def handle(self, *args, **options):
# For every layers get user and user_groups with change_layer permissions
layers = Layer.objects.all()
changed_users = 0
changed_groups = 0
for l in layers:
# Get every 'viewer' and 'editor' user group with 'change_layer' permission
user_groups = list(set(get_groups_for_object(l, 'change_layer', 'viewer') + \
get_groups_for_object(l, 'change_layer', 'editor')))
users = get_users_for_object(l, 'change_layer', with_anonymous=True)
# Group before to avoid give single user grant
for g in user_groups:
g = ObjectPermissionChecker(g)
for p in EDITING_ATOMIC_PERMISSIONS:
if not g.has_perm(p, l):
setPermissionUserObject(g.group, l, [p])
changed_groups += 1
self.stdout.write(self.style.SUCCESS(f'Give atomic permissions to user group {g.group.name}'))
for u in users:
u = ObjectPermissionChecker(u)
for p in EDITING_ATOMIC_PERMISSIONS:
if not u.has_perm(p, l):
setPermissionUserObject(u.user, l, [p])
changed_users += 1
self.stdout.write(self.style.SUCCESS(f'Give atomic permissions to user {u.user.username}'))
self.stdout.write(self.style.SUCCESS(f'-----------------------------------------------------------'))
self.stdout.write(self.style.SUCCESS(f'Total user grants changed: {changed_users}'))
self.stdout.write(self.style.SUCCESS(f'Total user group grants changed: {changed_groups}'))
def __getattr__(self, attr):
if attr == 'viewers':
return get_users_for_object(self,
'view_project',
[G3W_VIEWER1, G3W_VIEWER2],
with_anonymous=True)
elif attr == 'editor':
editors = get_users_for_object(self, 'change_project',
[G3W_EDITOR1])
if len(editors) > 0:
return editors[0]
else:
return None
elif attr == 'editor2':
editors = get_users_for_object(self, 'change_project',
[G3W_EDITOR2])
if len(editors) > 0:
return editors[0]
else:
return None
# Get users groups
# ================
elif attr == 'editor_user_groups':
return get_groups_for_object(self, 'change_project', 'editor')
elif attr == 'viewer_user_groups':
return get_groups_for_object(self, 'view_project', 'viewer')
return super(Project, self).__getattribute__(attr)
def _set_viewer_user_groups_choices(self):
"""
Set choices for viewer_user_groups select by permission on project and by user main role
"""
# add user_groups_viewer choices
user_groups_viewers = get_groups_for_object(
self.project, 'view_project', grouprole='viewer')
# for Editor level filter by his groups
if userHasGroups(self.request.user, [G3W_EDITOR1]):
editor1_user_gorups_viewers = get_objects_for_user(self.request.user, 'auth.change_group',
AuthGroup).order_by('name').filter(grouprole__role='viewer')
user_groups_viewers = list(set(user_groups_viewers).intersection(
set(editor1_user_gorups_viewers)))
self.fields['user_groups_viewer'].choices = [
(v.pk, v) for v in user_groups_viewers]
def save(self, commit=True):
self._ACLPolicy()
self._save_url_alias()
# add permission to Editor level 1 and 2 if current user is Editor level 1 or 2
if userHasGroups(self.request.user, [G3W_EDITOR1, G3W_EDITOR2]):
self.instance.addPermissionsToEditor(self.request.user)
# give permission to Editor level 1 of group id user is Editor level 2
if userHasGroups(self.request.user, [G3W_EDITOR2]):
# give permission to user groups of map group
user_editor_groups = get_groups_for_object(
self.instance.group, 'view_group', 'editor')
self.instance.add_permissions_to_editor_user_groups(
[uge.pk for uge in user_editor_groups])
editor_users = get_users_for_object(
self.instance.group, 'view_group', [G3W_EDITOR1, G3W_EDITOR2])
for eu in editor_users:
self.instance.addPermissionsToEditor(eu)