def _permissions_to_user_groups_editor(self, groups_id, mode='add'): for group_id in groups_id: setPermissionUserObject( AuthGroup.objects.get(pk=group_id), self, permissions=['change_layer', 'delete_layer', 'view_layer'], mode=mode)
def handle(self, *args, **options): # For every layers get user and user_groups with change_layer permissions layers = Layer.objects.all() changed_users = 0 changed_groups = 0 for l in layers: # Get every 'viewer' and 'editor' user group with 'change_layer' permission user_groups = list(set(get_groups_for_object(l, 'change_layer', 'viewer') + \ get_groups_for_object(l, 'change_layer', 'editor'))) users = get_users_for_object(l, 'change_layer', with_anonymous=True) # Group before to avoid give single user grant for g in user_groups: g = ObjectPermissionChecker(g) for p in EDITING_ATOMIC_PERMISSIONS: if not g.has_perm(p, l): setPermissionUserObject(g.group, l, [p]) changed_groups += 1 self.stdout.write(self.style.SUCCESS(f'Give atomic permissions to user group {g.group.name}')) for u in users: u = ObjectPermissionChecker(u) for p in EDITING_ATOMIC_PERMISSIONS: if not u.has_perm(p, l): setPermissionUserObject(u.user, l, [p]) changed_users += 1 self.stdout.write(self.style.SUCCESS(f'Give atomic permissions to user {u.user.username}')) self.stdout.write(self.style.SUCCESS(f'-----------------------------------------------------------')) self.stdout.write(self.style.SUCCESS(f'Total user grants changed: {changed_users}')) self.stdout.write(self.style.SUCCESS(f'Total user group grants changed: {changed_groups}'))
def _permissions_to_editors(self, users_id, mode='add'): for user_id in users_id: setPermissionUserObject(User.objects.get(pk=user_id), self, permissions='view_macrogroup', mode=mode)
def add_remove_atomic_permissions(self): """ Add and remove atomic permissions for user and groups""" for context in self.contexts: for ap in EDITING_ATOMIC_PERMISSIONS: model = User if context == 'user' else AuhtGroup to_remove = list( set(self.initial_atomic_capabilitites[context][ap]) - set(self.atomic_capabilitites[context][ap])) to_add = list( set(self.atomic_capabilitites[context][ap]) - set(self.initial_atomic_capabilitites[context][ap])) if to_add: for uid in to_add: setPermissionUserObject(model.objects.get(pk=uid), self.layer, [ap]) if to_remove: for uid in to_remove: setPermissionUserObject(model.objects.get(pk=uid), self.layer, [ap], mode='remove')
def _permissionsToViewers(self, users_id, mode='add'): for user_id in users_id: setPermissionUserObject(User.objects.get(pk=user_id), self, permissions='qdjango.view_widget', mode=mode)
def _permissionsToEditor(self, user, mode='add'): permissions = ['qdjango.view_widget'] if G3W_EDITOR1 in getUserGroups(user): permissions += ['qdjango.change_widget', 'qdjango.delete_widget'] setPermissionUserObject(user, self, permissions=permissions, mode=mode)
def _permissionsToEditor(self, user, mode='add'): setPermissionUserObject(user, self, permissions=[ 'qdjango.change_layer', 'qdjango.delete_layer', 'qdjango.view_layer' ], mode=mode)
def _permissionsToEditor(self, user, mode='add'): setPermissionUserObject(user, self, permissions=[ 'change_layer', 'delete_layer', 'view_layer', 'add_feature', 'change_feature', 'change_attr_feature', 'delete_feature' ], mode=mode)
def _permissionsToViewers(self, users_id, mode='add'): for user_id in users_id: user = User.objects.get(pk=user_id) setPermissionUserObject(user, self, permissions='view_project', mode=mode) layerAction = 'addPermissionsToViewers' if mode == 'add' else 'removePermissionsToViewers' layers = self.layer_set.all() for layer in layers: getattr(layer, layerAction)(users_id)
def _permissions_to_user_groups_viewer(self, groups_id, mode='add'): for group_id in groups_id: auth_group = AuthGroup.objects.get(pk=group_id) setPermissionUserObject(auth_group, self, permissions='view_project', mode=mode) layerAction = 'add_permissions_to_viewer_user_groups' if mode == 'add' \ else 'remove_permissions_to_viewer_user_groups' layers = self.layer_set.all() for layer in layers: getattr(layer, layerAction)(groups_id)
def addPermissionsToViewers(self, users_id): """ Give guardian permissions to Viewers """ appProjects = getProjectsByGroup(self) for user_id in users_id: setPermissionUserObject(User.objects.get(pk=user_id), self, permissions='view_group') # adding permissions to projects for app, projects in appProjects.items(): for project in projects: project.addPermissionsToViewers(users_id)
