/ckanext-restricted_api/-/raw/main/LICENSE" target="_blank">
<img src="https://img.shields.io/github/license/EnviDat/ckanext-restricted_api.svg" alt="Licence">
</a>
</div>
---
**Documentation**: <a href="https://envidat.gitlab-pages.wsl.ch/ckanext-restricted_api/" target="_blank">https://envidat.gitlab-pages.wsl.ch/ckanext-restricted_api/</a>
**Source Code**: <a href="https://gitlabext.wsl.ch/EnviDat/ckanext-restricted_api" target="_blank">https://gitlabext.wsl.ch/EnviDat/ckanext-restricted_api</a>
---
**This plugin is primarily intended for custom frontends built on the CKAN API.**
> Requires CKAN >= 2.10. For <2.10, use ckanext-restricted-api==1.0.0
- Restrict the accessibility to the resources of a dataset.
- This way the package metadata is accesible but not the data itself (resource).
- The resource access restriction level can be individualy defined for every package.
Based on work by @espona (Lucia Espona Pernas) for ckanext-restricted (https://github.com/EnviDat/ckanext-restricted).
## Install
```bash
pip install ckanext-restricted-api
```
## Config
Optional variables can be set in your ckan.ini:
- **restricted_api.access_request_template**
- Description: Path to access request template to render as html email.
- Default: uses default template.
- **restricted_api.access_granted_template**
- Description: Path to access granted template to render as html email.
- Default: uses default template.
- **ckanext.restricted_api.omit_resources_on_pkg_list**
- Description: on current_package_list_with_resources
omit resources completely, or process them all to restrict fields (this may not be performant).
- Default: True (to maximise performance).
## The Restricted Dict
- This plugin works by storing information in the `extra` field of the `resource` table in CKAN.
- By default, CKAN extras values are extracted into the package/resource JSONs returned by the API.
- The key `restricted` is stored, with a value containing a nested dictionary of:
- level: a string containing the restriction level, with options:
- `public` any user
- `registered` only registered users
- `only_allowed_users` only users specified in the `allowed_users` key.
- `any_organization` any user that is a member in an organisation.
- `same_organization` only users of the same organisation the dataset is within.
- allowed_users: a comma separated string containing specified allowed users,
to be used with `only_allowed_users`.
Example:
```json
"restricted": '{"level": "same_organization", "allowed_users": ""}'
"only_allowed_users": '{"level": "same_organization", "allowed_users": "user1,user2,user3"}'
```
## Granting Access
1. Users can request access to a dataset by calling an API endpoint from a frontend.
2. The package owner is emailed and can allow individual users to access the resource.
a. Access can be granted by updating the restricted dict (via the API / frontend).
3. If access is granted, the user will be notified by email automatically.
## Endpoints
**POST**
**GET**
## Notes
Users who do not have restricted access have two fields redacted:
- `url`: to download the dataset
- `restricted`: to see the restriction information
Downloading of the restricted resource is also not possible via the CKAN API.
However, it should be noted, if resources are hosted in public S3 storage, then this obfuscation does not prevent direct download of the data.
Raw data
{
"_id": null,
"home_page": "",
"name": "ckanext-restricted_api",
"maintainer": "",
"docs_url": null,
"requires_python": ">=3.8",
"maintainer_email": "",
"keywords": "CKAN,restricted,access,authorization,envidat",
"author": "",
"author_email": "Sam Woodcock <sam.woodcock@protonmail.com>",
"download_url": "https://files.pythonhosted.org/packages/80/a6/d2e0e57d656921329708097322984ce0f815ec10e82ce2c5782a66593ff6/ckanext-restricted-api-2.0.6.tar.gz",
"platform": null,
"description": "# CKAN Restricted API\n\n<div align=\"center\">\n <em>Extension to allow dataset restriction via CKAN API.</em>\n</div>\n<div align=\"center\">\n <a href=\"https://pypi.org/project/ckanext-restricted_api\" target=\"_blank\">\n <img src=\"https://img.shields.io/pypi/v/ckanext-restricted_api?color=%2334D058&label=pypi%20package\" alt=\"Package version\">\n </a>\n <a href=\"https://pypistats.org/packages/ckanext-restricted_api\" target=\"_blank\">\n <img src=\"https://img.shields.io/pypi/dm/ckanext-restricted_api.svg\" alt=\"Downloads\">\n </a>\n <a href=\"https://gitlabext.wsl.ch/EnviDat/ckanext-restricted_api/-/raw/main/LICENSE\" target=\"_blank\">\n <img src=\"https://img.shields.io/github/license/EnviDat/ckanext-restricted_api.svg\" alt=\"Licence\">\n </a>\n</div>\n\n---\n\n**Documentation**: <a href=\"https://envidat.gitlab-pages.wsl.ch/ckanext-restricted_api/\" target=\"_blank\">https://envidat.gitlab-pages.wsl.ch/ckanext-restricted_api/</a>\n\n**Source Code**: <a href=\"https://gitlabext.wsl.ch/EnviDat/ckanext-restricted_api\" target=\"_blank\">https://gitlabext.wsl.ch/EnviDat/ckanext-restricted_api</a>\n\n---\n\n**This plugin is primarily intended for custom frontends built on the CKAN API.