Skip to content

Commit

Permalink
Advanced workflow: remove change_permissions to the owner if not a ma…
Browse files Browse the repository at this point in the history 
…nager
  • Loading branch information
afabiani committed Oct 22, 2020
1 parent fc7002d commit f23096c
Showing 1 changed file with 27 additions and 19 deletions.
46 changes: 27 additions & 19 deletions geonode/security/models.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -149,26 +149,31 @@ def set_default_permissions(self):
remove_object_permissions(self)

# default permissions for anonymous users

def skip_registered_members_common_group(user_group):
if groups_settings.AUTO_ASSIGN_REGISTERED_MEMBERS_TO_REGISTERED_MEMBERS_GROUP_NAME:
_members_group_name = groups_settings.REGISTERED_MEMBERS_GROUP_NAME
if (settings.RESOURCE_PUBLISHING or settings.ADMIN_MODERATE_UPLOADS) and \
_members_group_name == user_group.name:
return True
return False

anonymous_group, created = Group.objects.get_or_create(name='anonymous')
user_groups = Group.objects.filter(
name__in=self.owner.groupmember_set.all().values_list("group__slug", flat=True))
obj_group_managers = []
if user_groups:
for _user_group in user_groups:
if groups_settings.AUTO_ASSIGN_REGISTERED_MEMBERS_TO_REGISTERED_MEMBERS_GROUP_NAME:
_members_group_name = groups_settings.REGISTERED_MEMBERS_GROUP_NAME
if (settings.RESOURCE_PUBLISHING or settings.ADMIN_MODERATE_UPLOADS) and \
_members_group_name == _user_group.name:
continue
try:
_group_profile = GroupProfile.objects.get(slug=_user_group.name)
managers = _group_profile.get_managers()
if managers:
for manager in managers:
if manager not in obj_group_managers and not manager.is_superuser:
obj_group_managers.append(manager)
except GroupProfile.DoesNotExist:
pass
if not skip_registered_members_common_group(_user_group):
try:
_group_profile = GroupProfile.objects.get(slug=_user_group.name)
managers = _group_profile.get_managers()
if managers:
for manager in managers:
if manager not in obj_group_managers and not manager.is_superuser:
obj_group_managers.append(manager)
except GroupProfile.DoesNotExist:
pass

if not anonymous_group:
raise Exception("Could not acquire 'anonymous' Group.")
Expand All @@ -183,17 +188,19 @@ def set_default_permissions(self):
anonymous_group, self.get_self_resource())
else:
for user_group in user_groups:
assign_perm('view_resourcebase',
user_group, self.get_self_resource())
if not skip_registered_members_common_group(user_group):
assign_perm('view_resourcebase',
user_group, self.get_self_resource())

anonymous_can_download = settings.DEFAULT_ANONYMOUS_DOWNLOAD_PERMISSION
if anonymous_can_download:
assign_perm('download_resourcebase',
anonymous_group, self.get_self_resource())
else:
for user_group in user_groups:
assign_perm('download_resourcebase',
user_group, self.get_self_resource())
if not skip_registered_members_common_group(user_group):
assign_perm('download_resourcebase',
user_group, self.get_self_resource())

if self.__class__.__name__ == 'Layer':
# only for layer owner
Expand All @@ -214,7 +221,8 @@ def set_default_permissions(self):
for _group_manager in obj_group_managers:
sync_geofence_with_guardian(self.layer, perms, user=_group_manager)
for user_group in user_groups:
sync_geofence_with_guardian(self.layer, perms, group=user_group)
if not skip_registered_members_common_group(user_group):
sync_geofence_with_guardian(self.layer, perms, group=user_group)

# Anonymous
perms = ["view_resourcebase"]
Expand Down

0 comments on commit f23096c

Please sign in to comment.