udata 14.0.0__py3-none-any.whl → 14.4.1.dev7__py3-none-any.whl

udata/api_fields.py

@@ -29,7 +29,7 @@ import flask_restx.fields as restx_fields
 import mongoengine
 import mongoengine.fields as mongo_fields
 from bson import DBRef, ObjectId
-from flask import Request
+from flask import Request, request
 from flask_restx import marshal
 from flask_restx.inputs import boolean
 from flask_restx.reqparse import RequestParser
@@ -55,8 +55,8 @@ classes_by_parents = {}
 
 
 class GenericField(restx_fields.Raw):
-    def __init__(self, fields_by_type):
-        super().__init__(self)
+    def __init__(self, fields_by_type, **kwargs):
+        super(GenericField, self).__init__(**kwargs)
         self.default = None
         self.fields_by_type = fields_by_type
 
@@ -230,6 +230,23 @@ def convert_db_to_field(key, field, info) -> tuple[Callable | None, Callable | N
 
         write_params["description"] = "ID of the reference"
         constructor_write = restx_fields.String
+    elif isinstance(field, mongo_fields.GenericEmbeddedDocumentField):
+        generic_fields = {
+            cls.__name__: convert_db_to_field(
+                f"{key}.{cls.__name__}",
+                # Instead of having GenericEmbeddedDocumentField() we'll create fields for each
+                # of the subclasses with EmbededdDocumentField(MembershipRequestNotificationDetails)…
+                mongoengine.fields.EmbeddedDocumentField(cls),
+                info,
+            )
+            for cls in field.choices
+        }
+
+        def constructor_read(**kwargs):
+            return GenericField({k: v[0].model for k, v in generic_fields.items()}, **kwargs)
+
+        def constructor_write(**kwargs):
+            return GenericField({k: v[1].model for k, v in generic_fields.items()}, **kwargs)
     elif isinstance(field, mongo_fields.EmbeddedDocumentField):
         nested_fields = info.get("nested_fields")
         if nested_fields is not None:
@@ -322,12 +339,12 @@ def generate_fields(**kwargs) -> Callable:
         write_fields: dict = {}
         ref_fields: dict = {}
         sortables: list = kwargs.get("additional_sorts", [])
+        default_sort: list = kwargs.get("default_sort", None)
 
         filterables: list[dict] = kwargs.get("standalone_filters", [])
         nested_filters: dict[str, dict] = get_fields_with_nested_filters(
             kwargs.get("nested_filters", {})
         )
-
         if issubclass(cls, db.Document) or issubclass(cls, db.DynamicDocument):
             read_fields["id"] = restx_fields.String(required=True, readonly=True)
 
@@ -472,6 +489,7 @@ def generate_fields(**kwargs) -> Callable:
                 type=str,
                 location="args",
                 choices=choices,
+                default=default_sort,
                 help="The field (and direction) on which sorting apply",
             )
 
@@ -511,6 +529,9 @@ def generate_fields(**kwargs) -> Callable:
                 phrase_query: str = " ".join([f'"{elem}"' for elem in args["q"].split(" ")])
                 base_query = base_query.search_text(phrase_query)
 
+                if "sort" not in request.args:
+                    base_query = base_query.order_by("$text_score")
+
             for filterable in filterables:
                 # If it's from an `nested_filter`, use the custom label instead of the key,
                 # eg use `organization_badge` instead of `organization.badges` which is
@@ -652,6 +673,9 @@ def patch(obj, request) -> type:
             model_attribute = getattr(obj.__class__, key)
             info = getattr(model_attribute, "__additional_field_info__", {})
 
+            if value == "" and isinstance(model_attribute, mongo_fields.StringField):
+                value = None
+
             if hasattr(model_attribute, "from_input"):
                 value = model_attribute.from_input(value)
             elif isinstance(model_attribute, mongoengine.fields.ListField) and isinstance(
@@ -677,6 +701,13 @@ def patch(obj, request) -> type:
                     value["id"],
                     document_type=db.resolve_model(value["class"]),
                 )
+            elif value and isinstance(
+                model_attribute,
+                mongoengine.fields.GenericEmbeddedDocumentField,
+            ):
+                generic_key = info.get("generic_key", DEFAULT_GENERIC_KEY)
+                embedded_field = classes_by_names[value[generic_key]]
+                value = patch(embedded_field(), value)
             elif value and isinstance(
                 model_attribute,
                 mongoengine.fields.EmbeddedDocumentField,

