def delete_whole_user(username, auth=settings.LAYMAN_GS_AUTH):
role = gs_util.username_to_rolename(username)
delete_workspace(username, auth)
gs_util.delete_user_role(username, role, auth)
gs_util.delete_user_role(username, settings.LAYMAN_GS_ROLE, auth)
gs_util.delete_role(role, auth)
gs_util.delete_user(username, auth)
def ensure_whole_user(username, auth=settings.LAYMAN_GS_AUTH):
gs_util.ensure_user(username, None, auth)
role = gs_util.username_to_rolename(username)
gs_util.ensure_role(role, auth)
gs_util.ensure_user_role(username, role, auth)
gs_util.ensure_user_role(username, settings.LAYMAN_GS_ROLE, auth)
ensure_workspace(username, auth)
def layman_users_to_geoserver_roles(layman_users):
geoserver_roles = set()
for layman_user in layman_users:
if layman_user == settings.RIGHTS_EVERYONE_ROLE:
geoserver_roles.add('ROLE_ANONYMOUS')
geoserver_roles.add('ROLE_AUTHENTICATED')
else:
geoserver_roles.add(username_to_rolename(layman_user))
return geoserver_roles
def test_geoserver_remove_users_for_public_workspaces():
workspace = 'test_geoserver_remove_users_for_public_workspaces_workspace'
user = '******'
auth_headers = process_client.get_authz_headers(user)
layer = 'test_geoserver_remove_users_for_public_workspaces_layer'
gs_rolename = gs_util.username_to_rolename(workspace)
gs_rolename2 = gs_util.username_to_rolename(user)
process_client.publish_workspace_layer(workspace, layer)
process_client.ensure_reserved_username(user, auth_headers)
with app.app_context():
gs_provider.ensure_whole_user(workspace, auth)
usernames = gs_util.get_usernames(auth)
assert workspace in usernames
assert user in usernames
roles = gs_util.get_roles(auth)
assert gs_rolename in roles
assert gs_rolename2 in roles
workspaces = gs_util.get_all_workspaces(auth)
assert workspace in workspaces
assert user in workspaces
upgrade_v1_9.geoserver_remove_users_for_public_workspaces()
usernames = gs_util.get_usernames(auth)
assert workspace not in usernames, usernames
assert user in usernames
roles = gs_util.get_roles(auth)
assert gs_rolename not in roles, roles
assert gs_rolename2 in roles
workspaces = gs_util.get_all_workspaces(auth)
assert workspace in workspaces, workspaces
assert user in workspaces
process_client.delete_workspace_layer(workspace, layer)
process_client.publish_workspace_layer(workspace, layer)
process_client.delete_workspace_layer(workspace, layer)
process_client.publish_workspace_layer(workspace, layer + '2')
process_client.delete_workspace_layer(workspace, layer + '2')
def check_username(username):
if username == settings.LAYMAN_GS_USER:
raise LaymanError(41, {'username': username})
if username in gs_util.RESERVED_WORKSPACE_NAMES:
raise LaymanError(35, {'reserved_by': __name__, 'workspace': username})
if username.endswith(settings.LAYMAN_GS_WMS_WORKSPACE_POSTFIX):
raise LaymanError(45, {'workspace_name': username})
rolename = gs_util.username_to_rolename(username)
if rolename in gs_util.RESERVED_ROLE_NAMES:
raise LaymanError(35, {'reserved_by': __name__, 'role': rolename})
def geoserver_remove_users_for_public_workspaces():
logger.info(
f' Starting - delete unnecessary users and roles created for public workspaces'
)
sql_select_public_workspaces = f'''
select w.name from {DB_SCHEMA}.workspaces w
where NOT EXISTS(select 0 FROM {DB_SCHEMA}.USERS u where u.id_workspace = w.id)'''
public_workspaces = db_util.run_query(sql_select_public_workspaces)
auth = settings.LAYMAN_GS_AUTH
for (workspace, ) in public_workspaces:
logger.info(f' Delete user and role for workspace {workspace}')
role = gs_util.username_to_rolename(workspace)
gs_util.delete_user_role(workspace, role, auth)
gs_util.delete_user_role(workspace, settings.LAYMAN_GS_ROLE, auth)
gs_util.delete_role(role, auth)
gs_util.delete_user(workspace, auth)
logger.info(
f' DONE - delete unnecessary users and roles created for public workspaces'
)