enh: do not allow user to specify SHA256 hash

CHANGELOG

@@ -1,8 +1,10 @@
 0.19.0
  - feat: implement resource_upload_s3_url API method
  - enh: more strict resource and dataset id validators
+ - enh: do not allow user to specify SHA256 hash
  - ref: migrate to dcor_shared 0.7.2
  - tests: migrate to helper methods from dcor_shared
+ - tests: increased coverage
 0.18.11
  - maintenance release
 0.18.10

ckanext/dcor_schemas/auth.py

@@ -136,6 +136,20 @@ def package_update(context, data_dict=None):
         # during upload, unless the resource was already uploaded to S3.
         rid = res_dict.get("id")
         res_dict["package_id"] = pkg_dict["id"]
+        # only admin users are allowed to set the SHA256 sum
+        if "sha256" in res_dict:
+            # check whether it is already set
+            try:
+                res_dict_cur = logic.get_action("resource_show")(
+                    context={"ignore_auth": True, "user": "default"},
+                    data_dict={"id": rid}
+                )
+            except logic.NotFound:
+                return {"success": False,
+                        "msg": "Normal users may not specify SHA256 hash"}
+            if res_dict_cur.get("sha256") != res_dict["sha256"]:
+                return {"success": False,
+                        "msg": "Normal users may not specify SHA256 hash"}
         model = context['model']
         session = context['session']
         if not rid:

ckanext/dcor_schemas/tests/test_web.py

@@ -22,8 +22,8 @@ def test_homepage_bad_link(app):
     app.get("/bad_link", status=404)
 
 
-@pytest.mark.ckan_config('ckan.plugins', 'dcor_schemas dcor_theme')
-@pytest.mark.usefixtures('clean_db', 'with_plugins', 'with_request_context')
+@pytest.mark.ckan_config('ckan.plugins', 'dcor_schemas')
+@pytest.mark.usefixtures('clean_db', 'with_request_context')
 def test_login_and_browse_to_dataset_new_fails(app):
     """We disabled dataset creation with #20"""
     user = factories.UserWithToken()
@@ -36,8 +36,8 @@ def test_login_and_browse_to_dataset_new_fails(app):
             )
 
 
-@pytest.mark.ckan_config('ckan.plugins', 'dcor_schemas dcor_theme')
-@pytest.mark.usefixtures('clean_db', 'with_plugins', 'with_request_context')
+@pytest.mark.ckan_config('ckan.plugins', 'dcor_schemas')
+@pytest.mark.usefixtures('clean_db', 'with_request_context')
 @pytest.mark.parametrize("url", ["/dataset",
                                  "/group",
                                  "/group/new",
@@ -55,8 +55,8 @@ def test_login_and_browse_to_main_locations(url, app):
             )
 
 
-@pytest.mark.ckan_config('ckan.plugins', 'dcor_schemas dcor_theme')
-@pytest.mark.usefixtures('clean_db', 'with_plugins', 'with_request_context')
+@pytest.mark.ckan_config('ckan.plugins', 'dcor_schemas')
+@pytest.mark.usefixtures('clean_db', 'with_request_context')
 def test_login_and_go_to_dataset_edit_page(app, create_with_upload):
     user = factories.UserWithToken()
 
@@ -81,8 +81,8 @@ def test_login_and_go_to_dataset_edit_page(app, create_with_upload):
             )
 
 
-@pytest.mark.ckan_config('ckan.plugins', 'dcor_schemas dcor_theme')
-@pytest.mark.usefixtures('clean_db', 'with_plugins', 'with_request_context')
+@pytest.mark.ckan_config('ckan.plugins', 'dcor_schemas')
+@pytest.mark.usefixtures('clean_db', 'with_request_context')
 def test_login_and_go_to_dataset_edit_page_and_view_license_options(
         app, create_with_upload):
     """Check whether the license options are correct"""
@@ -126,8 +126,8 @@ def test_login_and_go_to_dataset_edit_page_and_view_license_options(
         assert bad not in resp.body
 
 
-@pytest.mark.ckan_config('ckan.plugins', 'dcor_schemas dcor_theme')
-@pytest.mark.usefixtures('clean_db', 'with_plugins', 'with_request_context')
+@pytest.mark.ckan_config('ckan.plugins', 'dcor_schemas')
+@pytest.mark.usefixtures('clean_db', 'with_request_context')
 def test_resource_view_references(app, create_with_upload):
     """Test whether the references links render correctly"""
     user = factories.UserWithToken()