udata/app.py

@@ -1,26 +1,28 @@
-import datetime
 import logging
 import os
 import types
+from datetime import datetime
 from importlib.metadata import entry_points
 from os.path import abspath, dirname, exists, isfile, join
 
 import bson
+from bson import json_util
 from flask import Blueprint as BaseBlueprint
 from flask import (
     Flask,
     abort,
     g,
-    json,
     jsonify,
     make_response,
     render_template,
     request,
     send_from_directory,
 )
+from flask.json.provider import DefaultJSONProvider
 from flask_caching import Cache
 from flask_wtf.csrf import CSRFProtect
-from speaklater import is_lazy_string
+from mongoengine import EmbeddedDocument
+from mongoengine.base import BaseDocument
 from werkzeug.exceptions import NotFound
 from werkzeug.middleware.proxy_fix import ProxyFix
 
@@ -108,9 +110,9 @@ class Blueprint(BaseBlueprint):
         return wrapper
 
 
-class UDataJsonEncoder(json.JSONEncoder):
+class UdataJsonProvider(DefaultJSONProvider):
     """
-    A JSONEncoder subclass to encode unsupported types:
+    A JSONProvider subclass to encode unsupported types:
 
         - ObjectId
         - datetime
@@ -120,21 +122,16 @@ class UDataJsonEncoder(json.JSONEncoder):
     Ensure an app context is always present.
     """
 
-    def default(self, obj):
-        if is_lazy_string(obj):
+    @staticmethod
+    def default(obj):
+        if isinstance(obj, BaseDocument) or isinstance(obj, EmbeddedDocument):
+            return json_util._json_convert(obj.to_mongo())
+        elif isinstance(obj, bson.ObjectId):
             return str(obj)
-        elif isinstance(obj, bson.objectid.ObjectId):
-            return str(obj)
-        elif isinstance(obj, datetime.datetime):
+        elif isinstance(obj, datetime):
             return obj.isoformat()
-        elif hasattr(obj, "to_dict"):
-            return obj.to_dict()
-        elif hasattr(obj, "serialize"):
-            return obj.serialize()
-        # Serialize Raw data for Document and EmbeddedDocument.
-        elif hasattr(obj, "_data"):
-            return obj._data
-        return super(UDataJsonEncoder, self).default(obj)
+
+        return super(UdataJsonProvider, UdataJsonProvider).default(obj)
 
 
 # These loggers are very verbose
@@ -166,10 +163,11 @@ def create_app(config="udata.settings.Defaults", override=None, init_logging=ini
     if override:
         app.config.from_object(override)
 
-    app.json_encoder = UDataJsonEncoder
+    app.json_provider_class = UdataJsonProvider
+    app.json = app.json_provider_class(app)
 
     # `ujson` doesn't support `cls` parameter https://github.com/ultrajson/ultrajson/issues/124
-    app.config["RESTX_JSON"] = {"cls": UDataJsonEncoder}
+    app.config["RESTX_JSON"] = {"default": UdataJsonProvider.default}
 
     app.debug = app.config["DEBUG"] and not app.config["TESTING"]
 

udata/auth/__init__.py

@@ -1,4 +1,5 @@
 import logging
+import typing as t
 
 from flask import render_template
 from flask_principal import Permission as BasePermission
@@ -10,6 +11,7 @@ from flask_security import Security as Security
 from flask_security import current_user as current_user
 from flask_security import login_required as login_required
 from flask_security import login_user as login_user
+from flask_security import mail_util
 
 from . import mails
 
@@ -24,9 +26,6 @@ def render_security_template(template_name_or_list, **kwargs):
     return render_template(template_name_or_list, **kwargs)
 
 
-security = Security()
-
-
 class Permission(BasePermission):
     def __init__(self, *needs):
         """Let administrator bypass all permissions"""
@@ -36,6 +35,24 @@ class Permission(BasePermission):
 admin_permission = Permission()
 
 
+class NoopMailUtil(mail_util.MailUtil):
+    def send_mail(
+        self,
+        template: str,
+        subject: str,
+        recipient: str,
+        sender: t.Union[str, tuple],
+        body: str,
+        html: t.Optional[str],
+        **kwargs: t.Any,
+    ) -> None:
+        log.debug(f"Sending mail {subject} to {recipient}")
+        log.debug(body)
+        log.debug(html)
+
+        return None
+
+
 def init_app(app):
     from udata.models import datastore
 
@@ -61,19 +78,25 @@ def init_app(app):
             app.config["CDATA_BASE_URL"] + "?flash=confirm_error",
         )
 
