We allow anyone to create an account.
We’d like to only allow datasets to be public only if they’re owned by an organization.
We control which users get added to organizations.
We’d like to allow anyone with an account to upload datasets, even before they’re part of an organization. This would encourage uploads, so that users don’t have to wait to be added to an organization by an admin and then have to come back to the site and add their datasets.
To support this, we need datasets created by people who are not authorized to add datasets to an organization, to upload private datasets.
Is there a nice way to do something like this?
I’ve tried extending package_basic_fields.html
to set the dataset’s private
field to false, and added a package_create
and package_update
auth plugin method that denies setting datasets public
without an owner organization. The datasets_with_no_organization_cannot_be_private
validator rejects that. I can probably modify the package schema not to use that validator, but this is turning into quite a lot of plumbing.
So I’m keen to hear if someone’s done something similar and how.
This is for a government data portal. It’s really awesome that they’re welcoming contributions from other organizations, but we don’t want just anyone to upload something malicious - the thinking is that users verified to be part of organizations will be a bit more responsible and won’t upload viruses or porn but will stick to relevant content.