Merge pull request #219 from open-data/feature/read-only-mode

JVickery-TBS · web-flow · commit b89f2a402411 · 2026-01-26T09:47:11.000-05:00
Site Read Only Mode
diff --git a/changes/219.canada.feature b/changes/219.canada.feature
@@ -0,0 +1,5 @@
+Added a `ckan.site_read_only` config option which disables actions causing side effects,
+such as `*_create`, `*_update`, and `*_delete`, for non-sysadmin users.
+
+This setting does not prevent updates to the database from sysadmin users or updates
+that skip the action API, such as collecting page view tracking data.
diff --git a/ckan/authz.py b/ckan/authz.py
@@ -225,6 +225,13 @@ def is_authorized(action: str, context: Context,
                 if not getattr(auth_function, 'auth_sysadmins_check', False):
                     return {'success': True}
 
+        # (canada fork only): site read only mode
+        # TODO: upstream contrib!!!
+        if config.get('ckan.site_read_only', False):
+            if not getattr(p.toolkit.get_action(action), 'side_effect_free', False):
+                return {'success': False,
+                        'msg': _('Site is in read only mode')}
+
         # If the auth function is flagged as not allowing anonymous access,
         # and an existing user object is not provided in the context, deny
         # access straight away