-    security.init_app(
-        app,
+    # Same logic as in our own mail system :DisableMail
+    debug = app.config.get("DEBUG", False)
+    send_mail = app.config.get("SEND_MAIL", not debug)
+    mail_util_cls = mail_util.MailUtil if send_mail else NoopMailUtil
+
+    security = Security(
         datastore,
         register_blueprint=False,
         render_template=render_security_template,
         login_form=ExtendedLoginForm,
-        confirm_register_form=ExtendedRegisterForm,
         register_form=ExtendedRegisterForm,
         reset_password_form=ExtendedResetPasswordForm,
         forgot_password_form=ExtendedForgotPasswordForm,
         password_util_cls=UdataPasswordUtil,
+        mail_util_cls=mail_util_cls,
     )
 
+    security.init_app(app, datastore, register_blueprint=False)
+
     security_bp = create_security_blueprint(app, app.extensions["security"], "security_blueprint")
 
     app.register_blueprint(security_bp)

udata/auth/forms.py

@@ -8,7 +8,7 @@ from flask_security.forms import (
     ForgotPasswordForm,
     Form,
     LoginForm,
-    RegisterForm,
+    RegisterFormV2,
     ResetPasswordForm,
 )
 
@@ -31,7 +31,7 @@ class WithCaptcha:
         return False
 
 
-class ExtendedRegisterForm(WithCaptcha, RegisterForm):
+class ExtendedRegisterForm(WithCaptcha, RegisterFormV2):
     first_name = fields.StringField(
         _("First name"),
         [

udata/auth/views.py

@@ -84,6 +84,11 @@ def confirm_change_email(token):
     if flash:
         return redirect(homepage_url(flash=flash, flash_data=flash_data))
 
+    # Check if the new email is already taken by another user
+    existing_user = _datastore.find_user(email=new_email)
+    if existing_user and existing_user.id != user.id:
+        return redirect(homepage_url(flash="change_email_already_taken"))
+
     if user != current_user:
         logout_user()
         login_user(user)
@@ -140,10 +145,8 @@ def create_security_blueprint(app, state, import_name):
     This creates an I18nBlueprint to use as a base.
     """
     bp = I18nBlueprint(
-        state.blueprint_name,
+        "security",
         import_name,
-        url_prefix=state.url_prefix,
-        subdomain=state.subdomain,
         template_folder="templates",
     )
 

udata/commands/serve.py

@@ -3,7 +3,7 @@ import os
 
 import click
 from flask import current_app
-from flask.cli import DispatchingApp, pass_script_info
+from flask.cli import pass_script_info
 from werkzeug.serving import run_simple
 
 from udata.commands import cli
@@ -26,17 +26,11 @@ log = logging.getLogger(__name__)
     default=None,
     help="Enable or disable the debugger.  By default the debugger is active if debug is enabled.",
 )
-@click.option(
-    "--eager-loading/--lazy-loader",
-    default=None,
-    help="Enable or disable eager loading.  By default eager "
-    "loading is enabled if the reloader is disabled.",
-)
 @click.option(
     "--with-threads/--without-threads", default=True, help="Enable or disable multithreading."
 )
 @pass_script_info
-def serve(info, host, port, reload, debugger, eager_loading, with_threads):
+def serve(info, host, port, reload, debugger, with_threads):
     """
     Runs a local udata development server.
 
@@ -62,10 +56,8 @@ def serve(info, host, port, reload, debugger, eager_loading, with_threads):
         reload = bool(debug)
     if debugger is None:
         debugger = bool(debug)
-    if eager_loading is None:
-        eager_loading = not reload
 
-    app = DispatchingApp(info.load_app, use_eager_loading=eager_loading)
+    app = info.load_app()
 
     settings = os.environ.get("UDATA_SETTINGS", os.path.join(os.getcwd(), "udata.cfg"))
     extra_files = [settings]

udata/commands/tests/test_fixtures.py

@@ -24,7 +24,7 @@ from udata.tests.api import PytestOnlyAPITestCase
 
 class FixturesTest(PytestOnlyAPITestCase):
     @pytest.mark.options(FIXTURE_DATASET_SLUGS=["some-test-dataset-slug"])
-    def test_generate_fixtures_file_then_import(self, app, cli, api, monkeypatch):
+    def test_generate_fixtures_file_then_import(self, mocker):
         """Test generating fixtures from the current env, then importing them back."""
         assert models.Dataset.objects.count() == 0  # Start with a clean slate.
         user = UserFactory()
@@ -55,11 +55,11 @@ class FixturesTest(PytestOnlyAPITestCase):
         DataserviceFactory(datasets=[dataset], organization=org, contact_points=[contact_point])
 
