Skip to content
Snippets Groups Projects
Unverified Commit e7b53a5c authored by Emanuele Tajariol's avatar Emanuele Tajariol Committed by GitHub
Browse files

[Fixes #11447, #11668] Various fixes in GeoFence permissions (#11669) 


* [Fixes #11447] Bad role name in creating GeoFence rules

* [Fixes #11668] Bad ordering of GeoFence rules

---------

Co-authored-by: default avatarGiovanni Allegri <giohappy@gmail.com>
parent a7e3db3b
Branches
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
geonode/geoserver/geofence.py
+ 1
1
View file @ e7b53a5c
......@@ -83,7 +83,7 @@ class Rule:
for field, value in (
("priority", priority),
("userName", user),
("roleName", group),
("roleName", f"ROLE_{group.upper()}" if group is not None and group != "*" else group),
("service", service),
("request", request),
("subfield", subfield),
......
geonode/geoserver/manager.py
+ 12
2
View file @ e7b53a5c
......@@ -475,6 +475,8 @@ class GeoServerResourceManager(ResourceManagerInterface):
create_geofence_rules(_resource, perms, _owner, None, batch)
exist_geolimits = exist_geolimits or has_geolimits(_resource, _owner, None)
deferred_anon_perms = []
# All the other users
if "users" in permissions and len(permissions["users"]) > 0:
for user, user_perms in permissions["users"].items():
......@@ -482,7 +484,9 @@ class GeoServerResourceManager(ResourceManagerInterface):
if _user != _owner:
if user == "AnonymousUser":
_user = None
create_geofence_rules(_resource, user_perms, _user, None, batch)
deferred_anon_perms.append(user_perms)
else:
create_geofence_rules(_resource, user_perms, _user, None, batch)
exist_geolimits = exist_geolimits or has_geolimits(_resource, _user, None)
# All the other groups
......@@ -491,8 +495,14 @@ class GeoServerResourceManager(ResourceManagerInterface):
_group = Group.objects.get(name=group)
if _group and _group.name and _group.name == "anonymous":
_group = None
create_geofence_rules(_resource, perms, None, _group, batch)
deferred_anon_perms.append(perms)
else:
create_geofence_rules(_resource, perms, None, _group, batch)
exist_geolimits = exist_geolimits or has_geolimits(_resource, None, _group)
for perm in deferred_anon_perms:
create_geofence_rules(_resource, perm, None, None, batch)
else:
# Owner & Managers
perms = (
......
geonode/geoserver/security.py
+ 1
1
View file @ e7b53a5c
......@@ -284,8 +284,8 @@ def create_geofence_rules(layer, perms, user=None, group=None, batch: Batch = No
# Anon limits should go at the end, but it's responsibility of the caller to create first user/group rules
for limits, scope, u, g in (
(users_geolimits, "USER", username, None),
(anonymous_geolimits, "ANON", None, None),
(groups_geolimits, "GROUP", None, groupname),
(anonymous_geolimits, "ANON", None, None),
):
if limits and limits.exists():
logger.debug(f"Adding GeoFence {scope} GeoLimit rule: U:{u} G:{g} L:{layer} ")
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment