def _permissions_to_user_groups_editor(self, groups_id, mode='add'):
for group_id in groups_id:
setPermissionUserObject(
AuthGroup.objects.get(pk=group_id),
self,
permissions=['change_layer', 'delete_layer', 'view_layer'],
mode=mode)
def handle(self, *args, **options):
# For every layers get user and user_groups with change_layer permissions
layers = Layer.objects.all()
changed_users = 0
changed_groups = 0
for l in layers:
# Get every 'viewer' and 'editor' user group with 'change_layer' permission
user_groups = list(set(get_groups_for_object(l, 'change_layer', 'viewer') + \
get_groups_for_object(l, 'change_layer', 'editor')))
users = get_users_for_object(l, 'change_layer', with_anonymous=True)
# Group before to avoid give single user grant
for g in user_groups:
g = ObjectPermissionChecker(g)
for p in EDITING_ATOMIC_PERMISSIONS:
if not g.has_perm(p, l):
setPermissionUserObject(g.group, l, [p])
changed_groups += 1
self.stdout.write(self.style.SUCCESS(f'Give atomic permissions to user group {g.group.name}'))
for u in users:
u = ObjectPermissionChecker(u)
for p in EDITING_ATOMIC_PERMISSIONS:
if not u.has_perm(p, l):
setPermissionUserObject(u.user, l, [p])
changed_users += 1
self.stdout.write(self.style.SUCCESS(f'Give atomic permissions to user {u.user.username}'))
self.stdout.write(self.style.SUCCESS(f'-----------------------------------------------------------'))
self.stdout.write(self.style.SUCCESS(f'Total user grants changed: {changed_users}'))
self.stdout.write(self.style.SUCCESS(f'Total user group grants changed: {changed_groups}'))
def _permissions_to_editors(self, users_id, mode='add'):
for user_id in users_id:
setPermissionUserObject(User.objects.get(pk=user_id),
self,
permissions='view_macrogroup',
mode=mode)
def add_remove_atomic_permissions(self):
""" Add and remove atomic permissions for user and groups"""
for context in self.contexts:
for ap in EDITING_ATOMIC_PERMISSIONS:
model = User if context == 'user' else AuhtGroup
to_remove = list(
set(self.initial_atomic_capabilitites[context][ap]) -
set(self.atomic_capabilitites[context][ap]))
to_add = list(
set(self.atomic_capabilitites[context][ap]) -
set(self.initial_atomic_capabilitites[context][ap]))
if to_add:
for uid in to_add:
setPermissionUserObject(model.objects.get(pk=uid),
self.layer, [ap])
if to_remove:
for uid in to_remove:
setPermissionUserObject(model.objects.get(pk=uid),
self.layer, [ap],
mode='remove')
def _permissionsToViewers(self, users_id, mode='add'):
for user_id in users_id:
setPermissionUserObject(User.objects.get(pk=user_id),
self,
permissions='qdjango.view_widget',
mode=mode)
def _permissionsToEditor(self, user, mode='add'):
permissions = ['qdjango.view_widget']
if G3W_EDITOR1 in getUserGroups(user):
permissions += ['qdjango.change_widget', 'qdjango.delete_widget']
setPermissionUserObject(user, self, permissions=permissions, mode=mode)
def _permissionsToEditor(self, user, mode='add'):
setPermissionUserObject(user,
self,
permissions=[
'qdjango.change_layer',
'qdjango.delete_layer',
'qdjango.view_layer'
],
mode=mode)
def _permissionsToEditor(self, user, mode='add'):
setPermissionUserObject(user,
self,
permissions=[
'change_layer', 'delete_layer',
'view_layer', 'add_feature',
'change_feature', 'change_attr_feature',
'delete_feature'
],
mode=mode)
def _permissionsToViewers(self, users_id, mode='add'):
for user_id in users_id:
user = User.objects.get(pk=user_id)
setPermissionUserObject(user,
self,
permissions='view_project',
mode=mode)
layerAction = 'addPermissionsToViewers' if mode == 'add' else 'removePermissionsToViewers'
layers = self.layer_set.all()
for layer in layers:
getattr(layer, layerAction)(users_id)
def _permissions_to_user_groups_viewer(self, groups_id, mode='add'):
for group_id in groups_id:
auth_group = AuthGroup.objects.get(pk=group_id)
setPermissionUserObject(auth_group,
self,
permissions='view_project',
mode=mode)
layerAction = 'add_permissions_to_viewer_user_groups' if mode == 'add' \
else 'remove_permissions_to_viewer_user_groups'
layers = self.layer_set.all()
for layer in layers:
getattr(layer, layerAction)(groups_id)
def addPermissionsToViewers(self, users_id):
"""
Give guardian permissions to Viewers
"""
appProjects = getProjectsByGroup(self)
for user_id in users_id:
setPermissionUserObject(User.objects.get(pk=user_id),
self,
permissions='view_group')
