Merge pull request #5287 from GeoNode/GNIP_71

[Fixes #5274] GNIP 71 - Layer Set Permissions Admin Dashboard

(cherry picked from commit 16ffcdf)

Author: Alessio Fabiani

docs/admin/admin_panel/img/set_layers_permissions_action.png

@@ -693,6 +693,16 @@ By clicking over one Layer link, it will show a detail page allowing you to modi
 
 .. note:: It is strongly recommended to always use the GeoNode :guilabel:`Metadata Wizard` or :guilabel:`Metadata Advanced` tools in order to edit the metadata info.
 
+The ``Permissions`` can be changed also for multiple Layers at once throguh the :guilabel:`Set layers permissions` action.
+
+.. figure:: img/set_layers_permissions_action.png
+    :align: center
+
+By clicking over one Layer link, it will show a detail page allowing you to modify the permissions for the selected resources.
+
+.. figure:: img/set_layers_permissions_form.png
+    :align: center
+
 Manage the maps using the admin panel
 =====================================
 

docs/admin/admin_panel/img/set_layers_permissions_form.png

@@ -62,6 +62,16 @@ def metadata_batch_edit(modeladmin, request, queryset):
 metadata_batch_edit.short_description = 'Metadata batch edit'
 
 
+def set_batch_permissions(modeladmin, request, queryset):
+    ids = ','.join([str(element.pk) for element in queryset])
+    resource = queryset[0].class_name.lower()
+    return HttpResponseRedirect(
+        '/{}s/permissions/batch/{}/'.format(resource, ids))
+
+
+set_batch_permissions.short_description = 'Set permissions'
+
+
 class MediaTranslationAdmin(TranslationAdmin):
     class Media:
         js = (

docs/admin/admin_panel/index.rst

@@ -525,6 +525,32 @@ class BatchEditForm(forms.Form):
     keywords = forms.CharField(required=False)
 
 
+class BatchPermissionsForm(forms.Form):
+    group = forms.ModelChoiceField(
+        queryset=Group.objects.all(),
+        required=False)
+    user = forms.ModelChoiceField(
+        queryset=get_user_model().objects.all(),
+        required=False)
+    permission_type = forms.MultipleChoiceField(
+        required=True,
+        widget=forms.CheckboxSelectMultiple,
+        choices=(
+            ('r', 'Read'),
+            ('w', 'Write'),
+            ('d', 'Download'),
+        ),
+    )
+    mode = forms.ChoiceField(
+        required=True,
+        widget=forms.RadioSelect,
+        choices=(
+            ('set', 'Set'),
+            ('unset', 'Unset'),
+        ),
+    )
+
+
 class CuratedThumbnailForm(ModelForm):
 
     class Meta:

geonode/base/admin.py

@@ -15,7 +15,7 @@ <h2 class="page-title">{% trans "Batch Edit" %}</h2>
   {% csrf_token %}
   {{ form|as_bootstrap }}
   <div>
-    <a href="" class="btn btn-default">{% trans "Cancel" %}</a>
+    <input class="btn" type="submit" name="cancel" value="{% trans "Cancel" %}" />
     <input class="btn btn-primary" type="submit" value="{% trans "Submit" %}" />
   </div>
 </form>

geonode/base/forms.py

@@ -0,0 +1,22 @@
+{% extends "geonode_base.html" %}
+{% load i18n %}
+{% load staticfiles %}
+{% load bootstrap_tags %}
+
+{% block title %} {% trans "Set Permissions" %} - {{ block.super }} {% endblock %}
+
+{% block body_class %}{% trans "set permissions" %}{% endblock %}
+
+{% block body %}
+<div class="page-header">
+  <h2 class="page-title">{% trans "Set Permissions" %}</h2>
+</div>
+<form action="/{{ model|lower }}s/permissions/batch/{{ ids }}/" method="post">
+  {% csrf_token %}
+  {{ form|as_bootstrap }}
+  <div>
+    <input class="btn" type="submit" name="cancel" value="{% trans "Cancel" %}" />
+    <input class="btn btn-primary" type="submit" value="{% trans "Submit" %}" />
+  </div>
+</form>
+{% endblock %}

