Add publiccode.yml

publiccode.yml

@@ -0,0 +1,160 @@
+# This repository adheres to the publiccode.yml standard by including this 
+# metadata file that makes public software easily discoverable.
+# More info at https://github.com/italia/publiccode.yml
+
+publiccodeYmlVersion: '0.2'
+name: ckanext-berlinauth
+applicationSuite: CKAN
+url: 'https://github.com/berlinonline/ckanext-berlinauth'
+releaseDate: '2020-07-28'
+softwareVersion: 0.2.8
+developmentStatus: stable
+softwareType: addon
+platforms:
+  - web
+categories:
+  - it-development
+  - knowledge-management
+maintenance:
+  type: internal
+  contacts:
+    - name: Dr. Knud Möller
+      email: knud.moeller@berlinonline.de
+legal:
+  license: AGPL-3.0-only
+  mainCopyrightOwner: ' BerlinOnline GmbH'
+  repoOwner: ' BerlinOnline GmbH'
+localisation:
+  localisationReady: false
+  availableLanguages:
+    - en
+description:
+  en:
+    genericName: ckanext-berlinauth
+    documentation: >-
+      https://github.com/berlinonline/ckanext-berlinauth?tab=readme-ov-file#ckanext-berlinauth
+    shortDescription: >-
+      This plugin belongs to a set of plugins for the Datenregister – the
+      non-public CKAN instance that is part of Berlin's open data portal
+      daten.berlin.de
+    longDescription: >
+      This plugin belongs to a set of plugins for the _Datenregister_ – the
+      non-public [CKAN](https://ckan.org/) instance that is part of Berlin's
+      open data portal [daten.berlin.de](https://daten.berlin.de/).
+      `ckanext-berlinauth` provides a custom authorization model. Among other
+      things, access for anonymous users is restricted, file upload is
+      deactivated
+
+
+      The plugin implements the following CKAN interfaces:
+
+
+      -
+      [IAuthFunctions](http://docs.ckan.org/en/latest/extensions/plugin-interfaces.html#ckan.plugins.interfaces.IAuthFunctions)
+
+      -
+      [IActions](http://docs.ckan.org/en/latest/extensions/plugin-interfaces.html#ckan.plugins.interfaces.IActions)
+
+      -
+      [IMiddleware](http://docs.ckan.org/en/latest/extensions/plugin-interfaces.html#ckan.plugins.interfaces.IMiddleware)
+
+
+      ## Requirements
+
+
+      This plugin has been tested with CKAN 2.9.8 (which requires Python 3).
+
+
+      ## Register-mode
+
+
+      "Register-mode"  is the implementation for the use case where we have CKAN
+      as a separate  "backend" system, only accessible to administrative staff
+      who add and  manage datasets. In this scenario, CKAN is called the
+      "Datenregister".
+
+
+      The general authorization model is as follows:
+
+
+      - Anonymous users have no access to the website
+      ([https://datenregister.berlin.de](https://datenregister.berlin.de/)),
+      except for the `/about` and `/datenschutzerklaerung`. All requests are
+      redirected to the login page.
+
+      - Anonymous has access to a subset of the CKAN API (most GET-able
+      functions) and the DCAT API.
+
+      - Logged-in users have restricted access to site and API. 
+          - no user list/show (except for self)
+          - no vocabulary list/show
+          - hide certain groups from `group\_list`, `organization\_list`
+          - hide users except self from `group\_show`, `organization\_show`
+          - ...
+      - File upload has been disabled.
+
+
+      ## Monitoring, Liveness and Readiness Probes
+
+
+      The fact that the home page (`/`)  is no longer available to anonymous
+      users has implications for  monitoring services such as liveness and
+      readiness probes in Kubernetes. If `ckanext-berlinauth` is installed and
+      activated, such  services should not point to the home page, but instead
+      to a page that  is available to anonymous users as well. A good candidate
+      is the info page at `/about`.
+
+
+      ## Additional Configuration Options
+
+
+      - `berlin.technical\_groups`: A space-separated list of
+      group/organizations that are considered  'technical'. A technical
+      organization is one which does not reflect a real-world  organization, but
+      has only been introduced to structure permissions. Technical groups are
+      hidden for non-sysadmin users.
+
+          berlin.technical\_groups = simplesearch harvester-fis-broker
+
+      - `berlin.public\_pages`: By default, access to the Datenregister is
+      restricted to logged-in users. This setting contains a space-separated
+      list of paths that should be visible to the public, i.e., to anonymous
+      users.
+
+          berlin.public\_pages = about datenschutzerklaerung
+
+      ## Version Numbers for Plugins
+
+
+      The CKAN API's
+      [status\_show](https://docs.ckan.org/en/2.9/api/#ckan.logic.action.get.status_show)
+      method includes a list of plugins as configured in the `ckan.plugins`
+      setting. `ckanext-berlinauth` includes an extended version of
+      `status\_show`  that also shows the version number of each plugin. This
+      assumes that the plugin module defines a `\_\_version\_\_` attribute that
+      contains the version number. If there is no `\_\_version\_\_` attribute,
+      the version number will be `unknown`:
+
+          {
+        "help": "http://ckandev.bln/api/3/action/help\_show?name=status\_show",
+        "success": true,
+        "result": {
+          "site\_title": "Datenregister Dev",
+          "site\_description": "",
+          "site\_url": "http://ckandev.bln",
+          "ckan\_version": "2.9.8",
+          "error\_emails\_to": null,
+          "locale\_default": "en",
+          "extensions": {
+            "stats": {
+              "version": "unknown"
+            },
+            "berlintheme": {
+              "version": "0.3.6"
+            },
+            "berlinauth": {
+              "version": "0.2.6"
+            }
+          }
+        }
+      }