# adding permissions to projects
for app, projects in appProjects.items():
for project in projects:
project.addPermissionsToViewers(users_id)
def addPermissionsToEditor(self, user):
"""
Give guardian permissions to Editor
"""
permissions = ['view_group']
if G3W_EDITOR1 in getUserGroups(user):
permissions += ['change_group', 'delete_group']
setPermissionUserObject(user, self, permissions=permissions)
# adding permissions to projects
appProjects = getProjectsByGroup(self)
for app, projects in appProjects.items():
for project in projects:
project.addPermissionsToEditor(user)
def addPermissionsToViewers(self, users_id, **kwargs):
"""
Give guardian permissions to Viewers
"""
appProjects = getProjectsByGroup(self)
for user_id in users_id:
setPermissionUserObject(User.objects.get(pk=user_id),
self,
permissions='view_group')
# adding permissions to projects only if propagate
if 'propagate' in kwargs:
for app, projects in list(appProjects.items()):
for project in projects:
project.addPermissionsToViewers(users_id)
def removePermissionsToEditor(self, user):
"""
Remove guardian permissions to Editor
"""
setPermissionUserObject(user,
self,
permissions=[
'change_group', 'delete_group',
'view_group', 'add_project_to_group'
],
mode='remove')
# adding permissions to projects
appProjects = getProjectsByGroup(self)
for app, projects in list(appProjects.items()):
for project in projects:
project.removePermissionsToEditor(user)
def _permissionsToEditor(self, user, mode='add'):
setPermissionUserObject(
user,
self,
permissions=['change_project', 'delete_project', 'view_project'],
mode=mode)
# if editor not has permission on group give permission only view on parent group
if not user.has_perm('core.view_group', self.group):
setPermissionUserObject(user,
self.group,
permissions=['core.view_group'],
mode=mode)
layerAction = 'addPermissionsToEditor' if mode == 'add' else 'removePermissionsToEditor'
layers = self.layer_set.all()
for layer in layers:
getattr(layer, layerAction)(user)
def addPermissionsToEditor(self, user):
"""
Give guardian permissions to Editor every level
"""
permissions = ['view_group',
'add_project_to_group'] # valid for editor2
user_groups = getUserGroups(user)
if G3W_EDITOR1 in user_groups:
permissions += [
'add_project_to_group', 'change_group', 'delete_group'
]
setPermissionUserObject(user, self, permissions=permissions)
# adding permissions to projects
appProjects = getProjectsByGroup(self)
for app, projects in list(appProjects.items()):
for project in projects:
project.addPermissionsToEditor(user)
def remove_permissions_to_editor_user_groups(self, groups_id):
"""
Remove guardian permissions to Editor user groups
"""
appProjects = getProjectsByGroup(self)
permissions = ['view_group', 'add_project_to_group']
for group_id in groups_id:
setPermissionUserObject(AuthGroup.objects.get(pk=group_id),
self,
permissions=permissions,
mode='remove')
for app, projects in list(appProjects.items()):
for project in projects:
if hasattr(project,
'remove_permissions_to_editor_user_groups'):
project.remove_permissions_to_editor_user_groups(
groups_id)
def add_permissions_to_viewer_user_groups(self, groups_id):
"""
Give guardian permissions to Editor user groups
"""
appProjects = getProjectsByGroup(self)
permissions = ['view_group']
for group_id in groups_id:
setPermissionUserObject(AuthGroup.objects.get(pk=group_id),
self,
permissions=permissions)
# adding permissions to projects
for app, projects in appProjects.items():
for project in projects:
if hasattr(project,
'add_permissions_to_viewer_user_groups'):
project.add_permissions_to_viewer_user_groups(
groups_id)
def _permissionsToViewers(self, users_id, mode='add'):
for user_id in users_id:
user = User.objects.get(pk=user_id)
setPermissionUserObject(user,
self,
permissions='view_project',
mode=mode)
# if viewer not has permission on group give permission only view on parent gorup group
if not user.has_perm('core.view_group', self.group):
setPermissionUserObject(user,
self.group,
permissions=['core.view_group'],
mode=mode)
layerAction = 'addPermissionsToViewers' if mode == 'add' else 'removePermissionsToViewers'
layers = self.layer_set.all()
for layer in layers:
getattr(layer, layerAction)(users_id)
def _permissions_to_user_groups_viewer(self, groups_id, mode='add'):
for group_id in groups_id:
auth_group = AuthGroup.objects.get(pk=group_id)
