[Fixes #10524] Resource permissions are not returned in the users/gro…

…ups endpoint (#10544) (#10547) * [Fixes #10524] Resource permissions are not returned in the users/groups endpoint * [Fixes #10524] Resource permissions are not returned in the users/groups endpoint (cherry picked from commit 14f8102) Co-authored-by: mattiagiupponi <[email protected]>
GeoNode · Jan 17, 2023 · b383d2a · b383d2a
1 parent d812bd1
commit b383d2a
Show file tree

Hide file tree

Showing 2 changed files with 57 additions and 3 deletions.
diff --git a/geonode/base/api/tests.py b/geonode/base/api/tests.py
@@ -45,7 +45,7 @@
 from geonode.tests.base import GeoNodeBaseTestSupport
 
 from geonode.base import enumerations
-from geonode.groups.models import GroupProfile
+from geonode.groups.models import GroupMember, GroupProfile
 from geonode.thumbs.exceptions import ThumbnailError
 from geonode.layers.utils import get_files
 from geonode.base.models import (
@@ -237,6 +237,31 @@ def test_delete_group(self):
         finally:
             group.delete()
 
+    def test_group_resources_shows_related_permissions(self):
+        '''
+        Calling the resources endpoint of the groups should return also the
+        group permission on that specific resource
+        '''
+        group = GroupProfile.objects.create(slug="group1", title="group1", access="public")
+        bobby = get_user_model().objects.filter(username='bobby').get()
+        GroupMember.objects.get_or_create(group=group, user=bobby, role="member")
+        dataset = Dataset.objects.first()
+        dataset.set_permissions(
+            {'groups': {group: ['base.view_resourcebase']}}
+        )
+        try:
+            self.assertTrue(self.client.login(username='bobby', password='bob'))
+            url = f"{reverse('group-profiles-list')}/{group.id}/resources"
+            response = self.client.get(url, format='json')
+            self.assertEqual(response.status_code, 200)
+            perms = response.json().get("resources", [])[0].get("perms")
+            self.assertListEqual(
+                ["view_resourcebase"],
+                perms
+            )
+        finally:
+            group.delete()
+
     def test_users_list(self):
         """
         Ensure we can access the users list.
@@ -306,6 +331,26 @@ def test_users_list(self):
             group_user.delete()
             groupx.delete()
 
+    def test_user_resources_shows_related_permissions(self):
+        '''
+        Calling the resources endpoint of the user should return also the
+        user permission on that specific resource
+        '''
+        bobby = get_user_model().objects.filter(username='bobby').get()
+        dataset = Dataset.objects.first()
+        dataset.set_permissions(
+            {'users': {bobby: ['base.view_resourcebase', 'base.change_resourcebase']}}
+        )
+        self.assertTrue(self.client.login(username='bobby', password='bob'))
+        url = f"{reverse('users-list')}/{bobby.id}/resources"
+        response = self.client.get(url, format='json')
+        self.assertEqual(response.status_code, 200)
+        perms = response.json().get("resources", [])[0].get("perms")
+        self.assertSetEqual(
+            {"view_resourcebase", "change_resourcebase"},
+            set(perms)
+        )
+
     def test_get_self_user_details_outside_registered_member(self):
         try:
             user = get_user_model().objects.create_user(

diff --git a/geonode/base/api/views.py b/geonode/base/api/views.py
@@ -149,7 +149,12 @@ def resources(self, request, pk=None):
             admin_approval_required=settings.ADMIN_MODERATE_UPLOADS,
             unpublished_not_visible=settings.RESOURCE_PUBLISHING,
             private_groups_not_visibile=settings.GROUP_PRIVATE_RESOURCES)
-        return Response(ResourceBaseSerializer(embed=True, many=True).to_representation(resources))
+
+        paginator = GeoNodeApiPagination()
+        paginator.page_size = request.GET.get('page_size', 10)
+        result_page = paginator.paginate_queryset(resources, request)
+        serializer = ResourceBaseSerializer(result_page, embed=True, many=True, context={"request": request})
+        return paginator.get_paginated_response({"resources": serializer.data})
 
     @extend_schema(methods=['get'], responses={200: GroupProfileSerializer(many=True)},
                    description="API endpoint allowing to retrieve the Groups the user is member of.")
@@ -206,7 +211,11 @@ def managers(self, request, pk=None):
     def resources(self, request, pk=None):
         group = self.get_object()
         resources = group.resources()
-        return Response(ResourceBaseSerializer(embed=True, many=True).to_representation(resources))
+        paginator = GeoNodeApiPagination()
+        paginator.page_size = request.GET.get('page_size', 10)
+        result_page = paginator.paginate_queryset(list(resources), request)
+        serializer = ResourceBaseSerializer(result_page, embed=True, many=True, context={"request": request})
+        return paginator.get_paginated_response({"resources": serializer.data})
 
 
 class RegionViewSet(WithDynamicViewSetMixin, ListModelMixin, RetrieveModelMixin, GenericViewSet):