Skip to content

Commit

Permalink
[Fixes #8524] Missing "anonymous group" permissions within GeoFence r…
Browse files Browse the repository at this point in the history 
…ules (#8526)
  • Loading branch information
Alessio Fabiani authored Dec 20, 2021
1 parent 7fc91ea commit bec9796
Show file tree
Hide file tree
Showing 2 changed files with 11 additions and 8 deletions.
17 changes: 10 additions & 7 deletions geonode/security/models.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -289,9 +289,10 @@ def set_permissions(self, perm_spec, created=False):
set_owner_permissions(self)

# Anonymous User group
if 'users' in perm_spec and "AnonymousUser" in perm_spec['users']:
if 'users' in perm_spec and ("AnonymousUser" in perm_spec['users'] or get_anonymous_user() in perm_spec['users']):
anonymous_user = "AnonymousUser" if "AnonymousUser" in perm_spec['users'] else get_anonymous_user()
anonymous_group = Group.objects.get(name='anonymous')
for perm in perm_spec['users']['AnonymousUser']:
for perm in perm_spec['users'][anonymous_user]:
if self.polymorphic_ctype.name == 'layer' and perm in ('change_layer_data', 'change_layer_style',
'add_layer', 'change_layer', 'delete_layer',):
assign_perm(perm, anonymous_group, self.layer)
Expand All @@ -302,7 +303,7 @@ def set_permissions(self, perm_spec, created=False):
if 'users' in perm_spec and len(perm_spec['users']) > 0:
for user, perms in perm_spec['users'].items():
_user = get_user_model().objects.get(username=user)
if _user != self.owner and user != "AnonymousUser":
if _user != self.owner and user != "AnonymousUser" and user != get_anonymous_user():
for perm in perms:
if self.polymorphic_ctype.name == 'layer' and perm in (
'change_layer_data', 'change_layer_style',
Expand All @@ -325,9 +326,10 @@ def set_permissions(self, perm_spec, created=False):

# AnonymousUser
if 'users' in perm_spec and len(perm_spec['users']) > 0:
if "AnonymousUser" in perm_spec['users']:
if "AnonymousUser" in perm_spec['users'] or get_anonymous_user() in perm_spec['users']:
_user = get_anonymous_user()
perms = perm_spec['users']["AnonymousUser"]
anonymous_user = "AnonymousUser" if "AnonymousUser" in perm_spec['users'] else get_anonymous_user()
perms = perm_spec['users'][anonymous_user]
for perm in perms:
if self.polymorphic_ctype.name == 'layer' and perm in (
'change_layer_data', 'change_layer_style',
Expand Down Expand Up @@ -384,9 +386,10 @@ def set_permissions(self, perm_spec, created=False):

# AnonymousUser
if 'users' in perm_spec and len(perm_spec['users']) > 0:
if "AnonymousUser" in perm_spec['users']:
if "AnonymousUser" in perm_spec['users'] or get_anonymous_user() in perm_spec['users']:
_user = get_anonymous_user()
perms = perm_spec['users']["AnonymousUser"]
anonymous_user = "AnonymousUser" if "AnonymousUser" in perm_spec['users'] else get_anonymous_user()
perms = perm_spec['users'][anonymous_user]
sync_geofence_with_guardian(self.layer, perms, geofence_uow=geofence_uow)
gf_services = _get_gf_services(self.layer, perms)
_, _, _disable_layer_cache, _, _, _ = get_user_geolimits(self.layer, _user, None, gf_services)
Expand Down
2 changes: 1 addition & 1 deletion geonode/security/utils.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1078,7 +1078,7 @@ def sync_resources_with_guardian(resource=None):
user = get_user_model().objects.get(username=user)
# Set the GeoFence User Rules
geofence_user = str(user)
if "AnonymousUser" in geofence_user:
if "AnonymousUser" in geofence_user or get_anonymous_user() in geofence_user:
geofence_user = None
sync_geofence_with_guardian(layer, perms, user=geofence_user)
# All the other groups
Expand Down

0 comments on commit bec9796

Please sign in to comment.