Skip to content

Commit

Permalink
[Fixes #12713] Refactor permissions handler
Browse files Browse the repository at this point in the history
  • Loading branch information
@mattiagiupponi
mattiagiupponi committed Jan 10, 2025
1 parent 853a4f6 commit d4faedb
Show file tree
Hide file tree
Showing 4 changed files with 37 additions and 6 deletions.
9 changes: 8 additions & 1 deletion geonode/base/api/serializers.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -69,6 +69,7 @@
from geonode.security.utils import get_resources_with_perms, get_geoapp_subtypes
from geonode.resource.models import ExecutionRequest
from django.contrib.gis.geos import Polygon
from geonode.security.registry import permissions_registry

logger = logging.getLogger(__name__)

Expand Down Expand Up @@ -523,7 +524,13 @@ class Meta:
def to_representation(self, instance):
request = self.context.get("request", None)
resource = ResourceBase.objects.get(pk=instance)
return resource.get_user_perms(request.user) if request and request.user and resource else []
return (
permissions_registry.get_perms(instance=resource, user=request.user, include_virtual=True)["users"][
request.user
]
if request and request.user and resource
else []
)


class LinksSerializer(DynamicModelSerializer):
Expand Down
3 changes: 2 additions & 1 deletion geonode/resource/manager.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -588,6 +588,7 @@ def set_permissions(
created=created,
approval_status_changed=approval_status_changed,
group_status_changed=group_status_changed,
include_virtual=False,
)

"""
Expand Down Expand Up @@ -800,7 +801,7 @@ def _safe_assign_perm(perm, user_or_group, obj=None):
uuid,
instance=_resource,
owner=owner,
permissions=_resource.get_all_level_info(),
permissions=permissions_registry.get_perms(instance=_resource, include_virtual=True),
created=created,
):
# This might not be a severe error. E.g. for datasets outside of local GeoServer
Expand Down
11 changes: 9 additions & 2 deletions geonode/security/handlers.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,14 @@ def __repr__(self):
return self.__str__()

@staticmethod
def fixup_perms(instance, perms_payload, *args, **kwargs):
def fixup_perms(instance, perms_payload, include_virtual, *args, **kwargs):
return perms_payload

@staticmethod
def get_perms(instance, perms_payload, user, include_virtual, *args, **kwargs):
"""
By default we dont provide any additional perms
"""
return perms_payload


Expand All @@ -47,7 +54,7 @@ class AdvancedWorkflowPermissionsHandler(BasePermissionsHandler):
"""

@staticmethod
def fixup_perms(instance, perms_payload, *args, **kwargs):
def fixup_perms(instance, perms_payload, include_virtual, *args, **kwargs):
# Fixup Advanced Workflow permissions
return AdvancedSecurityWorkflowManager.get_permissions(
instance.uuid,
Expand Down
20 changes: 18 additions & 2 deletions geonode/security/registry.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -52,9 +52,25 @@ def __check_item(self, item):
if not isinstance(item, BasePermissionsHandler):
raise Exception(f"Handler {item} is not a subclass of BasePermissionsHandler")

def fixup_perms(self, instance, payload, *args, **kwargs):
def fixup_perms(self, instance, payload, include_virtual=True, *args, **kwargs):
for handler in self.REGISTRY:
payload = handler.fixup_perms(instance, payload, *args, **kwargs)
payload = handler.fixup_perms(instance, payload, include_virtual, *args, **kwargs)
return payload

def get_perms(self, instance, user=None, include_virtual=True, *args, **kwargs):
"""
Return the payload with the permissions from the handlers.
The permissions payload can be edited by each permissions handler.
For example before return the payload, we can virtually remove perms
to the resource
"""
if user:
payload = {"users": {user: instance.get_user_perms(user)}, "groups": {}}
else:
payload = instance.get_all_level_info()

for handler in self.REGISTRY:
payload = handler.get_perms(instance, payload, user, include_virtual=include_virtual, *args, **kwargs)
return payload

@classmethod
Expand Down

0 comments on commit d4faedb

Please sign in to comment.