[Patch] Cumulative Patch Update from master: 2022-01-04-1 (#9019)

* [Patch] Cumulative Patch Update from master: 2022-01-04-1 * - Revert Dockerfile python buster version * [CircleCI] Fix tests * [CircleCI] Fix tests * [CircleCI] Fix tests * [CircleCI] Fix tests * - Revert Dockerfile python buster version * [CircleCI] Fix tests * [CircleCI] Fix tests * [Pep8] Fix flake8 issues * [CircleCI] Fix tests
GeoNode · Apr 2, 2022 · 4aa6fe1 · 4aa6fe1
1 parent af6f7d9
commit 4aa6fe1
Show file tree

Hide file tree

Showing 73 changed files with 938 additions and 652 deletions.
diff --git a/.env b/.env
@@ -37,6 +37,7 @@ GEONODE_DB_CONN_MAX_AGE=0
 GEONODE_DB_CONN_TOUT=5
 DEFAULT_BACKEND_DATASTORE=datastore
 BROKER_URL=amqp://guest:guest@rabbitmq:5672/
+CELERY_BEAT_SCHEDULER=celery.beat:PersistentScheduler
 ASYNC_SIGNALS=True
 
 SITEURL=http://localhost/

diff --git a/.env_dev b/.env_dev
@@ -37,6 +37,7 @@ GEONODE_DB_CONN_MAX_AGE=0
 GEONODE_DB_CONN_TOUT=5
 DEFAULT_BACKEND_DATASTORE=datastore
 BROKER_URL=amqp://admin:admin@localhost:5672//
+CELERY_BEAT_SCHEDULER=celery.beat:PersistentScheduler
 ASYNC_SIGNALS=False
 
 SITEURL=http://localhost:8000/

diff --git a/.env_local b/.env_local
@@ -37,6 +37,7 @@ GEONODE_DB_CONN_MAX_AGE=0
 GEONODE_DB_CONN_TOUT=5
 DEFAULT_BACKEND_DATASTORE=datastore
 BROKER_URL=amqp://admin:admin@localhost:5672//
+CELERY_BEAT_SCHEDULER=celery.beat:PersistentScheduler
 ASYNC_SIGNALS=False
 
 SITEURL=http://localhost/

diff --git a/.env_test b/.env_test
@@ -37,6 +37,7 @@ GEONODE_DB_CONN_MAX_AGE=0
 GEONODE_DB_CONN_TOUT=5
 DEFAULT_BACKEND_DATASTORE=datastore
 BROKER_URL=amqp://guest:guest@rabbitmq:5672/
+CELERY_BEAT_SCHEDULER=celery.beat:PersistentScheduler
 ASYNC_SIGNALS=True
 
 SITEURL=http://localhost:8001/

diff --git a/celery-cmd b/celery-cmd
@@ -3,20 +3,20 @@
 # Luca Pasquali <[email protected]>
 CELERY_BIN=${CELERY_BIN:-"$(which celery||echo celery)"}
 CELERY_APP=${CELERY_APP:-"geonode.celery_app:app"}
-# CELERY__STATE_DB=${CELERY__STATE_DB:-"/mnt/volumes/statics/worker.state"}
+CELERY__STATE_DB=${CELERY__STATE_DB:-"/mnt/volumes/statics/worker.state"}
 # expressed in KB
 CELERY__MAX_MEMORY_PER_CHILD=${CELERY__MAX_MEMORY_PER_CHILD:-"200000"}
 CELERY__AUTOSCALE_VALUES=${CELERY__AUTOSCALE_VALUES:-"2,4"}
 CELERY__MAX_TASKS_PER_CHILD=${CELERY__MAX_TASKS_PER_CHILD:-"10"}
 CELERY__OPTS=${CELERY__OPTS:-"--without-gossip --without-mingle -Ofair -B -E"}
-CELERY__BEAT_SCHEDULE=${CELERY__BEAT_SCHEDULE:-"django_celery_beat.schedulers:DatabaseScheduler"}
+CELERY__BEAT_SCHEDULE=${CELERY__BEAT_SCHEDULE:-"celery.beat:PersistentScheduler"}
 CELERY__LOG_LEVEL=${CELERY__LOG_LEVEL:-"INFO"}
 CELERY__LOG_FILE=${CELERY__LOG_FILE:-"/var/log/celery.log"}
 CELERY__WORKER_NAME=${CELERY__WORKER_NAME:-"worker1@%h"}
 CELERY__WORKER_CONCURRENCY=${CELERY__WORKER_CONCURRENCY:-"4"}
 
