diff --git a/geonode/base/views.py b/geonode/base/views.py index fdc21bb80d2..d3739496bfd 100644 --- a/geonode/base/views.py +++ b/geonode/base/views.py @@ -102,6 +102,8 @@ def user_and_group_permission(request, model): if request.method == 'POST': form = UserAndGroupPermissionsForm(request.POST) ids = ids.split(",") + _message = '' + _errors = False if form.is_valid(): resources_names = form.cleaned_data.get('layers') users_usernames = [user.username for user in model_class.objects.filter( @@ -124,20 +126,28 @@ def user_and_group_permission(request, model): permissions_names = form.cleaned_data.get('permission_type') if permissions_names: - set_permissions.apply_async( - ([permissions_names], resources_names, users_usernames, groups_names, delete_flag)) - - messages.add_message( - request, - messages.INFO, - f'The asyncronous permissions {form.cleaned_data.get("mode")} request for {", ".join(users_usernames or groups_names)} has been sent' - ) + if 'edit' in permissions_names and 'AnonymousUser' in users_usernames: + if not _errors: + _message = '"EDIT" permissions not allowed for the "AnonymousUser".' + _errors = True + else: + set_permissions.apply_async( + ([permissions_names], resources_names, users_usernames, groups_names, delete_flag)) + if not _errors: + _message = f'The asyncronous permissions {form.cleaned_data.get("mode")} request for {", ".join(users_usernames or groups_names)} has been sent' + else: + if not _errors: + _message = 'No permissions have been set.' + _errors = True else: - messages.add_message( - request, - messages.ERROR, - f'Some error has occured {form.errors}' - ) + if not _errors: + _message = f'Some error has occured {form.errors}' + _errors = True + messages.add_message( + request, + (messages.INFO if not _errors else messages.ERROR), + _message + ) return HttpResponseRedirect( get_url_for_app_model(model, model_class)) diff --git a/geonode/layers/tests.py b/geonode/layers/tests.py index 4cb50f90267..794a0ceae6f 100644 --- a/geonode/layers/tests.py +++ b/geonode/layers/tests.py @@ -2111,22 +2111,64 @@ def test_user_get_the_manage_permissions_for_the_selected_dataset(self): if dataset: dataset.delete() - def _create_arguments(self, perms_type): + def test_anonymous_user_cannot_get_edit_permissions(self): + ''' + Given the Anonymous user, we should get an error trying to set "edit" permissions. + ''' + try: + expected_perms = { + } + + dataset, args, username, opts = self._create_arguments(perms_type='edit') + username = 'AnonymousUser' + opts["users"] = ['AnonymousUser'] + + call_command('set_layers_permissions', *args, **opts) + + self._assert_perms(expected_perms, dataset, username, assertion=False) + finally: + if dataset: + dataset.delete() + + def test_unset_anonymous_view_permissions(self): + ''' + Given the Anonymous user, we should be able to unset any paermission. + ''' + try: + expected_perms = { + } + + dataset, args, username, opts = self._create_arguments(perms_type='view', mode='unset') + username = 'AnonymousUser' + opts["users"] = ['AnonymousUser'] + + call_command('set_layers_permissions', *args, **opts) + + self._assert_perms(expected_perms, dataset, username, assertion=False) + finally: + if dataset: + dataset.delete() + + def _create_arguments(self, perms_type, mode='set'): dataset = create_single_dataset('dataset_for_management_command') args = [] username = get_user_model().objects.exclude(username='admin').exclude(username='AnonymousUser').first().username opts = { "permission": perms_type, "users": [username], - "resources": str(dataset.id) + "resources": str(dataset.id), + "delete": True if mode == 'unset' else False } return dataset, args, username, opts - def _assert_perms(self, expected_perms, dataset, username): + def _assert_perms(self, expected_perms, dataset, username, assertion=True): dataset.refresh_from_db() perms = dataset.get_all_level_info() - self.assertTrue(username in [user.username for user in perms['users']]) - actual = set(itertools.chain.from_iterable([perms for user, perms in perms['users'].items() if user.username == username])) - self.assertSetEqual(expected_perms, actual) + if assertion: + self.assertTrue(username in [user.username for user in perms['users']]) + actual = set(itertools.chain.from_iterable([perms for user, perms in perms['users'].items() if user.username == username])) + self.assertSetEqual(expected_perms, actual) + else: + self.assertFalse(username in [user.username for user in perms['users']]) diff --git a/geonode/layers/utils.py b/geonode/layers/utils.py index 0ecd0d52a82..9a8cafad8e0 100644 --- a/geonode/layers/utils.py +++ b/geonode/layers/utils.py @@ -496,6 +496,8 @@ def set_datasets_permissions(permissions_name, resources_names=None, users_usern for _group, _perms in perms_spec_compact_resource.extended["groups"].items() if _user not in copy_compact_perms.extended["groups"] } + if final_perms_payload["users"].get("AnonymousUser") is None and final_perms_payload["groups"].get("anonymous"): + final_perms_payload["groups"].pop("anonymous") # calling the resource manager to set the permissions resource_manager.set_permissions(resource.uuid, instance=resource, permissions=final_perms_payload)