def layerPermissions(self, layer): # NOQA
""" Returns the layer rights """
QgsMessageLog.logMessage("layerPermissions {}".format(layer.name()))
self.assert_plugin_initialised()
try:
rights = QgsAccessControlFilter.LayerPermissions()
rights.canRead = rights.canInsert = rights.canUpdate = rights.canDelete = False
layers = self.get_layers()
ogc_layer_name = self.ogc_layer_name(layer)
if ogc_layer_name not in layers:
return rights
gmf_layers = self.get_layers()[ogc_layer_name]
roles = self.get_roles()
access, _ = self.get_restriction_areas(gmf_layers, roles=roles)
if access is not Access.NO:
rights.canRead = True
access, _ = self.get_restriction_areas(gmf_layers,
rw=True,
roles=roles)
rights.canInsert = rights.canUpdate = rights.canDelete = access is not Access.NO
return rights
except Exception:
QgsMessageLog.logMessage(''.join(
traceback.format_exception(*sys.exc_info())))
raise
def layerPermissions(self, layer):
""" Return the layer rights """
rights = QgsAccessControlFilter.LayerPermissions()
rights.canRead = not self.active['layerPermissions']
return rights
def layerPermissions(self, layer): # NOQA
""" Return the layer rights """
if not self.initialized:
QgsMessageLog.logMessage("Call on uninitialized plugin",
"GeoMapFishAccessControl",
level=Qgis.Critical)
no_rights = QgsAccessControlFilter.LayerPermissions()
no_rights.canRead = no_rights.canInsert = no_rights.canUpdate = no_rights.canDelete = False
return no_rights
return self.get_ogcserver_accesscontrol().layerPermissions(layer)
def layerPermissions(self, layer):
"""Return the layer rights canRead, canInsert, canUpdate, canDelete """
rh = self.serverInterface().requestHandler()
if rh.parameterMap().get("TEST_ACCESS_CONTROL", "") == layer.name():
permissions = QgsAccessControlFilter.LayerPermissions()
permissions.canRead = False
permissions.canUpdate = False
permissions.canDelete = False
permissions.canCreate = False
return permissions
else:
return super().layerPermissions(layer)
def layerPermissions( # noqa: ignore=N803
self, layer: QgsVectorLayer
) -> qgis.server.QgsAccessControlFilter.LayerPermissions:
"""Return the layer rights."""
try:
if not self.initialized:
LOG.error("Call on uninitialized plugin")
no_rights = QgsAccessControlFilter.LayerPermissions()
no_rights.canRead = no_rights.canInsert = no_rights.canUpdate = no_rights.canDelete = False
return no_rights
return self.get_ogcserver_accesscontrol().layerPermissions(layer)
except Exception:
LOG.error("Unhandled error", exc_info=True)
raise
def layerPermissions( # noqa: ignore=N802
self, layer: QgsVectorLayer
) -> qgis.server.QgsAccessControlFilter.LayerPermissions:
"""
Returns the layer rights.
"""
LOG.debug("layerPermissions %s", layer.name())
try:
rights = QgsAccessControlFilter.LayerPermissions()
rights.canRead = rights.canInsert = rights.canUpdate = rights.canDelete = False
if self.ogcserver is None:
parameters = self.serverInterface().requestHandler(
).parameterMap()
LOG.warning(
"Call on uninitialized plugin, map: %s",
os.environ.get("QGIS_PROJECT_FILE", parameters.get("MAP")),
)
return rights
session = self.DBSession()
try:
roles = self.get_roles(session)
if roles == "ROOT":
rights.canRead = True
layers = self.get_layers(session)
ogc_layer_name = self.ogc_layer_name(layer)
if ogc_layer_name not in layers:
return rights
gmf_layers = self.get_layers(session)[ogc_layer_name]
finally:
session.close()
access, _ = self.get_restriction_areas(gmf_layers, roles=roles)
if access is not Access.NO:
rights.canRead = True
access, _ = self.get_restriction_areas(gmf_layers,
read_write=True,
roles=roles)
rights.canInsert = rights.canUpdate = rights.canDelete = access is not Access.NO
return rights
except Exception:
LOG.error("Cannot run layerPermissions", exc_info=True)
raise
def layerPermissions(self, layer):
""" Return the layer rights """
if not self._active:
return super(RestrictedAccessControl, self).layerPermissions(layer)
rh = self.serverInterface().requestHandler()
rights = QgsAccessControlFilter.LayerPermissions()
# Used to test WFS transactions
if rh.parameterMap().get("LAYER_PERM") == "no":
return rights
# Used to test the WCS
if rh.parameterMap().get("TEST") == "dem":
rights.canRead = layer.name() != "dem"
else:
rights.canRead = layer.name() not in ("Country", "Hello_OnOff")
if layer.name() == "db_point":
rights.canRead = rights.canInsert = rights.canUpdate = rights.canDelete = True
return rights
def layerPermissions(self, layer):
""" Return the layer rights """
username = self._get_user()
QgsMessageLog.logMessage("# Layer {} #".format(layer.name()))
rights = QgsAccessControlFilter.LayerPermissions()
if username in ROLES:
role = ROLES[username]
permissions = PERMISSIONS[role]
if layer.name() in permissions:
layer_permissions = permissions[layer.name()]
if "rights" in layer_permissions:
rights.canRead = layer_permissions["rights"]["read"]
rights.canInsert = layer_permissions["rights"]["insert"]
rights.canUpdate = layer_permissions["rights"]["update"]
rights.canDelete = layer_permissions["rights"]["delete"]
return rights
# return super(RestrictedAccessControlWithUsers, self).layerPermissions(layer)
rights.canRead = rights.canInsert = rights.canUpdate = rights.canDelete = False
return rights # No access for users not belonging to any role
def layerPermissions(self, layer): # NOQA
""" Returns the layer rights """
QgsMessageLog.logMessage("layerPermissions {}".format(layer.name()),
"GeoMapFishAccessControl",
level=Qgis.Info)
try:
rights = QgsAccessControlFilter.LayerPermissions()
rights.canRead = rights.canInsert = rights.canUpdate = rights.canDelete = False
if self.ogcserver is None:
QgsMessageLog.logMessage("Call on uninitialized plugin",
"GeoMapFishAccessControl",
level=Qgis.Critical)
return rights
layers = self.get_layers()
ogc_layer_name = self.ogc_layer_name(layer)
if ogc_layer_name not in layers:
return rights
gmf_layers = self.get_layers()[ogc_layer_name]
roles = self.get_roles()
access, _ = self.get_restriction_areas(gmf_layers, roles=roles)
if access is not Access.NO:
rights.canRead = True
access, _ = self.get_restriction_areas(gmf_layers,
rw=True,
roles=roles)
rights.canInsert = rights.canUpdate = rights.canDelete = access is not Access.NO
return rights
except Exception:
QgsMessageLog.logMessage(
"".join(traceback.format_exception(*sys.exc_info())),
"GeoMapFishAccessControl",
level=Qgis.Critical,
)
raise