setPermissionUserObject(auth_group,
self,
permissions='view_project',
mode=mode)
# if viewer not has permission on group give permission only view on parent group
if 'view_group' not in get_perms(auth_group, self.group):
setPermissionUserObject(auth_group,
self.group,
permissions=['core.view_group'],
mode=mode)
layerAction = 'add_permissions_to_viewer_user_groups' if mode == 'add' \
else 'remove_permissions_to_viewer_user_groups'
layers = self.layer_set.all()
for layer in layers:
getattr(layer, layerAction)(groups_id)
def removePermissionsToViewers(self, users_id):
"""
Remove guardian permissions to Viewers
"""
appProjects = getProjectsByGroup(self)
# anonynous users id
anonymous_uid = get_user_model().get_anonymous().pk
for user_id in users_id:
setPermissionUserObject(User.objects.get(pk=user_id),
self,
permissions='view_group',
mode='remove')
# adding permissions to projects
# not for anonymous user, who exit from this flow
if user_id != anonymous_uid:
for app, projects in list(appProjects.items()):
for project in projects:
project.removePermissionsToViewers(users_id)
def form_valid(self, form):
scale = form.cleaned_data['scale']
if form.cleaned_data['active']:
if not self.activated:
G3WEditingLayer.objects.create(app_name=self.app_name, layer_id=self.layer_id, scale=scale)
self.activated = True
else:
self.activated.scale = scale
self.activated.save()
else:
if self.activated:
self.activated.delete()
# give permission to viewers:
toAdd = toRemove = None
if self.activated:
currentViewerUsers = [int(i) for i in form.cleaned_data['viewer_users']]
toRemove = list(set(self.initial_viewer_users) - set(currentViewerUsers))
toAdd = list(set(currentViewerUsers) - set(self.initial_viewer_users))
else:
if self.initial_viewer_users:
toRemove = self.initial_viewer_users
if toAdd:
for uid in toAdd:
setPermissionUserObject(User.objects.get(pk=uid), self.layer, ['change_layer'])
if toRemove:
for uid in toRemove:
setPermissionUserObject(User.objects.get(pk=uid), self.layer, ['change_layer'], mode='remove')
# give permission to user groups viewers:
to_add = to_remove = None
if self.activated:
current_user_groups_viewers = [int(i) for i in form.cleaned_data['user_groups_viewer']]
to_remove = list(set(self.initial_viewer_user_groups) - set(current_user_groups_viewers))
to_add = list(set(current_user_groups_viewers) - set(self.initial_viewer_user_groups))
else:
if self.initial_viewer_user_groups:
to_remove = self.initial_viewer_user_groups
if to_add:
for aid in to_add:
setPermissionUserObject(AuhtGroup.objects.get(pk=aid), self.layer, ['change_layer'])
if to_remove:
for aid in to_remove:
setPermissionUserObject(AuhtGroup.objects.get(pk=aid), self.layer, ['change_layer'], mode='remove')
return super(ActiveEditingLayerView, self).form_valid(form)
def _permissions_to_user_groups_viewer(self, groups_id, mode='add'):
# If group_id is in LayerAcl not add view_layer permission
l_acl_groups = [
la.group.pk for la in self.layeracl_set.filter(group__isnull=False)
]
for group_id in groups_id:
execute = True
if l_acl_groups and group_id in l_acl_groups and mode == 'add':
execute = False
if group_id in l_acl_groups and mode != 'add':
# Remove layer from LayerAcl
self.layeracl_set.filter(group_id=group_id).delete()
if execute:
setPermissionUserObject(AuthGroup.objects.get(pk=group_id),
self,
permissions=['view_layer'],
mode=mode)
def _permissionsToViewers(self, users_id, mode='add'):
# If user_id is in LayerAcl not add view_layer permission
l_acl_users = [
la.user.pk for la in self.layeracl_set.filter(user__isnull=False)
]
for user_id in users_id:
execute = True
if l_acl_users and user_id in l_acl_users and mode == 'add':
execute = False
if user_id in l_acl_users and mode != 'add':
# Remove layer from LayerAcl
self.layeracl_set.filter(user_id=user_id).delete()
if execute:
setPermissionUserObject(User.objects.get(pk=user_id),
self,
permissions='view_layer',
mode=mode)
def setUpTestData(cls):
call_command('loaddata',
'BaseLayer.json',
'--database=default',
verbosity=0)
call_command('loaddata',
'G3WMapControls.json',
'--database=default',
verbosity=0)
call_command('loaddata',
'G3WSpatialRefSys.json',
'--database=default',
verbosity=0)
call_command('loaddata',
'G3WGeneralDataSuite.json',
'--database=default',
verbosity=0)
# Make a copy of the test project's databases
cls.reset_db_data()
