Skip to content

Extensions

The catalog uses seven custom CKAN extensions:

ckanext-obis_theme

Visual theming for the OBIS look and feel. Overrides CKAN templates for the homepage, header, footer, and dataset pages. Provides template helpers for product type and thematic area stats.

Plugin name: obis_theme

ckanext-obis_sync

OBIS data synchronization CLI commands. Syncs OBIS nodes as organizations and institutions as groups (with Ocean Expert enrichment).

Plugin name: obis_sync

Commands:

  • ckan obis sync-nodes — Sync OBIS nodes as CKAN organizations
  • ckan obis sync-institutions — Sync institutions as CKAN groups

ckanext-odis_export

ODIS Schema.org JSON-LD export. Adds a /dataset/<id>/odis.jsonld endpoint to every dataset, transforming CKAN metadata to ODIS-compliant Schema.org JSON-LD. Also serves a dynamic /sitemap.xml listing all JSON-LD endpoints for ODIS harvesting.

Plugin name: odis_export

This is the primary output of the catalog — making curated metadata discoverable by ODIS.

ckanext-obis_schema

Source-agnostic catalog schema, facets, validators, and Solr indexing. Defines the dataset schema via obis_schema.yaml, provides custom validators, indexes multi-valued fields for Solr, and adds Product Type, Thematic Area, and License facets.

Plugin name: obis_schema

CLI Commands:

  • ckan obis-schema init-vocabularies — Creates controlled vocabularies for product types and thematic areas if they don't already exist. Does not remove or update existing terms — to modify vocabulary terms, use the CKAN shell directly.

License registry: The catalog uses a custom license registry at ckan/licenses.json (volume-mounted into the CKAN container) which extends CKAN's default license list with SPDX identifiers used by Zenodo (e.g. cc-by-4.0, mit-license). This gives raw SPDX strings proper display names and URLs in the UI. New license strings encountered from future sources should be added to ckan/licenses.json. The config variable CKAN___LICENSES_GROUP_URL=file:///srv/app/licenses.json points CKAN at this file.

License family facet: The LICENSE_FAMILY_MAP in plugin.py maps stored license_id values to constraint-oriented display buckets, indexed as a license_family Solr field:

Bucket Meaning
Public Domain No rights reserved (CC0, other-pd)
Open (Attribution required) Use freely, credit the author (CC-BY, ODC-BY)
Open (Share-Alike) Use freely, same license on derivatives (CC-BY-SA)
Non-Commercial No commercial use (CC-BY-NC)
Other Open Open license not fitting above buckets (MIT, ODbL)
Not Specified No license information provided
Unclassified License recorded but not yet mapped — acts as a work queue

Any license_id not in LICENSE_FAMILY_MAP automatically falls into Unclassified. After adding new sources, check the Unclassified bucket and add new mappings to LICENSE_FAMILY_MAP as needed. After updating the map, rebuild the Solr index: ckan search-index rebuild.

ckanext-doi-import

Import datasets from DOIs (currently Zenodo). Provides a web UI for DOI import and an API endpoint for automated harvesting. Uses a mapper pattern — each source repository has its own mapper package under mappers/.

Plugin name: doi_import

Key features:

  • Duplicate detection: Checks for existing datasets by matching source_url before importing. If found, updates instead of creating a duplicate.
  • Smart update: On re-import, preserves curated fields (thematic_tags, product_type, groups, owner_org, tag_string) and only updates fields where the source provides new values.
  • DOI-based URL slugs: New imports use the DOI as the URL slug (e.g., /dataset/10-5281-zenodo-17537386) for stability and uniqueness.
  • Blacklist check: Checks catalog_blacklist.csv before importing. Blacklisted DOIs are rejected with an explanation.
  • Web form: /dataset/import-doi — paste a DOI, select an organization, import.
  • API endpoint: POST /api/harvest-doi — for automated imports.
  • Mapper pattern: mappers/base.py (DOI detection and shared utilities), mappers/zenodo/ (Zenodo-specific). See Contributing > Adding a New Data Source for how to add a new source.

CLI Commands:

  • ckan doi-import harvest — Bulk import/update from the DOI registry CSV. Checks blacklist, uses smart update to preserve curated fields.
  • ckan doi-import export-whitelist — Export all catalog products as CSV (doi, title, source_url, catalog_url). Used by the nightly cron job.

ckanext-public-edit

Authorization policy extension that enables cross-node curation. Any logged-in user can edit public datasets and create new datasets, but only organization admins can delete datasets or reassign a dataset to a different organization.

Plugin name: public_edit

What it overrides:

Auth function Default CKAN With public_edit
package_update Only org editors/admins Any logged-in user (public datasets)
package_create Only org members Any logged-in user
package_delete Org editors and admins Org admins only

Organization field behavior:

  • When editing an existing dataset, non-admins see the owning organization as read-only text
  • When creating a new dataset, users see a dropdown of their organizations (typically OBIS Community)
  • Organization admins and sysadmins see the full dropdown and can reassign datasets

Server-side protection: Even if the UI is bypassed, the before_dataset_update hook silently reverts any unauthorized org changes.

Plugin load order

public_edit must be loaded before scheming_datasets in CKAN__PLUGINS so that its template override for the organization field takes effect.

ckanext-oauth2-login

ORCID OAuth2 login for researchers. Allows users to sign in with their ORCID iD instead of a CKAN username and password. Only ORCID iDs on the approved whitelist can log in. Creates a CKAN account on first login and auto-assigns new users to the OBIS Community organization as editors.

Plugin name: oauth2_login

Access control: Login is restricted to ORCID iDs listed in orcid_whitelist.txt in the extension root. Unapproved users are shown a message to contact helpdesk@obis.org. See Operations > User Management for how to manage the whitelist.

Whitelist: src/ckanext-oauth2-login/orcid_whitelist.txt — one ORCID per line. A full rebuild is required after changes:

docker compose build ckan && docker compose up -d

Key behaviors:

  • Whitelist checked after ORCID authentication, before account creation
  • First-time approved users get a CKAN account and OBIS Community membership automatically
  • Deleted users are reactivated on next login (remove from whitelist to block)
  • Session handling mirrors CKAN's native login (session regeneration + CSRF token rotation)

Routes:

Route Purpose
/oauth2/login/orcid Starts the ORCID login flow
/oauth2/callback Handles the redirect back from ORCID

Required .env variables:

CKANEXT__OAUTH2_LOGIN__ORCID_CLIENT_ID=APP-XXXXXXXXXXXXXXXX
CKANEXT__OAUTH2_LOGIN__ORCID_CLIENT_SECRET=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
CKANEXT__OAUTH2_LOGIN__REDIRECT_URI=https://your-domain/oauth2/callback