From b4daafbe15ffe0ff0c3e79523968c624051fe3ea Mon Sep 17 00:00:00 2001 From: mattiagiupponi Date: Thu, 15 Feb 2024 17:20:11 +0100 Subject: [PATCH] [Fixes #11962] Activate resource publishing outside Advanced workflow --- .env.sample | 2 +- .env_dev | 2 +- .env_local | 2 +- .env_test | 2 +- CHANGELOG.md | 2 +- geonode/api/api.py | 12 ++-- geonode/api/resourcebase_api.py | 4 +- geonode/api/tests.py | 2 +- geonode/base/api/permissions.py | 4 +- geonode/base/api/views.py | 8 +-- geonode/base/models.py | 4 +- geonode/base/templatetags/base_tags.py | 20 +++--- geonode/base/views.py | 8 +-- geonode/context_processors.py | 2 +- geonode/documents/api/permissions.py | 4 +- geonode/geoapps/api/permissions.py | 4 +- geonode/geoserver/createlayer/utils.py | 2 +- geonode/geoserver/helpers.py | 2 +- geonode/geoserver/tests/integration.py | 4 +- geonode/layers/api/permissions.py | 4 +- geonode/maps/api/permissions.py | 4 +- geonode/security/tests.py | 92 +++++++++++++------------- geonode/security/utils.py | 44 ++++++------ geonode/settings.py | 7 +- package/debian/changelog | 4 +- package/support/geonode.local_settings | 2 +- start_django_async.sh | 2 +- 27 files changed, 129 insertions(+), 120 deletions(-) diff --git a/.env.sample b/.env.sample index 6f51754db13..ba2580555ea 100644 --- a/.env.sample +++ b/.env.sample @@ -209,7 +209,7 @@ CREATE_LAYER=True FAVORITE_ENABLED=True # Advanced Workflow -RESOURCE_PUBLISHING=False +ADMIN_RESOURCE_PUBLISHING=False ADMIN_MODERATE_UPLOADS=False # LDAP diff --git a/.env_dev b/.env_dev index 0b81ed6529d..9dbcb7bfe4f 100644 --- a/.env_dev +++ b/.env_dev @@ -209,7 +209,7 @@ CREATE_LAYER=True FAVORITE_ENABLED=True # Advanced Workflow -RESOURCE_PUBLISHING=False +ADMIN_RESOURCE_PUBLISHING=False ADMIN_MODERATE_UPLOADS=False # PostgreSQL diff --git a/.env_local b/.env_local index ce456cf8641..3b47ba86725 100644 --- a/.env_local +++ b/.env_local @@ -209,7 +209,7 @@ CREATE_LAYER=True FAVORITE_ENABLED=True # Advanced Workflow -RESOURCE_PUBLISHING=False +ADMIN_RESOURCE_PUBLISHING=False ADMIN_MODERATE_UPLOADS=False # PostgreSQL diff --git a/.env_test b/.env_test index 6dcbc35ccc5..9ca7b011dc8 100644 --- a/.env_test +++ b/.env_test @@ -218,7 +218,7 @@ CREATE_LAYER=True FAVORITE_ENABLED=True # Advanced Workflow -RESOURCE_PUBLISHING=False +ADMIN_RESOURCE_PUBLISHING=False ADMIN_MODERATE_UPLOADS=False # PostgreSQL diff --git a/CHANGELOG.md b/CHANGELOG.md index ee54d4a6d2e..1c3fb23978c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -492,7 +492,7 @@ * Advanced Upload Workflow Improvements: - Non admin user cannot change permission - Disable edit permissions globally when read-only mode is active - - RESOURCE_PUBLISHING: + - ADMIN_RESOURCE_PUBLISHING: 1. "unpublished" won't be visible to Anonymous users 2. "unpublished" will be visible to registered users **IF** they have view permissions 3. "unpublished" will be always visible to the owner and Group Managers diff --git a/geonode/api/api.py b/geonode/api/api.py index 316510bb5f0..d7db6991af6 100644 --- a/geonode/api/api.py +++ b/geonode/api/api.py @@ -79,8 +79,8 @@ def get_resources_counts(self, options): resources = get_visible_resources( resources, options["user"], - admin_approval_required=settings.ADMIN_MODERATE_UPLOADS, - unpublished_not_visible=settings.RESOURCE_PUBLISHING, + admin_moderate_uplaods=settings.ADMIN_MODERATE_UPLOADS, + admin_resource_publishing=settings.ADMIN_RESOURCE_PUBLISHING, private_groups_not_visibile=settings.GROUP_PRIVATE_RESOURCES, ) @@ -285,8 +285,8 @@ def dehydrate_datasets_count(self, bundle): filter_set = get_visible_resources( filter_set, request.user