# Admin level 1
cls.test_user_admin1 = User.objects.create_user(username='******',
password='******')
cls.test_user_admin1.is_superuser = True
cls.test_user_admin1.save()
# Editor level 1
cls.test_user1 = User.objects.create_user(username='******',
password='******')
cls.group = UserGroup.objects.get(name='Editor Level 1')
cls.test_user1.groups.add(cls.group)
cls.test_user1.save()
# Editor level 2
cls.test_user2 = User.objects.create_user(username='******',
password='******')
cls.group = UserGroup.objects.get(name='Editor Level 2')
cls.test_user2.groups.add(cls.group)
cls.test_user2.save()
cls.test_user3 = User.objects.create_user(username='******',
password='******')
cls.group = UserGroup.objects.get(name='Viewer Level 1')
cls.test_user3.groups.add(cls.group)
cls.test_user3.save()
cls.test_user4 = User.objects.create_user(username='******',
password='******')
cls.test_user4.groups.add(cls.group)
cls.test_user3.save()
cls.project_group = CoreGroup(
name='Group1',
title='Group1',
header_logo_img='',
srid=G3WSpatialRefSys.objects.get(auth_srid=4326))
cls.project_group.save()
cls.project_group.addPermissionsToEditor(cls.test_user2)
qgis_project_file = File(
open('{}{}{}'.format(CURRENT_PATH, TEST_BASE_PATH, QGS_FILE),
'r',
encoding='UTF8'))
cls.project = QgisProject(qgis_project_file)
cls.project.title = 'A project'
cls.project.group = cls.project_group
cls.project.save()
# give permission on project and layer
cls.project.instance.addPermissionsToEditor(cls.test_user2)
cls.project.instance.addPermissionsToViewers([cls.test_user3.pk])
cls.editing_layer = cls.project.instance.layer_set.get(
name='editing_layer')
setPermissionUserObject(cls.test_user3, cls.editing_layer,
['change_layer'])
setPermissionUserObject(cls.group, cls.editing_layer, ['change_layer'])
qgis_project_file.close()
# load QGIS editing project
qgis_project_file = File(
open('{}{}{}'.format(CURRENT_PATH, TEST_BASE_PATH,
QGS_EDITING_FILE),
'r',
encoding='UTF8'))
cls.editing_project = QgisProject(qgis_project_file)
cls.editing_project.group = cls.project_group
cls.editing_project.save()
qgis_project_file.close()
def form_valid(self, form):
scale = form.cleaned_data['scale']
add_user_field = form.cleaned_data['add_user_field']
edit_user_field = form.cleaned_data['edit_user_field']
if form.cleaned_data['active']:
if not self.activated:
self.activated = G3WEditingLayer.objects.create(
app_name=self.app_name,
layer_id=self.layer_id,
scale=scale,
add_user_field=add_user_field,
edit_user_field=edit_user_field)
else:
self.activated.scale = scale
self.activated.add_user_field = add_user_field
self.activated.edit_user_field = edit_user_field
self.activated.save()
else:
if self.activated:
self.activated.delete()
# give permission to viewers:
toAdd = toRemove = None
if self.activated.pk:
currentViewerUsers = [
int(i) for i in form.cleaned_data['viewer_users']
]
toRemove = list(
set(self.initial_viewer_users) - set(currentViewerUsers))
toAdd = list(
set(currentViewerUsers) - set(self.initial_viewer_users))
else:
if self.initial_viewer_users:
toRemove = self.initial_viewer_users
if toAdd:
for uid in toAdd:
setPermissionUserObject(User.objects.get(pk=uid), self.layer,
['change_layer'])
if toRemove:
for uid in toRemove:
setPermissionUserObject(User.objects.get(pk=uid),
self.layer, ['change_layer'],
mode='remove')
# remove from atomic_capabilitites user id
self.remove_from_atomic_permissions('user', uid)
# give permission to user groups viewers:
to_add = to_remove = None
if self.activated.pk:
current_user_groups_viewers = [
int(i) for i in form.cleaned_data['user_groups_viewer']
]
to_remove = list(
set(self.initial_viewer_user_groups) -
set(current_user_groups_viewers))
to_add = list(
set(current_user_groups_viewers) -
set(self.initial_viewer_user_groups))
else:
if self.initial_viewer_user_groups:
to_remove = self.initial_viewer_user_groups
if to_add:
for aid in to_add:
setPermissionUserObject(AuhtGroup.objects.get(pk=aid),
self.layer, ['change_layer'])
if to_remove:
for aid in to_remove:
setPermissionUserObject(AuhtGroup.objects.get(pk=aid),
self.layer, ['change_layer'],
mode='remove')
# remove from atomic_capabilitites user id
self.remove_from_atomic_permissions('group', aid)
# ADD/REMOVE atomic permissions
self.add_remove_atomic_permissions()
return super(ActiveEditingLayerView, self).form_valid(form)