def addPermissionsToEditor(self, user): """ Give guardian permissions to Editor """ permissions = ['view_group'] if G3W_EDITOR1 in getUserGroups(user): permissions += ['change_group', 'delete_group'] setPermissionUserObject(user, self, permissions=permissions) # adding permissions to projects appProjects = getProjectsByGroup(self) for app, projects in appProjects.items(): for project in projects: project.addPermissionsToEditor(user)
def addPermissionsToViewers(self, users_id, **kwargs): """ Give guardian permissions to Viewers """ appProjects = getProjectsByGroup(self) for user_id in users_id: setPermissionUserObject(User.objects.get(pk=user_id), self, permissions='view_group') # adding permissions to projects only if propagate if 'propagate' in kwargs: for app, projects in list(appProjects.items()): for project in projects: project.addPermissionsToViewers(users_id)
def removePermissionsToEditor(self, user): """ Remove guardian permissions to Editor """ setPermissionUserObject(user, self, permissions=[ 'change_group', 'delete_group', 'view_group', 'add_project_to_group' ], mode='remove') # adding permissions to projects appProjects = getProjectsByGroup(self) for app, projects in list(appProjects.items()): for project in projects: project.removePermissionsToEditor(user)
def _permissionsToEditor(self, user, mode='add'): setPermissionUserObject( user, self, permissions=['change_project', 'delete_project', 'view_project'], mode=mode) # if editor not has permission on group give permission only view on parent group if not user.has_perm('core.view_group', self.group): setPermissionUserObject(user, self.group, permissions=['core.view_group'], mode=mode) layerAction = 'addPermissionsToEditor' if mode == 'add' else 'removePermissionsToEditor' layers = self.layer_set.all() for layer in layers: getattr(layer, layerAction)(user)
def addPermissionsToEditor(self, user): """ Give guardian permissions to Editor every level """ permissions = ['view_group', 'add_project_to_group'] # valid for editor2 user_groups = getUserGroups(user) if G3W_EDITOR1 in user_groups: permissions += [ 'add_project_to_group', 'change_group', 'delete_group' ] setPermissionUserObject(user, self, permissions=permissions) # adding permissions to projects appProjects = getProjectsByGroup(self) for app, projects in list(appProjects.items()): for project in projects: project.addPermissionsToEditor(user)
def remove_permissions_to_editor_user_groups(self, groups_id): """ Remove guardian permissions to Editor user groups """ appProjects = getProjectsByGroup(self) permissions = ['view_group', 'add_project_to_group'] for group_id in groups_id: setPermissionUserObject(AuthGroup.objects.get(pk=group_id), self, permissions=permissions, mode='remove') for app, projects in list(appProjects.items()): for project in projects: if hasattr(project, 'remove_permissions_to_editor_user_groups'): project.remove_permissions_to_editor_user_groups( groups_id)
def add_permissions_to_viewer_user_groups(self, groups_id): """ Give guardian permissions to Editor user groups """ appProjects = getProjectsByGroup(self) permissions = ['view_group'] for group_id in groups_id: setPermissionUserObject(AuthGroup.objects.get(pk=group_id), self, permissions=permissions) # adding permissions to projects for app, projects in appProjects.items(): for project in projects: if hasattr(project, 'add_permissions_to_viewer_user_groups'): project.add_permissions_to_viewer_user_groups( groups_id)
def _permissionsToViewers(self, users_id, mode='add'): for user_id in users_id: user = User.objects.get(pk=user_id) setPermissionUserObject(user, self, permissions='view_project', mode=mode) # if viewer not has permission on group give permission only view on parent gorup group if not user.has_perm('core.view_group', self.group): setPermissionUserObject(user, self.group, permissions=['core.view_group'], mode=mode) layerAction = 'addPermissionsToViewers' if mode == 'add' else 'removePermissionsToViewers' layers = self.layer_set.all() for layer in layers: getattr(layer, layerAction)(users_id)