         with NamedTemporaryFile(mode="w+", delete=True) as fixtures_fd:
-            # Get the fixtures from the local instance.
-            monkeypatch.setattr(requests, "get", lambda url: api.get(url))
-            monkeypatch.setattr(Response, "json", Response.get_json)
-            Response.ok = True
-            result = cli("generate-fixtures-file", "", fixtures_fd.name)
+            # Get the fixtures from the local instance by redirecting requests.get to the test client
+            mocker.patch.object(requests, "get", side_effect=lambda url: self.get(url))
+            mocker.patch.object(Response, "json", Response.get_json)
+            mocker.patch.object(Response, "ok", True, create=True)
+            result = self.cli("generate-fixtures-file", "", fixtures_fd.name)
             fixtures_fd.flush()
             assert "Fixtures saved to file " in result.output
 
@@ -81,7 +81,7 @@ class FixturesTest(PytestOnlyAPITestCase):
             assert models.ContactPoint.objects.count() == 0
 
             # Then load them in the database to make sure they're correct.
-            result = cli("import-fixtures", fixtures_fd.name)
+            result = self.cli("import-fixtures", fixtures_fd.name)
         assert models.Organization.objects(slug=org.slug).count() > 0
         result_org = models.Organization.objects.get(slug=org.slug)
         assert result_org.members[0].user.id == user.id
@@ -106,11 +106,11 @@ class FixturesTest(PytestOnlyAPITestCase):
         assert result_dataservice.organization == org
         assert result_dataservice.contact_points == [contact_point]
 
-    def test_import_fixtures_from_default_file(self, cli):
+    def test_import_fixtures_from_default_file(self):
         """Test importing fixtures from udata.commands.fixture.DEFAULT_FIXTURE_FILE."""
         # Deactivate spam detection when testing import fixtures
         SpamMixin.detect_spam_enabled = False
-        cli("import-fixtures")
+        self.cli("import-fixtures")
         SpamMixin.detect_spam_enabled = True
         assert models.Organization.objects.count() > 0
         assert models.Dataset.objects.count() > 0

udata/core/access_type/api.py

@@ -13,6 +13,6 @@ class ReasonCategoriesAPI(API):
     def get(self):
         """List all limitation reason categories"""
         return [
-            {"value": category.value, "label": category.label}
+            {"value": category.value, "label": category.label, "definition": category.definition}
             for category in InspireLimitationCategory
         ]

udata/core/access_type/constants.py

@@ -63,31 +63,35 @@ class InspireLimitationCategory(StrEnum):
         match self:
             case InspireLimitationCategory.PUBLIC_AUTHORITIES:
                 return _(
-                    "The confidentiality of the proceedings of public authorities, where such confidentiality is provided for by law."
+                    "Public access to datasets and services would adversely affect the confidentiality of the proceedings of public authorities, where such confidentiality is provided for by law."
                 )
             case InspireLimitationCategory.INTERNATIONAL_RELATIONS:
-                return _("International relations, public security or national defence.")
+                return _(
+                    "Public access to datasets and services would adversely affect international relations, public security or national defence."
+                )
             case InspireLimitationCategory.COURSE_OF_JUSTICE:
                 return _(
-                    "The course of justice, the ability of any person to receive a fair trial or the ability of a public authority to conduct an enquiry of a criminal or disciplinary nature."
+                    "Public access to datasets and services would adversely affect the course of justice, the ability of any person to receive a fair trial or the ability of a public authority to conduct an enquiry of a criminal or disciplinary nature."
                 )
             case InspireLimitationCategory.COMMERCIAL_CONFIDENTIALITY:
                 return _(
-                    "The confidentiality of commercial or industrial information, where such confidentiality is provided for by national or Community law to protect a legitimate economic interest."
+                    "Public access to datasets and services would adversely affect the confidentiality of commercial or industrial information, where such confidentiality is provided for by national or Community law to protect a legitimate economic interest, including the public interest in maintaining statistical confidentiality and tax secrecy."
                 )
             case InspireLimitationCategory.INTELLECTUAL_PROPERTY:
-                return _("Intellectual property rights.")
+                return _(
+                    "Public access to datasets and services would adversely affect intellectual property rights."
+                )
             case InspireLimitationCategory.PERSONAL_DATA:
                 return _(
-                    "The confidentiality of personal data and/or files relating to a natural person where that person has not consented to the disclosure."
+                    "Public access to datasets and services would adversely affect the confidentiality of personal data and/or files relating to a natural person where that person has not consented to the disclosure of the information to the public, where such confidentiality is provided for by national or Community law."
                 )
             case InspireLimitationCategory.VOLUNTARY_SUPPLIER:
                 return _(
-                    "The interests or protection of any person who supplied the information requested on a voluntary basis without being under a legal obligation."
+                    "Public access to datasets and services would adversely affect the interests or protection of any person who supplied the information requested on a voluntary basis without being under, or capable of being put under, a legal obligation to do so, unless that person has consented to the release of the information concerned."
                 )
             case InspireLimitationCategory.ENVIRONMENTAL_PROTECTION:
                 return _(
-                    "The protection of the environment to which such information relates, such as the location of rare species."
+                    "Public access to datasets and services would adversely affect the protection of the environment to which such information relates, such as the location of rare species."
                 )
             case _:
                 assert_never(self)