 $CELERY_BIN -A $CELERY_APP worker --autoscale=$CELERY__AUTOSCALE_VALUES \
     --max-memory-per-child=$CELERY__MAX_MEMORY_PER_CHILD $CELERY__OPTS \
-    -s $CELERY__BEAT_SCHEDULE \
+    --statedb=$CELERY__STATE_DB --scheduler=$CELERY__BEAT_SCHEDULE \
     --loglevel=$CELERY__LOG_LEVEL -n $CELERY__WORKER_NAME -f $CELERY__LOG_FILE \
     --concurrency=$CELERY__WORKER_CONCURRENCY --max-tasks-per-child=$CELERY__MAX_TASKS_PER_CHILD
diff --git a/celery.sh b/celery.sh
@@ -1,4 +1,4 @@
 #!/bin/bash
 nohup celery -A geonode.celery_app:app beat -l DEBUG -f /var/log/celery.log &>/dev/null &
-nohup celery -A geonode.celery_app:app worker --without-gossip --without-mingle -Ofair -B -E -s django_celery_beat.schedulers:DatabaseScheduler --loglevel=INFO --concurrency=2 -n worker1@%h -f /var/log/celery.log &>/dev/null &
+nohup celery -A geonode.celery_app:app worker --without-gossip --without-mingle -Ofair -B -E --statedb=worker.state --scheduler=celery.beat:PersistentScheduler --loglevel=INFO --concurrency=2 -n worker1@%h -f /var/log/celery.log &>/dev/null &
 nohup celery -A geonode.celery_app:app flower --auto_refresh=True --debug=False --broker=${BROKER_URL} --basic_auth=${ADMIN_USERNAME}:${ADMIN_PASSWORD} --address=0.0.0.0 --port=5555 &>/dev/null &
diff --git a/celery_dev.sh b/celery_dev.sh
@@ -2,4 +2,4 @@ set -a
 . ./.env_dev
 set +a
 
-celery -A geonode.celery_app:app worker --without-gossip --without-mingle -Ofair -B -E -s django_celery_beat.schedulers:DatabaseScheduler --loglevel=DEBUG --concurrency=2 -n worker1@%h
+celery -A geonode.celery_app:app worker --without-gossip --without-mingle -Ofair -B -E --statedb=worker.state --scheduler=celery.beat:PersistentScheduler --loglevel=DEBUG --concurrency=2 -n worker1@%h
diff --git a/docker-compose-test.yml b/docker-compose-test.yml
@@ -1,10 +1,9 @@
 version: '3.4'
-services:
 
 # Common Django template for GeoNode and Celery services below
 x-common-django:
   &default-common-django
-  image: geonode/geonode:latest
+  image: geonode/geonode:3.3.2
   restart: on-failure
   env_file:
     - .env_test
@@ -39,7 +38,7 @@ services:
   # Celery worker that executes celery tasks created by Django.
   celery:
     << : *default-common-django
-    image: geonode/geonode:latest
+    image: geonode/geonode:3.3.2
     container_name: celery4${COMPOSE_PROJECT_NAME}
     depends_on:
       - django
@@ -50,7 +49,7 @@ services:
 
   # Nginx is serving django static and media files and proxies to django and geonode
   geonode:
-    image: geonode/nginx:3.x
+    image: geonode/nginx:3.3.2
     build: ./scripts/docker/nginx/
     container_name: nginx4${COMPOSE_PROJECT_NAME}
     environment:
@@ -71,7 +70,7 @@ services:
 
   # Gets and installs letsencrypt certificates
   letsencrypt:
-    image: geonode/spcgeonode:letsencrypt-3.1
+    image: geonode/letsencrypt:3.3.2
     build: ./scripts/docker/letsencrypt/
     container_name: letsencrypt4${COMPOSE_PROJECT_NAME}
     environment:

diff --git a/docker-compose.yml b/docker-compose.yml
@@ -3,7 +3,7 @@ version: '3.4'
 # Common Django template for GeoNode and Celery services below
 x-common-django:
   &default-common-django
-  image: geonode/geonode:3.3.x
+  image: geonode/geonode:3.3.2
   restart: on-failure
   env_file:
     - .env
@@ -38,7 +38,7 @@ services:
   # Celery worker that executes celery tasks created by Django.
   celery:
     << : *default-common-django
-    image: geonode/geonode:3.3.x
+    image: geonode/geonode:3.3.2
     container_name: celery4${COMPOSE_PROJECT_NAME}
     depends_on:
       - django
@@ -49,7 +49,7 @@ services:
 
   # Nginx is serving django static and media files and proxies to django and geonode
   geonode:
-    image: geonode/nginx:3.3.x
+    image: geonode/nginx:3.3.2
     build: ./scripts/docker/nginx/
     container_name: nginx4${COMPOSE_PROJECT_NAME}
     environment:
@@ -70,7 +70,7 @@ services:
 
   # Gets and installs letsencrypt certificates
   letsencrypt:
-    image: geonode/letsencrypt-3.3.x
+    image: geonode/letsencrypt-3.3.2
     build: ./scripts/docker/letsencrypt/
     container_name: letsencrypt4${COMPOSE_PROJECT_NAME}
     environment:

diff --git a/entrypoint.sh b/entrypoint.sh
@@ -45,52 +45,27 @@ invoke waitfordbs
 
 cmd="$@"
 
-echo DOCKER_ENV=$DOCKER_ENV
-
-if [ -z ${DOCKER_ENV} ] || [ ${DOCKER_ENV} = "development" ]
+if [ ${IS_CELERY} = "true" ]  || [ ${IS_CELERY} = "True" ]
 then
+    echo "Executing Celery server $cmd for Production"
+else
 
     invoke migrations
     invoke prepare
-    invoke fixtures
-
-    if [ ${IS_CELERY} = "true" ] || [ ${IS_CELERY} = "True" ]
-    then
-
-        echo "Executing Celery server $cmd for Development"
-
-    else
-
-        invoke devrequirements
-        invoke statics
-
-        echo "Executing standard Django server $cmd for Development"
 
+    if [ ${FORCE_REINIT} = "true" ]  || [ ${FORCE_REINIT} = "True" ] || [ ! -e "/mnt/volumes/statics/geonode_init.lock" ]; then
+        invoke updategeoip
+        invoke fixtures
+        invoke monitoringfixture
+        invoke initialized
+        invoke updateadmin
     fi
 
-else
-    if [ ${IS_CELERY} = "true" ]  || [ ${IS_CELERY} = "True" ]
-    then
-        echo "Executing Celery server $cmd for Production"
-    else
-
-        invoke migrations
-        invoke prepare
-
-        if [ ${FORCE_REINIT} = "true" ]  || [ ${FORCE_REINIT} = "True" ] || [ ! -e "/mnt/volumes/statics/geonode_init.lock" ]; then
-            invoke updategeoip
-            invoke fixtures
-            invoke monitoringfixture
-            invoke initialized
-            invoke updateadmin
-        fi
+    invoke statics
+    invoke waitforgeoserver
+    invoke geoserverfixture
 
-        invoke statics
-        invoke waitforgeoserver
-        invoke geoserverfixture
-
-        echo "Executing UWSGI server $cmd for Production"
-    fi
+    echo "Executing UWSGI server $cmd for Production"
 fi
 
 echo "-----------------------------------------------------"

diff --git a/geonode/api/api.py b/geonode/api/api.py
@@ -88,7 +88,7 @@ def get_resources_counts(self, options):
             private_groups_not_visibile=settings.GROUP_PRIVATE_RESOURCES)
 
         subtypes = []
-        if resources and resources.count() > 0:
+        if resources and resources.exists():
             if options['title_filter']:
                 resources = resources.filter(title__icontains=options['title_filter'])
             if options['type_filter']:

diff --git a/geonode/base/api/permissions.py b/geonode/base/api/permissions.py
@@ -25,6 +25,7 @@
 from geonode.security.utils import (
     get_users_with_perms,
     get_resources_with_perms)
+from geonode.groups.models import GroupProfile
 
 logger = logging.getLogger(__name__)
 
@@ -57,7 +58,6 @@ class IsSelfOrReadOnly(IsSelf):
     """
 
     def has_object_permission(self, request, view, obj):
-
         if request.method in permissions.SAFE_METHODS:
             return True
 
@@ -76,7 +76,6 @@ def has_permission(self, request, view):
         return IsSelf.has_permission(self, request, view)
 
     def has_object_permission(self, request, view, obj):
-
         user = request.user
         if user and (user.is_superuser or user.is_staff):
             return True
@@ -95,7 +94,6 @@ def has_permission(self, request, view):
         return IsSelfOrAdmin.has_permission(self, request, view)
 
     def has_object_permission(self, request, view, obj):
-
         if request.method in permissions.SAFE_METHODS:
             return True
 
@@ -107,9 +105,7 @@ class IsSelfOrAdminOrAuthenticatedReadOnly(IsSelfOrAdmin):
     """ Grant R/W to self and superusers/staff members, R/O to auth. """
 
     def has_object_permission(self, request, view, obj):
-
         user = request.user
-
         if request.method in permissions.SAFE_METHODS:
             if user.is_authenticated():
                 return True
@@ -158,6 +154,35 @@ def has_object_permission(self, request, view, obj):
         return IsOwnerOrAdmin.has_object_permission(self, request, view, obj)
 
 
+class IsManagerEditOrAdmin(permissions.BasePermission):
+    """
+    Object-level permission to only allow admin and managers to edit a group.
+    """
+
+    def has_permission(self, request, view):
+        if request.method in ['POST', 'DELETE']:
+            user = request.user
+            return user and (user.is_superuser or user.is_staff)
+
+        return True
+
+    def has_object_permission(self, request, view, obj):
+        # Read permissions are allowed to any request,
+        # so we'll always allow GET, HEAD or OPTIONS requests
+        if request.method in permissions.SAFE_METHODS:
+            return True
+
+        user = request.user
+        if user and user.is_superuser or user.is_staff:
+            return True
+
+        is_group_manager = user and isinstance(obj, GroupProfile) and obj.user_is_role(user, "manager")
+        if is_group_manager and request.method == 'PATCH':
+            return True
+
+        return False
+
+
 class ResourceBasePermissionsFilter(BaseFilterBackend):
     """
     A filter backend that limits results to those where the requesting user