def layerPermissions(self, layer): # NOQA """ Returns the layer rights """ QgsMessageLog.logMessage("layerPermissions {}".format(layer.name())) self.assert_plugin_initialised() try: rights = QgsAccessControlFilter.LayerPermissions() rights.canRead = rights.canInsert = rights.canUpdate = rights.canDelete = False layers = self.get_layers() ogc_layer_name = self.ogc_layer_name(layer) if ogc_layer_name not in layers: return rights gmf_layers = self.get_layers()[ogc_layer_name] roles = self.get_roles() access, _ = self.get_restriction_areas(gmf_layers, roles=roles) if access is not Access.NO: rights.canRead = True access, _ = self.get_restriction_areas(gmf_layers, rw=True, roles=roles) rights.canInsert = rights.canUpdate = rights.canDelete = access is not Access.NO return rights except Exception: QgsMessageLog.logMessage(''.join( traceback.format_exception(*sys.exc_info()))) raise
def layerPermissions(self, layer): """ Return the layer rights """ rights = QgsAccessControlFilter.LayerPermissions() rights.canRead = not self.active['layerPermissions'] return rights
def layerPermissions(self, layer): # NOQA """ Return the layer rights """ if not self.initialized: QgsMessageLog.logMessage("Call on uninitialized plugin", "GeoMapFishAccessControl", level=Qgis.Critical) no_rights = QgsAccessControlFilter.LayerPermissions() no_rights.canRead = no_rights.canInsert = no_rights.canUpdate = no_rights.canDelete = False return no_rights return self.get_ogcserver_accesscontrol().layerPermissions(layer)
def layerPermissions(self, layer): """Return the layer rights canRead, canInsert, canUpdate, canDelete """ rh = self.serverInterface().requestHandler() if rh.parameterMap().get("TEST_ACCESS_CONTROL", "") == layer.name(): permissions = QgsAccessControlFilter.LayerPermissions() permissions.canRead = False permissions.canUpdate = False permissions.canDelete = False permissions.canCreate = False return permissions else: return super().layerPermissions(layer)
def layerPermissions( # noqa: ignore=N803 self, layer: QgsVectorLayer ) -> qgis.server.QgsAccessControlFilter.LayerPermissions: """Return the layer rights.""" try: if not self.initialized: LOG.error("Call on uninitialized plugin") no_rights = QgsAccessControlFilter.LayerPermissions() no_rights.canRead = no_rights.canInsert = no_rights.canUpdate = no_rights.canDelete = False return no_rights return self.get_ogcserver_accesscontrol().layerPermissions(layer) except Exception: LOG.error("Unhandled error", exc_info=True) raise
def layerPermissions( # noqa: ignore=N802 self, layer: QgsVectorLayer ) -> qgis.server.QgsAccessControlFilter.LayerPermissions: """ Returns the layer rights. """ LOG.debug("layerPermissions %s", layer.name()) try: rights = QgsAccessControlFilter.LayerPermissions() rights.canRead = rights.canInsert = rights.canUpdate = rights.canDelete = False if self.ogcserver is None: parameters = self.serverInterface().requestHandler( ).parameterMap() LOG.warning( "Call on uninitialized plugin, map: %s", os.environ.get("QGIS_PROJECT_FILE", parameters.get("MAP")), ) return rights session = self.DBSession() try: roles = self.get_roles(session) if roles == "ROOT": rights.canRead = True layers = self.get_layers(session) ogc_layer_name = self.ogc_layer_name(layer) if ogc_layer_name not in layers: return rights gmf_layers = self.get_layers(session)[ogc_layer_name] finally: session.close() access, _ = self.get_restriction_areas(gmf_layers, roles=roles) if access is not Access.NO: rights.canRead = True access, _ = self.get_restriction_areas(gmf_layers, read_write=True, roles=roles) rights.canInsert = rights.canUpdate = rights.canDelete = access is not Access.NO return rights except Exception: LOG.error("Cannot run layerPermissions", exc_info=True) raise
def layerPermissions(self, layer): """ Return the layer rights """ if not self._active: return super(RestrictedAccessControl, self).layerPermissions(layer) rh = self.serverInterface().requestHandler() rights = QgsAccessControlFilter.LayerPermissions() # Used to test WFS transactions if rh.parameterMap().get("LAYER_PERM") == "no": return rights # Used to test the WCS if rh.parameterMap().get("TEST") == "dem": rights.canRead = layer.name() != "dem" else: rights.canRead = layer.name() not in ("Country", "Hello_OnOff") if layer.name() == "db_point": rights.canRead = rights.canInsert = rights.canUpdate = rights.canDelete = True return rights
def layerPermissions(self, layer): """ Return the layer rights """ username = self._get_user() QgsMessageLog.logMessage("# Layer {} #".format(layer.name())) rights = QgsAccessControlFilter.LayerPermissions() if username in ROLES: role = ROLES[username] permissions = PERMISSIONS[role] if layer.name() in permissions: layer_permissions = permissions[layer.name()] if "rights" in layer_permissions: rights.canRead = layer_permissions["rights"]["read"] rights.canInsert = layer_permissions["rights"]["insert"] rights.canUpdate = layer_permissions["rights"]["update"] rights.canDelete = layer_permissions["rights"]["delete"] return rights # return super(RestrictedAccessControlWithUsers, self).layerPermissions(layer) rights.canRead = rights.canInsert = rights.canUpdate = rights.canDelete = False return rights # No access for users not belonging to any role
def layerPermissions(self, layer): # NOQA """ Returns the layer rights """ QgsMessageLog.logMessage("layerPermissions {}".format(layer.name()), "GeoMapFishAccessControl", level=Qgis.Info) try: rights = QgsAccessControlFilter.LayerPermissions() rights.canRead = rights.canInsert = rights.canUpdate = rights.canDelete = False if self.ogcserver is None: QgsMessageLog.logMessage("Call on uninitialized plugin", "GeoMapFishAccessControl", level=Qgis.Critical) return rights layers = self.get_layers() ogc_layer_name = self.ogc_layer_name(layer) if ogc_layer_name not in layers: return rights gmf_layers = self.get_layers()[ogc_layer_name] roles = self.get_roles() access, _ = self.get_restriction_areas(gmf_layers, roles=roles) if access is not Access.NO: rights.canRead = True access, _ = self.get_restriction_areas(gmf_layers, rw=True, roles=roles) rights.canInsert = rights.canUpdate = rights.canDelete = access is not Access.NO return rights except Exception: QgsMessageLog.logMessage( "".join(traceback.format_exception(*sys.exc_info())), "GeoMapFishAccessControl", level=Qgis.Critical, ) raise