def _permissions_to_user_groups_viewer(self, groups_id, mode='add'): for group_id in groups_id: auth_group = AuthGroup.objects.get(pk=group_id) setPermissionUserObject(auth_group, self, permissions='view_project', mode=mode) # if viewer not has permission on group give permission only view on parent group if 'view_group' not in get_perms(auth_group, self.group): setPermissionUserObject(auth_group, self.group, permissions=['core.view_group'], mode=mode) layerAction = 'add_permissions_to_viewer_user_groups' if mode == 'add' \ else 'remove_permissions_to_viewer_user_groups' layers = self.layer_set.all() for layer in layers: getattr(layer, layerAction)(groups_id)
def removePermissionsToViewers(self, users_id): """ Remove guardian permissions to Viewers """ appProjects = getProjectsByGroup(self) # anonynous users id anonymous_uid = get_user_model().get_anonymous().pk for user_id in users_id: setPermissionUserObject(User.objects.get(pk=user_id), self, permissions='view_group', mode='remove') # adding permissions to projects # not for anonymous user, who exit from this flow if user_id != anonymous_uid: for app, projects in list(appProjects.items()): for project in projects: project.removePermissionsToViewers(users_id)
def form_valid(self, form): scale = form.cleaned_data['scale'] if form.cleaned_data['active']: if not self.activated: G3WEditingLayer.objects.create(app_name=self.app_name, layer_id=self.layer_id, scale=scale) self.activated = True else: self.activated.scale = scale self.activated.save() else: if self.activated: self.activated.delete() # give permission to viewers: toAdd = toRemove = None if self.activated: currentViewerUsers = [int(i) for i in form.cleaned_data['viewer_users']] toRemove = list(set(self.initial_viewer_users) - set(currentViewerUsers)) toAdd = list(set(currentViewerUsers) - set(self.initial_viewer_users)) else: if self.initial_viewer_users: toRemove = self.initial_viewer_users if toAdd: for uid in toAdd: setPermissionUserObject(User.objects.get(pk=uid), self.layer, ['change_layer']) if toRemove: for uid in toRemove: setPermissionUserObject(User.objects.get(pk=uid), self.layer, ['change_layer'], mode='remove') # give permission to user groups viewers: to_add = to_remove = None if self.activated: current_user_groups_viewers = [int(i) for i in form.cleaned_data['user_groups_viewer']] to_remove = list(set(self.initial_viewer_user_groups) - set(current_user_groups_viewers)) to_add = list(set(current_user_groups_viewers) - set(self.initial_viewer_user_groups)) else: if self.initial_viewer_user_groups: to_remove = self.initial_viewer_user_groups if to_add: for aid in to_add: setPermissionUserObject(AuhtGroup.objects.get(pk=aid), self.layer, ['change_layer']) if to_remove: for aid in to_remove: setPermissionUserObject(AuhtGroup.objects.get(pk=aid), self.layer, ['change_layer'], mode='remove') return super(ActiveEditingLayerView, self).form_valid(form)
def _permissions_to_user_groups_viewer(self, groups_id, mode='add'): # If group_id is in LayerAcl not add view_layer permission l_acl_groups = [ la.group.pk for la in self.layeracl_set.filter(group__isnull=False) ] for group_id in groups_id: execute = True if l_acl_groups and group_id in l_acl_groups and mode == 'add': execute = False if group_id in l_acl_groups and mode != 'add': # Remove layer from LayerAcl self.layeracl_set.filter(group_id=group_id).delete() if execute: setPermissionUserObject(AuthGroup.objects.get(pk=group_id), self, permissions=['view_layer'], mode=mode)
def _permissionsToViewers(self, users_id, mode='add'): # If user_id is in LayerAcl not add view_layer permission l_acl_users = [ la.user.pk for la in self.layeracl_set.filter(user__isnull=False) ] for user_id in users_id: execute = True if l_acl_users and user_id in l_acl_users and mode == 'add': execute = False if user_id in l_acl_users and mode != 'add': # Remove layer from LayerAcl self.layeracl_set.filter(user_id=user_id).delete() if execute: setPermissionUserObject(User.objects.get(pk=user_id), self, permissions='view_layer', mode=mode)