geonode/base/templates/base/batch_edit.html

@@ -44,6 +44,12 @@ def batch_modify(request, ids, model):
     if model == 'Map':
         Resource = Map
     template = 'base/batch_edit.html'
+
+    if "cancel" in request.POST:
+        return HttpResponseRedirect(
+            '/admin/{model}s/{model}/'.format(model=model.lower())
+        )
+
     if request.method == 'POST':
         form = BatchEditForm(request.POST)
         if form.is_valid():
@@ -75,6 +81,7 @@ def batch_modify(request, ids, model):
                 'model': model,
             }
         )
+
     form = BatchEditForm()
     return render(
         request,

geonode/base/templates/base/batch_permissions.html

@@ -21,7 +21,7 @@
 from django.contrib import admin
 
 from geonode.base.admin import MediaTranslationAdmin, ResourceBaseAdminForm
-from geonode.base.admin import metadata_batch_edit
+from geonode.base.admin import metadata_batch_edit, set_batch_permissions
 from geonode.layers.models import Layer, Attribute, Style
 from geonode.layers.models import LayerFile, UploadSession
 
@@ -60,7 +60,7 @@ class LayerAdmin(MediaTranslationAdmin):
     readonly_fields = ('uuid', 'alternate', 'workspace')
     inlines = [AttributeInline]
     form = LayerAdminForm
-    actions = [metadata_batch_edit]
+    actions = [metadata_batch_edit, set_batch_permissions]
 
 
 class AttributeAdmin(admin.ModelAdmin):

geonode/base/views.py

@@ -959,6 +959,9 @@ def test_assign_change_layer_data_perm(self):
         self.assertIn('change_layer_data', perms['users'][user])
 
     def test_batch_edit(self):
+        """
+        Test batch editing of metadata fields.
+        """
         Model = Layer
         view = 'layer_batch_metadata'
         resources = Model.objects.all()[:3]
@@ -1044,6 +1047,50 @@ def test_batch_edit(self):
             for word in resource.keywords.all():
                 self.assertTrue(word.name in keywords.split(','))
 
+    def test_batch_permissions(self):
+        """
+        Test batch editing of test_batch_permissions.
+        """
+        Model = Layer
+        view = 'layer_batch_permissions'
+        resources = Model.objects.all()[:3]
+        ids = ','.join([str(element.pk) for element in resources])
+        # test non-admin access
+        self.client.login(username="bobby", password="bob")
+        response = self.client.get(reverse(view, args=(ids,)))
+        self.assertTrue(response.status_code in (401, 403))
+        # test group permissions
+        group = Group.objects.first()
+        self.client.login(username='admin', password='admin')
+        response = self.client.post(
+            reverse(view, args=(ids,)),
+            data={
+                'group': group.pk,
+                'permission_type': ('r', ),
+                'mode': 'set'
+            },
+        )
+        self.assertEquals(response.status_code, 302)
+        resources = Model.objects.filter(id__in=[r.pk for r in resources])
+        for resource in resources:
+            perm_spec = resource.get_all_level_info()
+            self.assertTrue(group in perm_spec["groups"])
+        # test user permissions
+        user = get_user_model().objects.first()
+        response = self.client.post(
+            reverse(view, args=(ids,)),
+            data={
+                'user': user.pk,
+                'permission_type': ('r', ),
+                'mode': 'set'
+            },
+        )
+        self.assertEquals(response.status_code, 302)
+        resources = Model.objects.filter(id__in=[r.pk for r in resources])
+        for resource in resources:
+            perm_spec = resource.get_all_level_info()
+            self.assertTrue(user in perm_spec["users"])
+
 
 class UnpublishedObjectTests(GeoNodeBaseTestSupport):
 

geonode/layers/admin.py

@@ -69,6 +69,8 @@
         views.layer_feature_catalogue, name='layer_feature_catalogue'),
     url(r'^metadata/batch/(?P<ids>[^/]*)/$',
         views.layer_batch_metadata, name='layer_batch_metadata'),
+    url(r'^permissions/batch/(?P<ids>[^/]*)/$',
+        views.layer_batch_permissions, name='layer_batch_permissions'),
 ]
 
