Example #1
0
    def handle(self, *args, **options):

        # For every layers get user and user_groups with change_layer permissions
        layers = Layer.objects.all()

        changed_users = 0
        changed_groups = 0
        for l in layers:

            # Get every 'viewer' and 'editor' user group with 'change_layer' permission
            user_groups = list(set(get_groups_for_object(l, 'change_layer', 'viewer') + \
                          get_groups_for_object(l, 'change_layer', 'editor')))

            users = get_users_for_object(l, 'change_layer', with_anonymous=True)

            # Group before to avoid give single user grant
            for g in user_groups:
                g = ObjectPermissionChecker(g)
                for p in EDITING_ATOMIC_PERMISSIONS:
                    if not g.has_perm(p, l):
                        setPermissionUserObject(g.group, l, [p])
                        changed_groups += 1
                        self.stdout.write(self.style.SUCCESS(f'Give atomic permissions to user group {g.group.name}'))

            for u in users:
                u = ObjectPermissionChecker(u)
                for p in EDITING_ATOMIC_PERMISSIONS:
                    if not u.has_perm(p, l):
                        setPermissionUserObject(u.user, l, [p])
                        changed_users += 1
                        self.stdout.write(self.style.SUCCESS(f'Give atomic permissions to user {u.user.username}'))

        self.stdout.write(self.style.SUCCESS(f'-----------------------------------------------------------'))
        self.stdout.write(self.style.SUCCESS(f'Total user grants changed: {changed_users}'))
        self.stdout.write(self.style.SUCCESS(f'Total user group grants changed: {changed_groups}'))
Example #2
0
    def __getattr__(self, attr):
        if attr == 'viewers':
            return get_users_for_object(self,
                                        'view_project',
                                        [G3W_VIEWER1, G3W_VIEWER2],
                                        with_anonymous=True)
        elif attr == 'editor':
            editors = get_users_for_object(self, 'change_project',
                                           [G3W_EDITOR1])
            if len(editors) > 0:
                return editors[0]
            else:
                return None
        elif attr == 'editor2':
            editors = get_users_for_object(self, 'change_project',
                                           [G3W_EDITOR2])
            if len(editors) > 0:
                return editors[0]
            else:
                return None

        # Get users groups
        # ================
        elif attr == 'editor_user_groups':
            return get_groups_for_object(self, 'change_project', 'editor')
        elif attr == 'viewer_user_groups':
            return get_groups_for_object(self, 'view_project', 'viewer')

        return super(Project, self).__getattribute__(attr)
Example #3
0
    def _set_viewer_user_groups_choices(self):
        """
        Set choices for viewer_user_groups select by permission on project and by user main role
        """

        # add user_groups_viewer choices
        user_groups_viewers = get_groups_for_object(
            self.project, 'view_project', grouprole='viewer')

        # for Editor level filter by his groups
        if userHasGroups(self.request.user, [G3W_EDITOR1]):
            editor1_user_gorups_viewers = get_objects_for_user(self.request.user, 'auth.change_group',
                                                               AuthGroup).order_by('name').filter(grouprole__role='viewer')

            user_groups_viewers = list(set(user_groups_viewers).intersection(
                set(editor1_user_gorups_viewers)))

        self.fields['user_groups_viewer'].choices = [
            (v.pk, v) for v in user_groups_viewers]
Example #4
0
    def save(self, commit=True):
        self._ACLPolicy()

        self._save_url_alias()

        # add permission to Editor level 1 and 2 if current user is Editor level 1 or 2
        if userHasGroups(self.request.user, [G3W_EDITOR1, G3W_EDITOR2]):
            self.instance.addPermissionsToEditor(self.request.user)

            # give permission to Editor level 1 of group id user is Editor level 2
            if userHasGroups(self.request.user, [G3W_EDITOR2]):

                # give permission to user groups of map group
                user_editor_groups = get_groups_for_object(
                    self.instance.group, 'view_group', 'editor')
                self.instance.add_permissions_to_editor_user_groups(
                    [uge.pk for uge in user_editor_groups])

                editor_users = get_users_for_object(
                    self.instance.group, 'view_group', [G3W_EDITOR1, G3W_EDITOR2])
                for eu in editor_users:
                    self.instance.addPermissionsToEditor(eu)