Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

🐛 Fix on LayerAclAccessControlFilter for TMS caching. #697

Merged
merged 2 commits into from
Dec 21, 2023
Merged

🐛 Fix on LayerAclAccessControlFilter for TMS caching. #697

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
fc67ec1
Fix on LayerAclAccessControlFilter for TMS caching.
Dec 21, 2023
051f440
Merge branch 'dev' into Fix_caching
wlorenzetti Dec 21, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
38 changes: 29 additions & 9 deletions g3w-admin/qdjango/server_filters/accesscontrol/layer_acl.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,11 +10,14 @@
__copyright__ = "Copyright 2015 - 2023, Gis3w"
__license__ = "MPL 2.0"

from django.conf import settings
from guardian.shortcuts import get_perms, get_anonymous_user
from qgis.server import QgsAccessControlFilter
from qgis.core import QgsMessageLog, Qgis
from qdjango.apps import QGS_SERVER
from qdjango.models import Layer
from urllib.parse import urlparse, parse_qs



class LayerAclAccessControlFilter(QgsAccessControlFilter):
Expand All @@ -23,6 +26,8 @@ class LayerAclAccessControlFilter(QgsAccessControlFilter):
def __init__(self, server_iface):
super().__init__(server_iface)

self.server_iface = server_iface

def layerPermissions(self, layer):

rights = QgsAccessControlFilter.LayerPermissions()
Expand All @@ -31,15 +36,30 @@ def layerPermissions(self, layer):
qdjango_layer = Layer.objects.get(
project=QGS_SERVER.project, qgs_layer_id=layer.id())

# Check permission
perms = list(
set(get_perms(QGS_SERVER.user, qdjango_layer)) |
set(get_perms(get_anonymous_user(), qdjango_layer))
)
rights.canRead = "view_layer" in perms
rights.canInsert = "add_layer" in perms
rights.canUpdate = "change_layer" in perms
rights.canDelete = "delete_layer" in perms
# Check for caching
purl = urlparse(self.server_iface.requestHandler().url())
qs = parse_qs(purl.query)
arg = 'g3wsuite_caching_token'.upper()
if (('caching' in settings.G3WADMIN_LOCAL_MORE_APPS and
arg in qs and
settings.TILESTACHE_CACHE_TOKEN == qs[arg][0]) and
f"{purl.scheme}://{purl.netloc}" == settings.QDJANGO_SERVER_URL):
rights.canRead = True
rights.canInsert = False
rights.canUpdate = False
rights.canDelete = False

else:

# Check permission
perms = list(
set(get_perms(QGS_SERVER.user, qdjango_layer)) |
set(get_perms(get_anonymous_user(), qdjango_layer))
)
rights.canRead = "view_layer" in perms
rights.canInsert = "add_layer" in perms
rights.canUpdate = "change_layer" in perms
rights.canDelete = "delete_layer" in perms

except Layer.DoesNotExist:
pass
Expand Down