def setUpTestData(cls): call_command('loaddata', 'BaseLayer.json', '--database=default', verbosity=0) call_command('loaddata', 'G3WMapControls.json', '--database=default', verbosity=0) call_command('loaddata', 'G3WSpatialRefSys.json', '--database=default', verbosity=0) call_command('loaddata', 'G3WGeneralDataSuite.json', '--database=default', verbosity=0) # Make a copy of the test project's databases cls.reset_db_data() # Admin level 1 cls.test_user_admin1 = User.objects.create_user(username='******', password='******') cls.test_user_admin1.is_superuser = True cls.test_user_admin1.save() # Editor level 1 cls.test_user1 = User.objects.create_user(username='******', password='******') cls.group = UserGroup.objects.get(name='Editor Level 1') cls.test_user1.groups.add(cls.group) cls.test_user1.save() # Editor level 2 cls.test_user2 = User.objects.create_user(username='******', password='******') cls.group = UserGroup.objects.get(name='Editor Level 2') cls.test_user2.groups.add(cls.group) cls.test_user2.save() cls.test_user3 = User.objects.create_user(username='******', password='******') cls.group = UserGroup.objects.get(name='Viewer Level 1') cls.test_user3.groups.add(cls.group) cls.test_user3.save() cls.test_user4 = User.objects.create_user(username='******', password='******') cls.test_user4.groups.add(cls.group) cls.test_user3.save() cls.project_group = CoreGroup( name='Group1', title='Group1', header_logo_img='', srid=G3WSpatialRefSys.objects.get(auth_srid=4326)) cls.project_group.save() cls.project_group.addPermissionsToEditor(cls.test_user2) qgis_project_file = File( open('{}{}{}'.format(CURRENT_PATH, TEST_BASE_PATH, QGS_FILE), 'r', encoding='UTF8')) cls.project = QgisProject(qgis_project_file) cls.project.title = 'A project' cls.project.group = cls.project_group cls.project.save() # give permission on project and layer cls.project.instance.addPermissionsToEditor(cls.test_user2) cls.project.instance.addPermissionsToViewers([cls.test_user3.pk]) cls.editing_layer = cls.project.instance.layer_set.get( name='editing_layer') setPermissionUserObject(cls.test_user3, cls.editing_layer, ['change_layer']) setPermissionUserObject(cls.group, cls.editing_layer, ['change_layer']) qgis_project_file.close() # load QGIS editing project qgis_project_file = File( open('{}{}{}'.format(CURRENT_PATH, TEST_BASE_PATH, QGS_EDITING_FILE), 'r', encoding='UTF8')) cls.editing_project = QgisProject(qgis_project_file) cls.editing_project.group = cls.project_group cls.editing_project.save() qgis_project_file.close()
def form_valid(self, form): scale = form.cleaned_data['scale'] add_user_field = form.cleaned_data['add_user_field'] edit_user_field = form.cleaned_data['edit_user_field'] if form.cleaned_data['active']: if not self.activated: self.activated = G3WEditingLayer.objects.create( app_name=self.app_name, layer_id=self.layer_id, scale=scale, add_user_field=add_user_field, edit_user_field=edit_user_field) else: self.activated.scale = scale self.activated.add_user_field = add_user_field self.activated.edit_user_field = edit_user_field self.activated.save() else: if self.activated: self.activated.delete() # give permission to viewers: toAdd = toRemove = None if self.activated.pk: currentViewerUsers = [ int(i) for i in form.cleaned_data['viewer_users'] ] toRemove = list( set(self.initial_viewer_users) - set(currentViewerUsers)) toAdd = list( set(currentViewerUsers) - set(self.initial_viewer_users)) else: if self.initial_viewer_users: toRemove = self.initial_viewer_users if toAdd: for uid in toAdd: setPermissionUserObject(User.objects.get(pk=uid), self.layer, ['change_layer']) if toRemove: for uid in toRemove: setPermissionUserObject(User.objects.get(pk=uid), self.layer, ['change_layer'], mode='remove') # remove from atomic_capabilitites user id self.remove_from_atomic_permissions('user', uid) # give permission to user groups viewers: to_add = to_remove = None if self.activated.pk: current_user_groups_viewers = [ int(i) for i in form.cleaned_data['user_groups_viewer'] ] to_remove = list( set(self.initial_viewer_user_groups) - set(current_user_groups_viewers)) to_add = list( set(current_user_groups_viewers) - set(self.initial_viewer_user_groups)) else: if self.initial_viewer_user_groups: to_remove = self.initial_viewer_user_groups if to_add: for aid in to_add: setPermissionUserObject(AuhtGroup.objects.get(pk=aid), self.layer, ['change_layer']) if to_remove: for aid in to_remove: setPermissionUserObject(AuhtGroup.objects.get(pk=aid), self.layer, ['change_layer'], mode='remove') # remove from atomic_capabilitites user id self.remove_from_atomic_permissions('group', aid) # ADD/REMOVE atomic permissions self.add_remove_atomic_permissions() return super(ActiveEditingLayerView, self).form_valid(form)