Extension VIP Portal

Extension Basics

Title	VIP Portal
Name	ckanext-vip-portal
Type	Public extension
Description	Generic access restrictions for anonymous users
CKAN versions	~2.9, ~2.10 Show details These CKAN Versions are exactely matched: 2.10.0 2.10.1 2.10.2 2.10.3 2.10.4 2.10.5 2.10.6 2.10.7 2.10.8 2.11.0 2.11.1 2.11.2 2.11.3 2.12.0 2.9.0 2.9.1 2.9.10 2.9.11 2.9.2 2.9.3 2.9.4 2.9.5 2.9.6 2.9.7 2.9.8 2.9.9
Download-Url (zip)	https://github.com/DataShades/ckanext-vip-portal.git#egg=ckanext-vip-portal
Download-Url commit date	2023-09-22
Url to repo	https://github.com/DataShades/ckanext-vip-portal
Category	Authentication & Security

Background Infos

Description (long)	Show details Configurable access restrictions for anonymous users with endpoint and URL-based whitelisting. Allows configuration of which endpoints and URLs are available to anonymous users with automatic login page redirect for non-whitelisted pages. Features include configurable login endpoint, separate controls for anonymous vs authenticated access, optional blocking of login/registration/password reset pages, API endpoint access control, pattern-based URL matching (exact paths, prefixes, suffixes), custom post-login redirect routes, IVipPortal interface for programmatic access checks with Access.allowed/forbidden/unknown return values, customizable rejection responses (403 for authenticated, redirect for anonymous), and support for custom authenticators.
Version	0.3.1
Version release date	2023-09-22
Contact name	DataShades / Sergey Motornyuk
Contakt email	datashades@linkdigital.com.au
Contact Url	(not set)

Installation Guide

Configuration hints	Installation: pip install ckanext-vip-portal, add ‘vip_portal’ to ckan.plugins. Configuration options: ckanext.vip_portal.login_endpoint (default: user.login), ckanext.vip_portal.free_anonymous_access (default: false) disables extension when true, ckanext.vip_portal.free_authenticated_access (default: true) allows any authenticated user access, ckanext.vip_portal.free_access_by_default (default: false) allows open access unless explicitly blocked via IVipAccess, ckanext.vip_portal.allow_login/allow_password_reset/allow_registration (default: true for all), ckanext.vip_portal.allow_api (default: true), ckanext.vip_portal.extra_allowed_endpoints (space-separated endpoints like ‘home.index home.about dataset.search’), ckanext.vip_portal.extra_allowed_paths (space-separated URLs like ‘/ /about /dataset’), ckanext.vip_portal.extra_allowed_prefixes (URL prefixes like ‘/dataset /organization /static’), ckanext.vip_portal.extra_allowed_suffixes (URL suffixes like ‘.svg .html .css’), ckan.auth.route_after_login (custom redirect after login, empty = return to requested page). Advanced: Implement IVipPortal interface for check_vip_access_for_endpoint(), check_vip_access_for_path(), make_vip_rejection_response(), alter_vip_rejection_response(). Use cases: Private CKAN portals with login requirement, VIP/members-only sections, granular public vs private content control, custom authentication workflows.
Plugins to configure (ckan.ini)	vip_portal
CKAN Settings (ckan.ini)	# ckanext.vip_portal.login_endpoint = auth_ext.login # ckanext.vip_portal.free_anonymous_access = true # ckanext.vip_portal.free_authenticated_access = false # ckanext.vip_portal.free_access_by_default = true # ckanext.vip_portal.allow_login = false # ckanext.vip_portal.allow_password_reset = false # ckanext.vip_portal.allow_registration = false # ckanext.vip_portal.allow_api = false # ckanext.vip_portal.extra_allowed_endpoints = home.index home.about dataset.search # ckanext.vip_portal.extra_allowed_paths = / /about /dataset # ckanext.vip_portal.extra_allowed_prefixes = /dataset /organization /group /static # ckanext.vip_portal.extra_allowed_suffixes = .svg .html .css # ckan.auth.route_after_login = dataset.search
DB migration to be executed	(not set)

<< back to Extensions