Skip to content

Commit

Permalink
Advanced workflow: remove change_permissions to the owner if not a ma…
Browse files Browse the repository at this point in the history 
…nager
  • Loading branch information
afabiani committed Oct 22, 2020
1 parent f23096c commit bfe51a7
Show file tree
Hide file tree
Showing 2 changed files with 20 additions and 14 deletions.
15 changes: 9 additions & 6 deletions geonode/base/utils.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -180,20 +180,23 @@ def _disable_owner_write_permissions(self):
remove_perm(perm, self.resource.owner, self.resource)

for perm in self.resource.BASE_PERMISSIONS.get('read') + self.resource.BASE_PERMISSIONS.get('download'):
if (settings.RESOURCE_PUBLISHING or settings.ADMIN_MODERATE_UPLOADS) and \
perm not in ['change_resourcebase_permissions', 'publish_resourcebase']:
if not settings.RESOURCE_PUBLISHING and not settings.ADMIN_MODERATE_UPLOADS:
assign_perm(perm, self.resource.owner, self.resource.get_self_resource())
elif perm not in ['change_resourcebase_permissions', 'publish_resourcebase']:
assign_perm(perm, self.resource.owner, self.resource.get_self_resource())

def _restore_owner_permissions(self):

for perm_list in self.resource.BASE_PERMISSIONS.values():
for perm in perm_list:
if (settings.RESOURCE_PUBLISHING or settings.ADMIN_MODERATE_UPLOADS) and \
perm not in ['change_resourcebase_permissions', 'publish_resourcebase']:
if not settings.RESOURCE_PUBLISHING and not settings.ADMIN_MODERATE_UPLOADS:
assign_perm(perm, self.resource.owner, self.resource.get_self_resource())
elif perm not in ['change_resourcebase_permissions', 'publish_resourcebase']:
assign_perm(perm, self.resource.owner, self.resource.get_self_resource())

for perm_list in self.resource.PERMISSIONS.values():
for perm in perm_list:
if (settings.RESOURCE_PUBLISHING or settings.ADMIN_MODERATE_UPLOADS) and \
perm not in ['change_resourcebase_permissions', 'publish_resourcebase']:
if not settings.RESOURCE_PUBLISHING and not settings.ADMIN_MODERATE_UPLOADS:
assign_perm(perm, self.resource.owner, self.resource)
elif perm not in ['change_resourcebase_permissions', 'publish_resourcebase']:
assign_perm(perm, self.resource.owner, self.resource)
19 changes: 11 additions & 8 deletions geonode/security/utils.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -609,21 +609,24 @@ def sync_geofence_with_guardian(layer, perms, user=None, group=None):
def set_owner_permissions(resource, members=None):
"""assign all admin permissions to the owner"""
if resource.polymorphic_ctype:
# Set the GeoFence Owner Rule
# Owner & Manager Admin Perms
admin_perms = models.VIEW_PERMISSIONS + models.ADMIN_PERMISSIONS
for perm in admin_perms:
if not settings.RESOURCE_PUBLISHING and not settings.ADMIN_MODERATE_UPLOADS:
assign_perm(perm, resource.owner, resource.get_self_resource())
elif perm not in ['change_resourcebase_permissions', 'publish_resourcebase']:
assign_perm(perm, resource.owner, resource.get_self_resource())
if members:
for user in members:
assign_perm(perm, user, resource.get_self_resource())

# Set the GeoFence Owner Rule
if resource.polymorphic_ctype.name == 'layer':
for perm in models.LAYER_ADMIN_PERMISSIONS:
assign_perm(perm, resource.owner, resource.layer)
if members:
for user in members:
assign_perm(perm, user, resource.layer)
for perm in admin_perms:
if (settings.RESOURCE_PUBLISHING or settings.ADMIN_MODERATE_UPLOADS) and \
perm not in ['change_resourcebase_permissions', 'publish_resourcebase']:
assign_perm(perm, resource.owner, resource.get_self_resource())
if members:
for user in members:
assign_perm(perm, user, resource.get_self_resource())


def remove_object_permissions(instance):
Expand Down

0 comments on commit bfe51a7

Please sign in to comment.