feat: disable admin panel by default, add opt to enable

DataShades · Nov 25, 2024 · aaf412d · aaf412d
1 parent 8faf070
commit aaf412d
Show file tree

Hide file tree

Showing 9 changed files with 55 additions and 15 deletions.
diff --git a/README.md b/README.md
@@ -9,9 +9,9 @@ Read the [documentation](https://datashades.github.io/ckanext-event-audit/) for
 TODO:
 - [ ] add config option to exclude result and payload fields from being stored
 - [ ] allow to restrict a list of available repos (security concern)
-- [ ] disable the admin interface by default (security concern)
-- [ ] update `remove_events` method to allow removing events by date range
-- [ ] add a cli command to remove events by date range
+- [X] disable the admin interface by default (security concern)
+- [X] update `remove_events` method to allow removing events by date range
+- [X] add a cli command to remove events by date range
 
 ## Quick start
 

diff --git a/ckanext/event_audit/config.py b/ckanext/event_audit/config.py
@@ -23,6 +23,9 @@
 
 CONF_THREADED = "ckanext.event_audit.threaded_mode"
 
+CONF_ADMIN_PANEL = "ckanext.event_audit.enable_admin_panel"
+DEF_ADMIN_PANEL = True
+
 
 def active_repo() -> str:
     """The active repository to store the audit logs."""
@@ -72,3 +75,7 @@ def get_batch_timeout() -> int:
 
 def is_threaded_mode_enabled() -> bool:
     return tk.config[CONF_THREADED]
+
+
+def is_admin_panel_enabled() -> bool:
+    return tk.config.get(CONF_ADMIN_PANEL, DEF_ADMIN_PANEL)
diff --git a/ckanext/event_audit/config_declaration.yaml b/ckanext/event_audit/config_declaration.yaml
@@ -79,3 +79,9 @@ groups:
         default: true
         editable: false
         type: bool
+
+      - key: ckanext.event_audit.enable_admin_panel
+        description: Enable the admin panel
+        default: true
+        editable: false
+        type: bool
diff --git a/ckanext/event_audit/plugin.py b/ckanext/event_audit/plugin.py
@@ -98,21 +98,29 @@ def configure(self, config_: CKANConfig) -> None:
     # ISignal
 
     def get_signal_subscriptions(self) -> SignalMapping:
-        return {
+        mapping: SignalMapping = {
             tk.signals.action_succeeded: [
                 listeners.api.action_succeeded_subscriber,
             ],
-            tk.signals.ckanext.signal("ap_main:collect_config_sections"): [
-                self.collect_config_sections_subs
-            ],
-            tk.signals.ckanext.signal("ap_main:collect_config_schemas"): [
-                self.collect_config_schemas_subs
-            ],
-            tk.signals.ckanext.signal("collection:register_collections"): [
-                self.get_collection_factories,
-            ],
         }
 
+        if config.is_admin_panel_enabled():
+            mapping.update(
+                {
+                    tk.signals.ckanext.signal("ap_main:collect_config_sections"): [
+                        self.collect_config_sections_subs
+                    ],
+                    tk.signals.ckanext.signal("ap_main:collect_config_schemas"): [
+                        self.collect_config_schemas_subs
+                    ],
+                    tk.signals.ckanext.signal("collection:register_collections"): [
+                        self.get_collection_factories,
+                    ],
+                }
+            )
+
+        return mapping
+
     @staticmethod
     def collect_config_sections_subs(sender: None):
         return {

diff --git a/ckanext/event_audit/views.py b/ckanext/event_audit/views.py
@@ -6,11 +6,11 @@
 import ckan.plugins as p
 import ckan.plugins.toolkit as tk
 
-from ckanext.event_audit import utils
+from ckanext.event_audit import utils, config
 
 event_audit = Blueprint("event_audit", __name__, url_prefix="/admin-panel/event_audit")
 
-if p.plugin_loaded("admin_panel"):
+if p.plugin_loaded("admin_panel") and config.is_admin_panel_enabled():
     from ckan.logic import parse_params
 
     from ckanext.ap_main.utils import ap_before_request

diff --git a/docs/configure/admin_panel.md b/docs/configure/admin_panel.md
@@ -0,0 +1,18 @@
+We have an integration with the `ckanext-admin-panel` extension, which allows you to manage the CKAN configuration from the web interface. To enable this integration, you need to install the `ckanext-admin-panel` extension and configure it as described in the [`ckanext-admin-panel documentation`](https://github.com/DataShades/ckanext-admin-panel).
+
+![alt text](../img/ap_toolbar.png)
+
+???+ Note
+    The admin panel is available only for `sysadmin` users.
+
+By default, the admin pages are not being registered. But if you want to enable it, you can set the respective option to `true` in your CKAN configuration file.
+
+```ini
+ckanext.event_audit.enable_admin_panel = true
+```
+
+## Configuration with `ckanext-admin-panel`
+
+The `ckanext-admin-panel` allows you to configure the extension in real time from the web interface.
+
+![alt text](../img/ap_config.png)
diff --git a/docs/img/ap_config.png b/docs/img/ap_config.png
diff --git a/docs/img/ap_toolbar.png b/docs/img/ap_toolbar.png
diff --git a/mkdocs.yml b/mkdocs.yml
@@ -90,6 +90,7 @@ nav:
   - cli.md
 
   - Configuration:
+    - configure/admin_panel.md
     - configure/active_repo.md
     - configure/cloudwatch.md
     - configure/ignore.md