 # -- Deprecated url routes for Geoserver authentication -- remove after GeoNode 2.1

geonode/layers/tests.py

@@ -31,6 +31,7 @@
 from celery.exceptions import TimeoutError
 
 from django.contrib.gis.geos import GEOSGeometry
+from django.core.exceptions import PermissionDenied
 from django.template.response import TemplateResponse
 from requests import Request
 from itertools import chain
@@ -63,7 +64,7 @@
 from django.forms.utils import ErrorList
 
 from geonode.base.auth import get_or_create_token
-from geonode.base.forms import CategoryForm, TKeywordForm
+from geonode.base.forms import CategoryForm, TKeywordForm, BatchPermissionsForm
 from geonode.base.views import batch_modify
 from geonode.base.models import (
     Thesaurus,
@@ -82,7 +83,8 @@
 from geonode.layers.utils import (
     file_upload,
     is_raster,
-    is_vector)
+    is_vector,
+    set_layers_permissions)
 
 from geonode.maps.models import Map
 from geonode.services.models import Service
@@ -1611,6 +1613,80 @@ def layer_batch_metadata(request, ids):
     return batch_modify(request, ids, 'Layer')
 
 
+def batch_permissions(request, ids, model):
+    Resource = None
+    if model == 'Layer':
+        Resource = Layer
+    if not Resource or not request.user.is_superuser:
+        raise PermissionDenied
+
+    template = 'base/batch_permissions.html'
+
+    if "cancel" in request.POST:
+        return HttpResponseRedirect(
+            '/admin/{model}s/{model}/'.format(model=model.lower())
+        )
+
+    if request.method == 'POST':
+        form = BatchPermissionsForm(request.POST)
+        if form.is_valid():
+            _data = form.cleaned_data
+            resources_names = []
+            for resource in Resource.objects.filter(id__in=ids.split(',')):
+                resources_names.append(resource.name)
+            users_usernames = [_data['user'].username, ] if _data['user'] else None
+            groups_names = [_data['group'].name, ] if _data['group'] else None
+            if users_usernames and 'AnonymousUser' in users_usernames and \
+            (not groups_names or 'anonymous' not in groups_names):
+                if not groups_names:
+                    groups_names = []
+                groups_names.append('anonymous')
+            if groups_names and 'anonymous' in groups_names and \
+            (not users_usernames or 'AnonymousUser' not in users_usernames):
+                if not users_usernames:
+                    users_usernames = []
+                users_usernames.append('AnonymousUser')
+            delete_flag = _data['mode'] == 'unset'
+            permissions_names = _data['permission_type']
+            if permissions_names:
+                for permissions_name in permissions_names:
+                    set_layers_permissions(
+                        permissions_name, resources_names, users_usernames, groups_names, delete_flag
+                    )
+            return HttpResponseRedirect(
+                '/admin/{model}s/{model}/'.format(model=model.lower())
+            )
+        return render(
+            request,
+            template,
+            context={
+                'form': form,
+                'ids': ids,
+                'model': model,
+            }
+        )
+
+    form = BatchPermissionsForm(
+        {
+            'permission_type': ('r', ),
+            'mode': 'set'
+        })
+    return render(
+        request,
+        template,
+        context={
+            'form': form,
+            'ids': ids,
+            'model': model,
+        }
+    )
+
+
+@login_required
+def layer_batch_permissions(request, ids):
+    return batch_permissions(request, ids, 'Layer')
+
+
 def layer_view_counter(layer_id, viewer):
     _l = Layer.objects.get(id=layer_id)
     _u = get_user_model().objects.get(username=viewer)