Target release0.0.4
Source (e.g. Github)https://github.com/EnviDat/ckanext-restricted
Main featuresCKAN extension to restrict the accessibility to the resources of a dataset. This way the package metadata is accessible but not the data itself (resource). The resource access restriction level can be individually defined for every package.
Prerequisite / Dependencies

This extension has been originally developed for CKAN version 2.5.2 and is compatible up to 2.8.x.

Requires the following extensions: * ckanext-scheming * ckanext-repeating * ckanext-composite

LicenseAGPL-3.0 License
Installed by

Mandana Moshrefzadeh

Document status

COMPELETED

Background and strategic fit

Our purpose is to open up the information about resources but not necessarily the data or physical resource (e.g. excel sheet with collected data or report). So in case a person wants to add dataset metadata and still upload or provide a link to his/er data but to a limited number of people, this extension will support this action. So on the data and resource page (stage 2 of creating a catalog entry), one can define the accessibility to that resource (public, logged-in users, same organization, individual users)

Installations and Requirements

To install ckanext-restricted on a production site:

  1. Activate your CKAN virtual environment, for example:

    ENV /usr/lib/ckan/default/bin/activate

  2. Install the ckanext-restricted Python package into your virtual environment:

    pip install ckanext-restricted

// or

pip install -e git+https://github.com/EnviDat/ckanext-restricted#egg=ckanext-restricted

  3. Add restricted  to the ckan.plugins setting in your CKAN config file.

  4. Restart CKAN. For example, if you've deployed CKAN with Apache on Ubuntu:

    sudo service apache2 reload

User interaction and design

The resource access restriction level can be individualy defined for every package. This requires adding an extra field to package metadata with (some of) the possible values: "public", "registered", "any_organization", "same_organization" (as the package).

The allowed user list is also defined in an additional field that includes autocomplete.

If you use ckanext-scheming and ckanext-composite, this is the field definition in JSON:

configuration.ini 
"scheming_version": 1,
"dataset_type": "dataset",
"about": "",
"about_url": "http://github.com/ckan/ckanext-scheming",
"dataset_fields": [...],
"resource_fields": [
 [...]
  {
  "field_name": "restricted",
  "label": "Access Restriction",
  "preset": "composite",
  "subfields":
   [
     {
       "field_name": "level",
       "label": "Level",
       "preset": "select",
       "form_include_blank_choice": false,
       "required": true,
       "choices": [
         {
           "value": "public",
           "label": "Public"
         },
         {
           "value": "registered",
           "label": "Registered Users"
         },
         {
           "value": "any_organization",
           "label": "Any Organization Members (Trusted Users)"
         },
         {
           "value": "same_organization",
           "label": "Same Organization Members"
          },
          {
           "value": "only_allowed_users",
           "label": "Allowed Users Only"
         }
        ]
      },
       {
       "field_name": "allowed_users",
        "label": "Allowed Users",
        "preset": "tag_string_autocomplete",
        "data-module-source":"/api/2/util/user/autocomplete?q=?"
        }
      ]
    }
  ]
}

Questions and Answers

Below is a list of Q&A from user sides:

QuestionAnswers
1. Can one define a different restricted level or group?Yes, this can be defined in the corresponding schema file.

Further steps