def __getattr__(self, attr): if attr == 'viewers': return get_users_for_object(self, 'view_project', [G3W_VIEWER1, G3W_VIEWER2], with_anonymous=True) elif attr == 'editor': editors = get_users_for_object(self, 'change_project', [G3W_EDITOR1]) if len(editors) > 0: return editors[0] else: return None elif attr == 'editor2': editors = get_users_for_object(self, 'change_project', [G3W_EDITOR2]) if len(editors) > 0: return editors[0] else: return None # Get users groups # ================ elif attr == 'editor_user_groups': return get_groups_for_object(self, 'change_project', 'editor') elif attr == 'viewer_user_groups': return get_groups_for_object(self, 'view_project', 'viewer') return super(Project, self).__getattribute__(attr)
def get_form_kwargs(self): kwargs = super(G3WACLViewMixin, self).get_form_kwargs() kwargs['request'] = self.request # get editor level 1 users editor_user_pk = None editor_users = get_users_for_object(self.object, self.editor_permission, [G3W_EDITOR2, G3W_EDITOR1]) if editor_users: editor_user_pk = editor_users[0].id if self.request.user.is_superuser: kwargs['initial']['editor_user'] = editor_users[0].id # get editor level2 users editor2_user_pk = None editor2_users = get_users_for_object(self.object, self.editor2_permission, [G3W_EDITOR2]) if editor2_users: editor2_user_pk = editor2_users[0].id if self.request.user.is_superuser or userHasGroups(self.request.user, [G3W_EDITOR1]): kwargs['initial']['editor2_user'] = editor2_users[0].id # get viewer users viewers = get_viewers_for_object(self.object, self.request.user, self.viewer_permission) # get only user id and check if user is group or project editor kwargs['initial']['viewer_users'] = [o.id for o in viewers if o.id not in [editor_user_pk, editor2_user_pk]] # get initial editor user_groups group_editors = get_user_groups_for_object(self.object, self.request.user, self.editor2_permission, 'editor') kwargs['initial']['editor_user_groups'] = [o.id for o in group_editors] group_viewers = get_user_groups_for_object(self.object, self.request.user, self.viewer_permission, 'viewer') kwargs['initial']['viewer_user_groups'] = [o.id for o in group_viewers] return kwargs
def __getattr__(self, attr): if attr == 'viewers': return get_users_for_object(self, 'view_group', [G3W_VIEWER1, G3W_VIEWER2], with_anonymous=True) elif attr == 'editor': editors = get_users_for_object(self, 'change_group', [G3W_EDITOR2, G3W_EDITOR1]) if len(editors) > 0: return editors[0] return super(Group, self).__getattr__(attr)
def get_form_kwargs(self): kwargs = super(G3WACLViewMixin, self).get_form_kwargs() kwargs['request'] = self.request # get viewer users viewers = get_users_for_object(self.object, self.viewer_permission, [G3W_VIEWER1, G3W_VIEWER2], with_anonymous=True) kwargs['initial']['viewer_users'] = [o.id for o in viewers] # get editor users if self.request.user.is_superuser: editor_users = get_users_for_object(self.object, self.editor_permission, [G3W_EDITOR2, G3W_EDITOR1]) if editor_users: kwargs['initial']['editor_user'] = editor_users[0].id return kwargs
def dispatch(self, request, *args, **kwargs): # check permissions project_app = apps.get_app_config(kwargs['project_type']) Project = project_app.get_model('project') # get project model object try: self.project = Project.objects.get(pk=kwargs['project_id']) if 'project_id' in kwargs else \ Project.objects.get(slug=kwargs['project_slug']) except Project.DoesNotExist: raise Http404('Map not found') grant_users = get_users_for_object(self.project, "view_project", with_group_users=True) anonymous_user = get_user_model().get_anonymous() if request.user not in grant_users and anonymous_user not in grant_users and not request.user.is_superuser: # redirect to login if Anonymous user if request.user.is_anonymous: return redirect_to_login(request.get_full_path(), settings.LOGIN_URL, 'next') else: raise PermissionDenied() return super(ClientView, self).dispatch(request, *args, **kwargs)
