From 03e62c08da6841e7b4ed5719fabe9431792e31c6 Mon Sep 17 00:00:00 2001
From: amercader <amercadero@gmail.com>
Date: Wed, 22 May 2024 09:52:29 +0200
Subject: [PATCH] Fix permissions for non-logged in users in dataset page

---
 ckanext/embeddings/auth.py            |  3 ++-
 ckanext/embeddings/tests/test_auth.py | 35 +++++++++++++++++++++++++++
 2 files changed, 37 insertions(+), 1 deletion(-)
 create mode 100644 ckanext/embeddings/tests/test_auth.py

diff --git a/ckanext/embeddings/auth.py b/ckanext/embeddings/auth.py
index b7b3c94..bd973ce 100644
--- a/ckanext/embeddings/auth.py
+++ b/ckanext/embeddings/auth.py
@@ -1,5 +1,6 @@
+from ckan.plugins import toolkit
 from ckan.authz import is_authorized
 
-
+@toolkit.auth_allow_anonymous_access
 def package_similar_show(context, data_dict):
     return is_authorized("package_show", context, data_dict)
diff --git a/ckanext/embeddings/tests/test_auth.py b/ckanext/embeddings/tests/test_auth.py
new file mode 100644
index 0000000..d4e6bb5
--- /dev/null
+++ b/ckanext/embeddings/tests/test_auth.py
@@ -0,0 +1,35 @@
+import pytest
+
+from ckan.plugins import toolkit
+from ckan.tests import factories, helpers
+
+pytestmark = pytest.mark.usefixtures("with_plugins")
+
+
+def test_package_similar_show_auth_public_dataset():
+
+    dataset = factories.Dataset()
+    context = {"user": ""}
+    assert helpers.call_auth("package_similar_show", context, id=dataset["id"])
+
+    user = factories.User()
+    context = {"user": user["name"]}
+    assert helpers.call_auth("package_similar_show", context, id=dataset["id"])
+
+
+def test_package_similar_show_auth_private_dataset():
+
+    user1 = factories.User()
+    user2 = factories.User()
+    org = factories.Organization(users=[{"name": user1["name"], "capacity": "member"}])
+    dataset = factories.Dataset(private=True, owner_org=org["id"])
+    context = {"user": ""}
+    with pytest.raises(toolkit.NotAuthorized):
+        helpers.call_auth("package_similar_show", context, id=dataset["id"])
+
+    context = {"user": user2["name"]}
+    with pytest.raises(toolkit.NotAuthorized):
+        helpers.call_auth("package_similar_show", context, id=dataset["id"])
+
+    context = {"user": user1["name"]}
+    assert helpers.call_auth("package_similar_show", context, id=dataset["id"])