From 63489533fe7626abfa26bac29f42b27c86eb6feb Mon Sep 17 00:00:00 2001
From: chbaeh <chbaeh@gmail.com>
Date: Wed, 10 Apr 2019 10:35:42 +0200
Subject: [PATCH] ODPSH-293: lock routes

---
 ckanext/odsh/controller.py                     | 18 +++++++++++++++++-
 ckanext/odsh/plugin.py                         |  7 +++++++
 .../templates/error_document_template.html     |  8 ++++++--
 3 files changed, 30 insertions(+), 3 deletions(-)

diff --git a/ckanext/odsh/controller.py b/ckanext/odsh/controller.py
index cfbea624..62712202 100644
--- a/ckanext/odsh/controller.py
+++ b/ckanext/odsh/controller.py
@@ -2,6 +2,7 @@ import ckan.lib.base as base
 from ckan.controllers.home import HomeController
 from ckan.controllers.user import UserController
 from ckan.controllers.api import ApiController
+from ckanext.harvest.controllers.view import ViewController as HarvestController
 from ckan.controllers.feed import FeedController
 from ckan.controllers.package import PackageController
 from ckan.controllers.feed import FeedController, ITEMS_LIMIT, _package_search, _create_atom_id
@@ -34,6 +35,10 @@ class OdshRouteController(HomeController):
 
 
 class OdshUserController(UserController):
+    def index(self):
+        if not authz.is_sysadmin(c.user):
+            abort(404)
+        return super(OdshUserController,self).index()
     def me(self, locale=None):
         if not c.user:
             h.redirect_to(locale=locale, controller='user', action='login',
@@ -71,9 +76,17 @@ class OdshUserController(UserController):
             abort(404)
         return super(OdshUserController,self).activity(id, offset)
 
+    def register(self, data=None, errors=None, error_summary=None):
+        if not authz.is_sysadmin(c.user):
+            abort(404)
+        return super(OdshUserController,self).register(data, errors, error_summary)
+
 
 class OdshPackageController(PackageController):
-    pass
+    def edit_view(self, id, resource_id, view_id=None):
+        if not authz.is_sysadmin(c.user):
+            abort(403)
+        return super(OdshPackageController,self).edit_view(id, resource_id, view_id)
 
 
 class OdshApiController(ApiController):
@@ -183,3 +196,6 @@ class OdshAutocompleteController(ApiController):
 
         suggest = solr_response.raw_response.get('spellcheck')
         return base.response.body_file.write(str(suggest))
+
+class OdshHarvestController(HarvestController):
+    pass
diff --git a/ckanext/odsh/plugin.py b/ckanext/odsh/plugin.py
index bfa3e27f..6a299117 100644
--- a/ckanext/odsh/plugin.py
+++ b/ckanext/odsh/plugin.py
@@ -173,8 +173,15 @@ class OdshPlugin(plugins.SingletonPlugin, DefaultTranslation, DefaultDatasetForm
         with SubMapper(map, controller='ckanext.odsh.controller:OdshFeedController') as m:
             m.connect('/feeds/custom.atom', action='custom')
 
+        # with SubMapper(map, controller='ckanext.odsh.controller:OdshHarvestController') as m:
+        #     m.connect('/harvest', action='custom')
+
+        with SubMapper(map, controller='ckanext.odsh.controller:OdshPackageController') as m:
+            m.connect('new_view', '/dataset/{id}/resource/{resource_id}/new_view', action='edit_view', ckan_icon='pencil-square-o')
+
         # redirect all user routes to custom controller
         with SubMapper(map, controller='ckanext.odsh.controller:OdshUserController') as m:
+            m.connect('user_index', '/user', action='index')
             m.connect('/user/edit', action='edit')
             m.connect('user_edit', '/user/edit/{id:.*}', action='edit', ckan_icon='cog')
             m.connect('user_delete', '/user/delete/{id}', action='delete')
diff --git a/ckanext/odsh/templates/error_document_template.html b/ckanext/odsh/templates/error_document_template.html
index 724f3d3b..80ede950 100644
--- a/ckanext/odsh/templates/error_document_template.html
+++ b/ckanext/odsh/templates/error_document_template.html
@@ -7,8 +7,12 @@
     <div class="module-content error-page">
         <div class="error-title">
             HTTP Status {{ c.code[0]}}
-            {%if c.code[0]=='404'%}
-            <div class="error-body"><h2>Seite nicht gefunden</h2>
+            {%if c.code[0]=='404' or c.code[0]=='403'%}
+                {%if c.code[0]=='404'%}
+                  <div class="error-body"><h2>Seite nicht gefunden</h2>
+                {%elif c.code[0]=='403'%}
+                  <div class="error-body"><h2>Zugriff nicht erlaubt</h2>
+                {% endif %}
                 <h3>Wie finde ich die gesuchten Inhalte im Landesportal?</h3>
 
                 <p><a class="" href="http://www.schleswig-holstein.de/odpstart" title="Zur Startseite">Zur Startseite des Open-Data-Portals</a></p>
-- 
GitLab