**\n\n> Requires CKAN >= 2.10. For <2.10, use ckanext-restricted-api==1.0.0\n\n- Restrict the accessibility to the resources of a dataset.\n- This way the package metadata is accesible but not the data itself (resource).\n- The resource access restriction level can be individualy defined for every package.\n\nBased on work by @espona (Lucia Espona Pernas) for ckanext-restricted (https://github.com/EnviDat/ckanext-restricted).\n\n## Install\n\n```bash\npip install ckanext-restricted-api\n```\n\n## Config\n\nOptional variables can be set in your ckan.ini:\n\n- **restricted_api.access_request_template**\n - Description: Path to access request template to render as html email.\n - Default: uses default template.\n- **restricted_api.access_granted_template**\n - Description: Path to access granted template to render as html email.\n - Default: uses default template.\n- **ckanext.restricted_api.omit_resources_on_pkg_list**\n - Description: on current_package_list_with_resources\n omit resources completely, or process them all to restrict fields (this may not be performant).\n - Default: True (to maximise performance).\n\n## The Restricted Dict\n\n- This plugin works by storing information in the `extra` field of the `resource` table in CKAN.\n- By default, CKAN extras values are extracted into the package/resource JSONs returned by the API.\n- The key `restricted` is stored, with a value containing a nested dictionary of:\n\n - level: a string containing the restriction level, with options:\n - `public` any user\n - `registered` only registered users\n - `only_allowed_users` only users specified in the `allowed_users` key.\n - `any_organization` any user that is a member in an organisation.\n - `same_organization` only users of the same organisation the dataset is within.\n - allowed_users: a comma separated string containing specified allowed users,\n to be used with `only_allowed_users`.\n\nExample:\n\n```json\n\"restricted\": '{\"level\": \"same_organization\", \"allowed_users\": \"\"}'\n\n\"only_allowed_users\": '{\"level\": \"same_organization\", \"allowed_users\": \"user1,user2,user3\"}'\n```\n\n## Granting Access\n\n1. Users can request access to a dataset by calling an API endpoint from a frontend.\n2. The package owner is emailed and can allow individual users to access the resource.\n a. Access can be granted by updating the restricted dict (via the API / frontend).\n3. If access is granted, the user will be notified by email automatically.\n\n## Endpoints\n\n**POST**\n\n**GET**\n\n## Notes\n\nUsers who do not have restricted access have two fields redacted:\n\n- `url`: to download the dataset\n- `restricted`: to see the restriction information\n\nDownloading of the restricted resource is also not possible via the CKAN API.\n\nHowever, it should be noted, if resources are hosted in public S3 storage, then this obfuscation does not prevent direct download of the data.\n\n",
"bugtrack_url": null,
"license": "MIT",
"summary": "Extension to allow dataset restriction via CKAN API.",
"version": "2.0.6",
"project_urls": {
"documentation": "https://envidat.gitlab-pages.wsl.ch/ckanext-restricted_api",
"homepage": "https://gitlabext.wsl.ch/EnviDat/ckanext-restricted_api.git",
"repository": "https://gitlabext.wsl.ch/EnviDat/ckanext-restricted_api.git"
},
"split_keywords": [
"ckan",
"restricted",
"access",
"authorization",
"envidat"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "8ce63c10d77e4c33fbcbbfc23ceb70b6b940b56b838260ece00d848c8236d8a8",
"md5": "025e8879edd0ad47627cb82ae83d9eed",
"sha256": "41b66e93441dfd3f9564fe8f594236144e4cf7a5dec95a85b8994b32e83c4461"
},
"downloads": -1,
"filename": "ckanext_restricted_api-2.0.6-py3-none-any.whl",
"has_sig": false,
"md5_digest": "025e8879edd0ad47627cb82ae83d9eed",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.8",
"size": 13253,
"upload_time": "2023-08-29T11:34:51",
"upload_time_iso_8601": "2023-08-29T11:34:51.292093Z",
"url": "https://files.pythonhosted.org/packages/8c/e6/3c10d77e4c33fbcbbfc23ceb70b6b940b56b838260ece00d848c8236d8a8/ckanext_restricted_api-2.0.6-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "80a6d2e0e57d656921329708097322984ce0f815ec10e82ce2c5782a66593ff6",
"md5": "cd96b4986a68cb76b87550b23eff8ee9",
"sha256": "bce5400a59c5264c91438f01c804753e9bed91e5ab93f99a871b4251fab5d35d"
},
"downloads": -1,
"filename": "ckanext-restricted-api-2.0.6.tar.gz",
"has_sig": false,
"md5_digest": "cd96b4986a68cb76b87550b23eff8ee9",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.8",
"size": 12548,
"upload_time": "2023-08-29T11:34:52",
"upload_time_iso_8601": "2023-08-29T11:34:52.869731Z",
"url": "https://files.pythonhosted.org/packages/80/a6/d2e0e57d656921329708097322984ce0f815ec10e82ce2c5782a66593ff6/ckanext-restricted-api-2.0.6.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2023-08-29 11:34:52",
"github": false,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"lcname": "ckanext-restricted_api"
}