udata/core/activity/api.py

@@ -4,8 +4,9 @@ from bson import ObjectId
 from mongoengine.errors import DoesNotExist
 
 from udata.api import API, api, fields
-from udata.auth import current_user
+from udata.core.dataset.permissions import OwnableReadPermission
 from udata.core.organization.api_fields import org_ref_fields
+from udata.core.owned import Owned
 from udata.core.user.api_fields import user_ref_fields
 from udata.models import Activity, db
 
@@ -101,7 +102,7 @@ class SiteActivityAPI(API):
         # Always return a result even not complete
         # But log the error (ie. visible in sentry, silent for user)
         # Can happen when someone manually delete an object in DB (ie. without proper purge)
-        # - Filter out private items (except for sysadmin users)
+        # - Filter out items not visible to the current user
         safe_items = []
         for item in qs.queryset.items:
             try:
@@ -109,10 +110,8 @@ class SiteActivityAPI(API):
             except DoesNotExist as e:
                 log.error(e, exc_info=True)
             else:
-                if hasattr(item.related_to, "private") and (
-                    current_user.is_anonymous or not current_user.sysadmin
-                ):
-                    if item.related_to.private:
+                if isinstance(item.related_to, Owned):
+                    if not OwnableReadPermission(item.related_to).can():
                         continue
                 safe_items.append(item)
         qs.queryset.items = safe_items

udata/core/badges/tests/test_commands.py

@@ -9,32 +9,32 @@ class BadgeCommandTest(PytestOnlyDBTestCase):
     def toggle(self, path_or_id, kind):
         return self.cli("badges", "toggle", path_or_id, kind)
 
-    def test_toggle_badge_on(self, cli):
+    def test_toggle_badge_on(self):
         org = OrganizationFactory()
 
-        cli("badges", "toggle", str(org.id), PUBLIC_SERVICE)
+        self.cli("badges", "toggle", str(org.id), PUBLIC_SERVICE)
 
         org.reload()
         assert org.badges[0].kind == PUBLIC_SERVICE
 
-    def test_toggle_badge_off(self, cli):
+    def test_toggle_badge_off(self):
         org = OrganizationFactory()
         org.add_badge(PUBLIC_SERVICE)
         org.add_badge(CERTIFIED)
 
-        cli("badges", "toggle", str(org.id), PUBLIC_SERVICE)
+        self.cli("badges", "toggle", str(org.id), PUBLIC_SERVICE)
 
         org.reload()
         assert org.badges[0].kind == CERTIFIED
 
-    def test_toggle_badge_on_from_file(self, cli):
+    def test_toggle_badge_on_from_file(self):
         orgs = [OrganizationFactory() for _ in range(2)]
 
         with NamedTemporaryFile(mode="w") as temp:
             temp.write("\n".join((str(org.id) for org in orgs)))
             temp.flush()
 
-            cli("badges", "toggle", temp.name, PUBLIC_SERVICE)
+            self.cli("badges", "toggle", temp.name, PUBLIC_SERVICE)
 
         for org in orgs:
             org.reload()

udata/core/csv.py

@@ -5,6 +5,7 @@ from datetime import date, datetime
 from io import StringIO
 
 from flask import Response, stream_with_context
+from mongoengine.queryset import QuerySet
 
 from udata.mongo import db
 from udata.utils import recursive_get
@@ -35,6 +36,10 @@ class Adapter(object):
     fields = None
 
     def __init__(self, queryset):
+        # no_cache() to avoid eating up too much RAM when iterating over large querysets.
+        # Applied here rather than upstream to preserve custom QuerySet methods (like with_badge).
+        if isinstance(queryset, QuerySet):
+            queryset = queryset.no_cache()
         self.queryset = queryset
         self._fields = None
 

udata/core/dataservices/models.py

@@ -309,7 +309,7 @@ class Dataservice(
 
     @field(description="Link to the udata web page for this dataservice", show_as_ref=True)
     def self_web_url(self, **kwargs):
-        return cdata_url(f"/dataservices/{self._link_id(**kwargs)}/", **kwargs)
+        return cdata_url(f"/dataservices/{self._link_id(**kwargs)}", **kwargs)
 
