Extensions
The catalog uses seven custom CKAN extensions:
ckanext-obis_theme
Visual theming for the OBIS look and feel. Overrides CKAN templates for the homepage, header, footer, and dataset pages. Provides template helpers for product type and thematic area stats.
Plugin name: obis_theme
ckanext-obis_sync
OBIS data synchronization CLI commands. Syncs OBIS nodes as organizations and institutions as groups (with Ocean Expert enrichment).
Plugin name: obis_sync
Commands:
ckan obis sync-nodes— Sync OBIS nodes as CKAN organizationsckan obis sync-institutions— Sync institutions as CKAN groups
ckanext-odis_export
ODIS Schema.org JSON-LD export. Adds a /dataset/<id>/odis.jsonld endpoint to every dataset, transforming CKAN metadata to ODIS-compliant Schema.org JSON-LD. Also serves a dynamic /sitemap.xml listing all JSON-LD endpoints for ODIS harvesting.
Plugin name: odis_export
This is the primary output of the catalog — making curated metadata discoverable by ODIS.
ckanext-obis_schema
Source-agnostic catalog schema, facets, validators, and Solr indexing. Defines the dataset schema via obis_schema.yaml, provides custom validators, indexes multi-valued fields for Solr, and adds Product Type, Thematic Area, and License facets.
Plugin name: obis_schema
CLI Commands:
ckan obis-schema init-vocabularies— Creates controlled vocabularies for product types and thematic areas if they don't already exist. Does not remove or update existing terms — to modify vocabulary terms, use the CKAN shell directly.
License registry: The catalog uses a custom license registry at ckan/licenses.json (volume-mounted into the CKAN container) which extends CKAN's default license list with SPDX identifiers used by Zenodo (e.g. cc-by-4.0, mit-license). This gives raw SPDX strings proper display names and URLs in the UI. New license strings encountered from future sources should be added to ckan/licenses.json. The config variable CKAN___LICENSES_GROUP_URL=file:///srv/app/licenses.json points CKAN at this file.
License family facet: The LICENSE_FAMILY_MAP in plugin.py maps stored license_id values to constraint-oriented display buckets, indexed as a license_family Solr field:
| Bucket | Meaning |
|---|---|
Public Domain |
No rights reserved (CC0, other-pd) |
Open (Attribution required) |
Use freely, credit the author (CC-BY, ODC-BY) |
Open (Share-Alike) |
Use freely, same license on derivatives (CC-BY-SA) |
Non-Commercial |
No commercial use (CC-BY-NC) |
Other Open |
Open license not fitting above buckets (MIT, ODbL) |
Not Specified |
No license information provided |
Unclassified |
License recorded but not yet mapped — acts as a work queue |
Any license_id not in LICENSE_FAMILY_MAP automatically falls into Unclassified. After adding new sources, check the Unclassified bucket and add new mappings to LICENSE_FAMILY_MAP as needed. After updating the map, rebuild the Solr index: ckan search-index rebuild.
ckanext-doi-import
Import datasets from DOIs (currently Zenodo). Provides a web UI for DOI import and an API endpoint for automated harvesting. Uses a mapper pattern — each source repository has its own mapper package under mappers/.
Plugin name: doi_import
Key features:
- Duplicate detection: Checks for existing datasets by matching
source_urlbefore importing. If found, updates instead of creating a duplicate. - Smart update: On re-import, preserves curated fields (
thematic_tags,product_type,groups,owner_org,tag_string) and only updates fields where the source provides new values. - DOI-based URL slugs: New imports use the DOI as the URL slug (e.g.,
/dataset/10-5281-zenodo-17537386) for stability and uniqueness. - Blacklist check: Checks
catalog_blacklist.csvbefore importing. Blacklisted DOIs are rejected with an explanation. - Web form:
/dataset/import-doi— paste a DOI, select an organization, import. - API endpoint:
POST /api/harvest-doi— for automated imports. - Mapper pattern:
mappers/base.py(DOI detection and shared utilities),mappers/zenodo/(Zenodo-specific). See Contributing > Adding a New Data Source for how to add a new source.
CLI Commands:
ckan doi-import harvest— Bulk import/update from the DOI registry CSV. Checks blacklist, uses smart update to preserve curated fields.ckan doi-import export-whitelist— Export all catalog products as CSV (doi,title,source_url,catalog_url). Used by the nightly cron job.
ckanext-public-edit
Authorization policy extension that enables cross-node curation. Any logged-in user can edit public datasets and create new datasets, but only organization admins can delete datasets or reassign a dataset to a different organization.
Plugin name: public_edit
What it overrides:
| Auth function | Default CKAN | With public_edit |
|---|---|---|
package_update |
Only org editors/admins | Any logged-in user (public datasets) |
package_create |
Only org members | Any logged-in user |
package_delete |
Org editors and admins | Org admins only |
Organization field behavior:
- When editing an existing dataset, non-admins see the owning organization as read-only text
- When creating a new dataset, users see a dropdown of their organizations (typically OBIS Community)
- Organization admins and sysadmins see the full dropdown and can reassign datasets
Server-side protection: Even if the UI is bypassed, the before_dataset_update hook silently reverts any unauthorized org changes.
Plugin load order
public_edit must be loaded before scheming_datasets in CKAN__PLUGINS so that its template override for the organization field takes effect.
ckanext-oauth2-login
ORCID OAuth2 login for researchers. Allows users to sign in with their ORCID iD instead of a CKAN username and password. Only ORCID iDs on the approved whitelist can log in. Creates a CKAN account on first login and auto-assigns new users to the OBIS Community organization as editors.
Plugin name: oauth2_login
Access control: Login is restricted to ORCID iDs listed in orcid_whitelist.txt in the extension root. Unapproved users are shown a message to contact helpdesk@obis.org. See Operations > User Management for how to manage the whitelist.
Whitelist: src/ckanext-oauth2-login/orcid_whitelist.txt — one ORCID per line. A full rebuild is required after changes:
Key behaviors:
- Whitelist checked after ORCID authentication, before account creation
- First-time approved users get a CKAN account and OBIS Community membership automatically
- Deleted users are reactivated on next login (remove from whitelist to block)
- Session handling mirrors CKAN's native login (session regeneration + CSRF token rotation)
Routes:
| Route | Purpose |
|---|---|
/oauth2/login/orcid |
Starts the ORCID login flow |
/oauth2/callback |
Handles the redirect back from ORCID |
Required .env variables: