Skip to content

Commit

Permalink
[Fixes #9064] Improve Upload Workflow resources state management
Browse files Browse the repository at this point in the history
  • Loading branch information
afabiani committed Apr 9, 2022
1 parent 63d03ce commit acaee14
Showing 1 changed file with 69 additions and 74 deletions.
143 changes: 69 additions & 74 deletions geonode/geoserver/security.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,6 @@
#
#########################################################################

import copy
import json
import typing
import logging
Expand Down Expand Up @@ -721,82 +720,78 @@ def set_permissions(instance=None, owner: settings.AUTH_USER_MODEL = None, permi
try:
if instance:
instance = instance.get_real_instance()
_prev_perm_spec = copy.deepcopy(instance.get_all_level_info())
_geofence_rules_count = get_geofence_rules_count()
logger.debug(f'Fixup GIS Backend Security Rules Accordingly on resource {instance}')
# Avoid setting the permissions if nothing changed
if created or _geofence_rules_count == 0 or not instance.compare_perms(_prev_perm_spec, permissions):
if isinstance(instance, Layer):
if settings.OGC_SERVER['default'].get("GEOFENCE_SECURITY_ENABLED", False):
if not getattr(settings, 'DELAYED_SECURITY_SIGNALS', False):
_disable_cache = []
_owner = owner or instance.owner
if permissions is not None and len(permissions):
if not created:
purge_geofence_layer_rules(instance)

# Owner
perms = OWNER_PERMISSIONS.copy() + LAYER_ADMIN_PERMISSIONS.copy() + DOWNLOAD_PERMISSIONS.copy()
_disable_cache = sync_permissions_and_disable_cache(_disable_cache, instance, perms, _owner, None, None)

# All the other users
if 'users' in permissions and len(permissions['users']) > 0:
for user, perms in permissions['users'].items():
_user = get_user_model().objects.get(username=user)
if _user != _owner:
# Set the GeoFence Rules
group_perms = None
if 'groups' in permissions and len(permissions['groups']) > 0:
group_perms = permissions['groups']
if user == "AnonymousUser":
_user = None
_group = list(group_perms.keys())[0] if group_perms else None
_disable_cache = sync_permissions_and_disable_cache(_disable_cache, instance, perms, _user, _group, group_perms)

# All the other groups
if 'groups' in permissions and len(permissions['groups']) > 0:
for group, perms in permissions['groups'].items():
_group = Group.objects.get(name=group)
if isinstance(instance, Layer):
if settings.OGC_SERVER['default'].get("GEOFENCE_SECURITY_ENABLED", False):
if not getattr(settings, 'DELAYED_SECURITY_SIGNALS', False):
_disable_cache = []
_owner = owner or instance.owner
if permissions is not None and len(permissions):
if not created:
purge_geofence_layer_rules(instance)

# Owner
perms = OWNER_PERMISSIONS.copy() + LAYER_ADMIN_PERMISSIONS.copy() + DOWNLOAD_PERMISSIONS.copy()
_disable_cache = sync_permissions_and_disable_cache(_disable_cache, instance, perms, _owner, None, None)

# All the other users
if 'users' in permissions and len(permissions['users']) > 0:
for user, perms in permissions['users'].items():
_user = get_user_model().objects.get(username=user)
if _user != _owner:
# Set the GeoFence Rules
if _group and _group.name and _group.name == 'anonymous':
_group = None
_disable_cache = sync_permissions_and_disable_cache(_disable_cache, instance, perms, None, _group, None)
else:
anonymous_can_view = settings.DEFAULT_ANONYMOUS_VIEW_PERMISSION
anonymous_can_download = settings.DEFAULT_ANONYMOUS_DOWNLOAD_PERMISSION

if not created:
purge_geofence_layer_rules(instance.get_self_resource())

# Owner & Managers
perms = OWNER_PERMISSIONS.copy() + LAYER_ADMIN_PERMISSIONS.copy() + DOWNLOAD_PERMISSIONS.copy()
_disable_cache = sync_permissions_and_disable_cache(_disable_cache, instance, perms, _owner, None, None)

_resource_groups, _group_managers = instance.get_group_managers(group=instance.group)
for _group_manager in _group_managers:
_disable_cache = sync_permissions_and_disable_cache(_disable_cache, instance, perms, _group_manager, None, None)

for user_group in _resource_groups:
from geonode.security.utils import skip_registered_members_common_group
if not skip_registered_members_common_group(user_group):
_disable_cache = sync_permissions_and_disable_cache(_disable_cache, instance, perms, None, user_group, None)

# Anonymous
if anonymous_can_view:
_disable_cache = sync_permissions_and_disable_cache(_disable_cache, instance, VIEW_PERMISSIONS, None, None, None)

if anonymous_can_download:
_disable_cache = sync_permissions_and_disable_cache(_disable_cache, instance, DOWNLOAD_PERMISSIONS, None, None, None)

if _disable_cache:
filters, formats = _get_gwc_filters_and_formats(_disable_cache)
try:
_layer_workspace = get_layer_workspace(instance)
toggle_layer_cache(f'{_layer_workspace}:{instance.name}', filters=filters, formats=formats)
except Layer.DoesNotExist:
pass
group_perms = None
if 'groups' in permissions and len(permissions['groups']) > 0:
group_perms = permissions['groups']
if user == "AnonymousUser":
_user = None
_group = list(group_perms.keys())[0] if group_perms else None
_disable_cache = sync_permissions_and_disable_cache(_disable_cache, instance, perms, _user, _group, group_perms)

# All the other groups
if 'groups' in permissions and len(permissions['groups']) > 0:
for group, perms in permissions['groups'].items():
_group = Group.objects.get(name=group)
# Set the GeoFence Rules
if _group and _group.name and _group.name == 'anonymous':
_group = None
_disable_cache = sync_permissions_and_disable_cache(_disable_cache, instance, perms, None, _group, None)
else:
instance.set_dirty_state()
anonymous_can_view = settings.DEFAULT_ANONYMOUS_VIEW_PERMISSION
anonymous_can_download = settings.DEFAULT_ANONYMOUS_DOWNLOAD_PERMISSION

if not created:
purge_geofence_layer_rules(instance.get_self_resource())

# Owner & Managers
perms = OWNER_PERMISSIONS.copy() + LAYER_ADMIN_PERMISSIONS.copy() + DOWNLOAD_PERMISSIONS.copy()
_disable_cache = sync_permissions_and_disable_cache(_disable_cache, instance, perms, _owner, None, None)

_resource_groups, _group_managers = instance.get_group_managers(group=instance.group)
for _group_manager in _group_managers:
_disable_cache = sync_permissions_and_disable_cache(_disable_cache, instance, perms, _group_manager, None, None)

for user_group in _resource_groups:
from geonode.security.utils import skip_registered_members_common_group
if not skip_registered_members_common_group(user_group):
_disable_cache = sync_permissions_and_disable_cache(_disable_cache, instance, perms, None, user_group, None)

# Anonymous
if anonymous_can_view:
_disable_cache = sync_permissions_and_disable_cache(_disable_cache, instance, VIEW_PERMISSIONS, None, None, None)

if anonymous_can_download:
_disable_cache = sync_permissions_and_disable_cache(_disable_cache, instance, DOWNLOAD_PERMISSIONS, None, None, None)

if _disable_cache:
filters, formats = _get_gwc_filters_and_formats(_disable_cache)
try:
_layer_workspace = get_layer_workspace(instance)
toggle_layer_cache(f'{_layer_workspace}:{instance.name}', filters=filters, formats=formats)
except Layer.DoesNotExist:
pass
else:
instance.set_dirty_state()
except Exception as e:
logger.exception(e)
return False
Expand Down

0 comments on commit acaee14

Please sign in to comment.