def handle(self, *args, **options): # For every layers get user and user_groups with change_layer permissions layers = Layer.objects.all() changed_users = 0 changed_groups = 0 for l in layers: # Get every 'viewer' and 'editor' user group with 'change_layer' permission user_groups = list(set(get_groups_for_object(l, 'change_layer', 'viewer') + \ get_groups_for_object(l, 'change_layer', 'editor'))) users = get_users_for_object(l, 'change_layer', with_anonymous=True) # Group before to avoid give single user grant for g in user_groups: g = ObjectPermissionChecker(g) for p in EDITING_ATOMIC_PERMISSIONS: if not g.has_perm(p, l): setPermissionUserObject(g.group, l, [p]) changed_groups += 1 self.stdout.write(self.style.SUCCESS(f'Give atomic permissions to user group {g.group.name}')) for u in users: u = ObjectPermissionChecker(u) for p in EDITING_ATOMIC_PERMISSIONS: if not u.has_perm(p, l): setPermissionUserObject(u.user, l, [p]) changed_users += 1 self.stdout.write(self.style.SUCCESS(f'Give atomic permissions to user {u.user.username}')) self.stdout.write(self.style.SUCCESS(f'-----------------------------------------------------------')) self.stdout.write(self.style.SUCCESS(f'Total user grants changed: {changed_users}')) self.stdout.write(self.style.SUCCESS(f'Total user group grants changed: {changed_groups}'))
def get_form_kwargs(self): kwargs = super(MacroGroupUpdateView, self).get_form_kwargs() editor_users = get_users_for_object(self.object, 'view_macrogroup', [G3W_EDITOR1]) kwargs['initial']['editor_users'] = [o.id for o in editor_users] return kwargs
def get_context_data(self, **kwargs): contextData = super(ClientView, self).get_context_data(**kwargs) # group serializer try: group = self.project.group except: group = get_object_or_404(Group, slug=kwargs['group_slug']) groupSerializer = GroupSerializer(group, projectId=str(self.project.pk), projectType=kwargs['project_type'], request=self.request) groupData = deepcopy(groupSerializer.data) # choose client by querystring paramenters contextData['client_default'] = self.get_client_name() # login_url login_url = None try: login_url = resolve_url(settings.LOGIN_URL) + '?next={}'.format( reverse('group-project-map', kwargs={ 'group_slug': kwargs['group_slug'], 'project_type': kwargs['project_type'], 'project_id': self.project.pk })) except: pass # logout_url logout_url = None try: logout_url = reverse('logout') + '?next={}'.format( reverse('group-project-map', kwargs={ 'group_slug': kwargs['group_slug'], 'project_type': kwargs['project_type'], 'project_id': self.project.pk })) except: pass # add user login data u = self.request.user # admin_url change_grant_users = get_users_for_object(self.project, "change_project", with_group_users=True) if u in change_grant_users or u.is_superuser: admin_url = reverse('home') else: admin_url = None user_data = {'i18n': get_language(), 'login_url': login_url} if not u.is_anonymous: user_data.update({ 'id': u.pk, 'username': u.username, 'first_name': u.first_name, 'last_name': u.last_name, 'is_superuser': u.is_superuser, 'is_staff': u.is_staff, 'groups': [g.name for g in u.groups.all()], 'logout_url': logout_url }) if admin_url: user_data.update({'admin_url': admin_url}) user_data = JSONRenderer().render(user_data) serializedGroup = JSONRenderer().render(groupData) if six.PY3: serializedGroup = str(serializedGroup, 'utf-8') baseurl = "/{}".format( settings.SITE_PREFIX_URL if settings.SITE_PREFIX_URL else '') frontendurl = ',"frontendurl":"{}"'.format( baseurl) if settings.FRONTEND else '' generaldata = GeneralSuiteData.objects.get() # add baseUrl property contextData['group_config'] = 'var initConfig ={{ "i18n": {}, "staticurl":"{}", "client":"{}", ' \ '"mediaurl":"{}", "user":{}, "group":{}, "baseurl":"{}", "vectorurl":"{}", ' \ '"proxyurl": "{}", "rasterurl":"{}", "interfaceowsurl":"{}", "main_map_title":{}, ' \ '"g3wsuite_logo_img": "{}", "credits": "{}", ' \ '"version": "{}" {} }}'.\ format(json.dumps(settings.LANGUAGES), settings.STATIC_URL, "{}/".format(settings.CLIENT_DEFAULT), settings.MEDIA_URL, user_data.decode('UTF-8'), serializedGroup, baseurl, settings.VECTOR_URL, reverse('interface-proxy'), settings.RASTER_URL, reverse('interface-ows'), '"' + generaldata.main_map_title + '"' if generaldata.main_map_title else 'null', settings.CLIENT_G3WSUITE_LOGO, reverse('client-credits'), get_version(), frontendurl) # project by type(app) if not '{}-{}'.format(kwargs['project_type'], self.project.pk) in list( groupSerializer.projects.keys()): raise Http404('No project type and/or project id present in group') # page title contextData['page_title'] = '{} | {}'.format( getattr(settings, 'G3WSUITE_CUSTOM_TITLE', 'g3w - client'), self.project.title_ur if self.project.title_ur else self.project.title) # choosen skin by user main role contextData['skin_class'] = get_adminlte_skin_by_user( self.request.user) return contextData