     __metrics_keys__ = [
         "discussions",

udata/core/dataservices/tasks.py

@@ -6,6 +6,7 @@ from udata.core.constants import HVD
 from udata.core.dataservices.models import Dataservice
 from udata.core.organization.constants import CERTIFIED, PUBLIC_SERVICE
 from udata.core.organization.models import Organization
+from udata.core.pages.models import Page
 from udata.core.topic.models import TopicElement
 from udata.harvest.models import HarvestJob
 from udata.models import Discussion, Follow, Transfer
@@ -28,6 +29,12 @@ def purge_dataservices(self):
         Transfer.objects(subject=dataservice).delete()
         # Remove dataservices references in Topics
         TopicElement.objects(element=dataservice).update(element=None)
+        # Remove dataservices in pages (mongoengine doesn't support updating a field in a generic embed)
+        Page._get_collection().update_many(
+            {"blocs.dataservices": dataservice.id},
+            {"$pull": {"blocs.$[b].dataservices": dataservice.id}},
+            array_filters=[{"b.dataservices": dataservice.id}],
+        )
         # Remove dataservice
         dataservice.delete()
 

udata/core/dataset/api.py

@@ -531,6 +531,8 @@ class ResourcesAPI(API):
                 f"All resources must be reordered, you provided {len(resources)} "
                 f"out of {len(dataset.resources)}",
             )
+        if any(isinstance(r, dict) and "id" not in r for r in resources):
+            api.abort(400, "Each resource must have an 'id' field")
         if set(r["id"] if isinstance(r, dict) else r for r in resources) != set(
             str(r.id) for r in dataset.resources
         ):

udata/core/dataset/models.py

@@ -730,7 +730,7 @@ class Dataset(
         }
 
     def self_web_url(self, **kwargs):
-        return cdata_url(f"/datasets/{self._link_id(**kwargs)}/", **kwargs)
+        return cdata_url(f"/datasets/{self._link_id(**kwargs)}", **kwargs)
 
     def self_api_url(self, **kwargs):
         return url_for(
@@ -795,7 +795,7 @@ class Dataset(
         Resources should be fetched when calling this method.
         """
         if self.harvest and self.harvest.modified_at:
-            return self.harvest.modified_at
+            return to_naive_datetime(self.harvest.modified_at)
         if self.resources:
             return max([res.last_modified for res in self.resources])
         else:

udata/core/dataset/permissions.py

@@ -1,3 +1,6 @@
+from flask_principal import Permission as BasePermission
+from flask_principal import RoleNeed
+
 from udata.auth import Permission, UserNeed
 from udata.core.organization.permissions import (
     OrganizationAdminNeed,
@@ -22,6 +25,34 @@ class OwnablePermission(Permission):
         super(OwnablePermission, self).__init__(*needs)
 
 
+class OwnableReadPermission(BasePermission):
+    """Permission to read a private ownable object.
+
+    Always grants access if the object is not private.
+    For private objects, requires owner, org member, or sysadmin.
+
+    We inherit from BasePermission instead of udata's Permission because
+    Permission automatically adds RoleNeed("admin") to all needs. This means
+    a permission with no needs would only allow admins. With BasePermission,
+    an empty needs set allows everyone (Flask-Principal returns True when
+    self.needs is empty).
+    """
+
+    def __init__(self, obj):
+        if not getattr(obj, "private", False):
+            super().__init__()
+            return
+
+        needs = [RoleNeed("admin")]
+        if obj.organization:
+            needs.append(OrganizationAdminNeed(obj.organization.id))
+            needs.append(OrganizationEditorNeed(obj.organization.id))
+        elif obj.owner:
+            needs.append(UserNeed(obj.owner.fs_uniquifier))
+
+        super().__init__(*needs)
+
+
 class DatasetEditPermission(OwnablePermission):
     """Permissions to edit a Dataset"""