if request else None, - admin_approval_required=settings.ADMIN_MODERATE_UPLOADS, - unpublished_not_visible=settings.RESOURCE_PUBLISHING, + admin_moderate_uplaods=settings.ADMIN_MODERATE_UPLOADS, + admin_resource_publishing=settings.ADMIN_RESOURCE_PUBLISHING, private_groups_not_visibile=settings.GROUP_PRIVATE_RESOURCES, ) @@ -711,8 +711,8 @@ def _get_resource_counts(request, resourcebase_filter_kwargs): ResourceBase.objects.filter(**resourcebase_filter_kwargs), request.user, request=request, - admin_approval_required=settings.ADMIN_MODERATE_UPLOADS, - unpublished_not_visible=settings.RESOURCE_PUBLISHING, + admin_moderate_uplaods=settings.ADMIN_MODERATE_UPLOADS, + admin_resource_publishing=settings.ADMIN_RESOURCE_PUBLISHING, private_groups_not_visibile=settings.GROUP_PRIVATE_RESOURCES, ) diff --git a/geonode/api/resourcebase_api.py b/geonode/api/resourcebase_api.py index b152b30aa2f..1310c0a213d 100644 --- a/geonode/api/resourcebase_api.py +++ b/geonode/api/resourcebase_api.py @@ -215,8 +215,8 @@ def apply_filters(self, request, applicable_filters): filtered, request.user if request else None, metadata_only=metadata_only, - admin_approval_required=settings.ADMIN_MODERATE_UPLOADS, - unpublished_not_visible=settings.RESOURCE_PUBLISHING, + admin_moderate_uplaods=settings.ADMIN_MODERATE_UPLOADS, + admin_resource_publishing=settings.ADMIN_RESOURCE_PUBLISHING, private_groups_not_visibile=settings.GROUP_PRIVATE_RESOURCES, ) diff --git a/geonode/api/tests.py b/geonode/api/tests.py index 61c9214a2c5..5ce30d47e68 100644 --- a/geonode/api/tests.py +++ b/geonode/api/tests.py @@ -137,7 +137,7 @@ def test_dataset_get_list_dataset_private_to_one_user(self): layer.save() # with resource publishing - with self.settings(RESOURCE_PUBLISHING=True): + with self.settings(ADMIN_RESOURCE_PUBLISHING=True): resp = self.api_client.get(list_url) self.assertGreaterEqual(len(self.deserialize(resp)["objects"]), 7) diff --git a/geonode/base/api/permissions.py b/geonode/base/api/permissions.py index 75d19ea36d3..b241fd4ba7e 100644 --- a/geonode/base/api/permissions.py +++ b/geonode/base/api/permissions.py @@ -204,8 +204,8 @@ def filter_queryset(self, request, queryset, view): queryset, request.user, metadata_only=metadata_only, - admin_approval_required=settings.ADMIN_MODERATE_UPLOADS, - unpublished_not_visible=settings.RESOURCE_PUBLISHING, + admin_moderate_uplaods=settings.ADMIN_MODERATE_UPLOADS, + admin_resource_publishing=settings.ADMIN_RESOURCE_PUBLISHING, private_groups_not_visibile=settings.GROUP_PRIVATE_RESOURCES, ) diff --git a/geonode/base/api/views.py b/geonode/base/api/views.py index 1b9db5a6925..b72d65c8c8a 100644 --- a/geonode/base/api/views.py +++ b/geonode/base/api/views.py @@ -153,8 +153,8 @@ def resources(self, request, pk=None): resources = get_visible_resources( qs, user, - admin_approval_required=settings.ADMIN_MODERATE_UPLOADS, - unpublished_not_visible=settings.RESOURCE_PUBLISHING, + admin_moderate_uplaods=settings.ADMIN_MODERATE_UPLOADS, + admin_resource_publishing=settings.ADMIN_RESOURCE_PUBLISHING, private_groups_not_visibile=settings.GROUP_PRIVATE_RESOURCES, ) @@ -1529,8 +1529,8 @@ def base_linked_resources(instance, user, params): visibile_resources = get_visible_resources( ResourceBase.objects, user=user, - admin_approval_required=settings.ADMIN_MODERATE_UPLOADS, - unpublished_not_visible=settings.RESOURCE_PUBLISHING, + admin_moderate_uplaods=settings.ADMIN_MODERATE_UPLOADS, + admin_resource_publishing=settings.ADMIN_RESOURCE_PUBLISHING, private_groups_not_visibile=settings.GROUP_PRIVATE_RESOURCES, ).order_by("-pk") visible_ids = [res.id for res in visibile_resources] diff --git a/geonode/base/models.py b/geonode/base/models.py index 5231c544978..1a8780879ac 100644 --- a/geonode/base/models.py +++ b/geonode/base/models.py @@ -300,8 +300,8 @@ def resource_keywords_tree(cls, user, parent=None, resource_type=None, resource_ resources = get_visible_resources( resources, user, - admin_approval_required=settings.ADMIN_MODERATE_UPLOADS, - unpublished_not_visible=settings.RESOURCE_PUBLISHING, + admin_moderate_uplaods=settings.ADMIN_MODERATE_UPLOADS, + admin_resource_publishing=settings.ADMIN_RESOURCE_PUBLISHING, private_groups_not_visibile=settings.GROUP_PRIVATE_RESOURCES, ) diff --git a/geonode/base/templatetags/base_tags.py b/geonode/base/templatetags/base_tags.py index d9bf63f4c36..8bdad2f549b 100644 --- a/geonode/base/templatetags/base_tags.py +++ b/geonode/base/templatetags/base_tags.py @@ -97,8 +97,8 @@ def facets(context): geoapps = get_visible_resources( apps.get_model(label, app.default_model).objects.all(), request.user if request else None, - admin_approval_required=settings.ADMIN_MODERATE_UPLOADS, - unpublished_not_visible=settings.RESOURCE_PUBLISHING, + admin_moderate_uplaods=settings.ADMIN_MODERATE_UPLOADS, + admin_resource_publishing=settings.ADMIN_RESOURCE_PUBLISHING, private_groups_not_visibile=settings.GROUP_PRIVATE_RESOURCES, ) @@ -154,8 +154,8 @@ def facets(context): documents = get_visible_resources( documents, request.user if request else None, - admin_approval_required=settings.ADMIN_MODERATE_UPLOADS, - unpublished_not_visible=settings.RESOURCE_PUBLISHING, + admin_moderate_uplaods=settings.ADMIN_MODERATE_UPLOADS, + admin_resource_publishing=settings.ADMIN_RESOURCE_PUBLISHING, private_groups_not_visibile=settings.GROUP_PRIVATE_RESOURCES, ) @@ -201,8 +201,8 @@ def facets(context): layers = get_visible_resources( layers, request.user if request else None, - admin_approval_required=settings.ADMIN_MODERATE_UPLOADS, - unpublished_not_visible=settings.RESOURCE_PUBLISHING, + admin_moderate_uplaods=settings.ADMIN_MODERATE_UPLOADS, + admin_resource_publishing=settings.ADMIN_RESOURCE_PUBLISHING, private_groups_not_visibile=settings.GROUP_PRIVATE_RESOURCES, ) @@ -280,15 +280,15 @@ def facets(context): maps = get_visible_resources( maps, request.user if request else None, - admin_approval_required=settings.ADMIN_MODERATE_UPLOADS, - unpublished_not_visible=settings.RESOURCE_PUBLISHING, + admin_moderate_uplaods=settings.ADMIN_MODERATE_UPLOADS, + admin_resource_publishing=settings.ADMIN_RESOURCE_PUBLISHING, private_groups_not_visibile=settings.GROUP_PRIVATE_RESOURCES, ) documents = get_visible_resources( documents, request.user if request else None, - admin_approval_required=settings.ADMIN_MODERATE_UPLOADS, - unpublished_not_visible=settings.RESOURCE_PUBLISHING, + admin_moderate_uplaods=settings.ADMIN_MODERATE_UPLOADS, + admin_resource_publishing=settings.ADMIN_RESOURCE_PUBLISHING, private_groups_not_visibile=settings.GROUP_PRIVATE_RESOURCES, ) diff --git a/geonode/base/views.py b/geonode/base/views.py index e51c342fedf..b33cc84991c 100644 --- a/geonode/base/views.py +++ b/geonode/base/views.py @@ -276,8 +276,8 @@ def get_queryset(self): return get_visible_resources( qs, request.user if request else None, - admin_approval_required=settings.ADMIN_MODERATE_UPLOADS, - unpublished_not_visible=settings.RESOURCE_PUBLISHING, + admin_moderate_uplaods=settings.ADMIN_MODERATE_UPLOADS, + admin_resource_publishing=settings.ADMIN_RESOURCE_PUBLISHING, private_groups_not_visibile=settings.GROUP_PRIVATE_RESOURCES, )[:100] @@ -295,8 +295,8 @@ def get_queryset(self): return get_visible_resources( qs, self.request.user if self.request else None, - admin_approval_required=settings.ADMIN_MODERATE_UPLOADS, - unpublished_not_visible=settings.RESOURCE_PUBLISHING, + admin_moderate_uplaods=settings.ADMIN_MODERATE_UPLOADS, + admin_resource_publishing=settings.ADMIN_RESOURCE_PUBLISHING, private_groups_not_visibile=settings.GROUP_PRIVATE_RESOURCES, ) diff --git a/geonode/context_processors.py b/geonode/context_processors.py index 8b83ba2e269..51da91b6167 100644 --- a/geonode/context_processors.py +++ b/geonode/context_processors.py @@ -68,7 +68,7 @@ def resource_urls(request): TOPICCATEGORY_MANDATORY=getattr(settings, "TOPICCATEGORY_MANDATORY", False), GROUP_MANDATORY_RESOURCES=getattr(settings, "GROUP_MANDATORY_RESOURCES", False), GROUP_PRIVATE_RESOURCES=getattr(settings, "GROUP_PRIVATE_RESOURCES", False), - RESOURCE_PUBLISHING=getattr(settings, "RESOURCE_PUBLISHING", False), + ADMIN_RESOURCE_PUBLISHING=getattr(settings, "ADMIN_RESOURCE_PUBLISHING", False), SKIP_PERMS_FILTER=getattr(settings, "SKIP_PERMS_FILTER", False), CLIENT_RESULTS_LIMIT=getattr(settings, "CLIENT_RESULTS_LIMIT", 10), API_LIMIT_PER_PAGE=getattr(settings, "API_LIMIT_PER_PAGE", 20), diff --git a/geonode/documents/api/permissions.py b/geonode/documents/api/permissions.py index ef830404fa9..0aefcfa0297 100644 --- a/geonode/documents/api/permissions.py +++ b/geonode/documents/api/permissions.py @@ -51,8 +51,8 @@ def filter_queryset(self, request, queryset, view): obj_with_perms = get_visible_resources( resources, user, - admin_approval_required=settings.ADMIN_MODERATE_UPLOADS, - unpublished_not_visible=settings.RESOURCE_PUBLISHING, + admin_moderate_uplaods=settings.ADMIN_MODERATE_UPLOADS, + admin_resource_publishing=settings.ADMIN_RESOURCE_PUBLISHING, private_groups_not_visibile=settings.GROUP_PRIVATE_RESOURCES, ) diff --git a/geonode/geoapps/api/permissions.py b/geonode/geoapps/api/permissions.py index 1c48cbe0d2e..93c309c10d1 100644 --- a/geonode/geoapps/api/permissions.py +++ b/geonode/geoapps/api/permissions.py @@ -45,8 +45,8 @@ def filter_queryset(self, request, queryset, view): _allowed_ids = get_visible_resources( resources, user, - admin_approval_required=settings.ADMIN_MODERATE_UPLOADS, - unpublished_not_visible=settings.RESOURCE_PUBLISHING, + admin_moderate_uplaods=settings.ADMIN_MODERATE_UPLOADS, + admin_resource_publishing=settings.ADMIN_RESOURCE_PUBLISHING, private_groups_not_visibile=settings.GROUP_PRIVATE_RESOURCES, ).values_list("id", flat=True) diff --git a/geonode/geoserver/createlayer/utils.py b/geonode/geoserver/createlayer/utils.py index 6f22749b36e..3fa168cc4ae 100644 --- a/geonode/geoserver/createlayer/utils.py +++ b/geonode/geoserver/createlayer/utils.py @@ -83,7 +83,7 @@ def create_gn_dataset(workspace, datastore, name, title, owner_name): to_update = {} if settings.ADMIN_MODERATE_UPLOADS: to_update["is_approved"] = to_update["was_approved"] = False - if settings.RESOURCE_PUBLISHING: + if settings.ADMIN_RESOURCE_PUBLISHING: to_update["is_published"] = to_update["was_published"] = False resource_manager.update(layer.uuid, instance=layer, vals=to_update) diff --git a/geonode/geoserver/helpers.py b/geonode/geoserver/helpers.py index 0a2c8a5ba65..5c7c01b9d40 100755 --- a/geonode/geoserver/helpers.py +++ b/geonode/geoserver/helpers.py @@ -2098,7 +2098,7 @@ def sync_instance_with_geoserver(instance_id, *args, **kwargs): gs_resource.attribution_link = site_url + profile.get_absolute_url() try: - if settings.RESOURCE_PUBLISHING: + if settings.ADMIN_RESOURCE_PUBLISHING: if instance.is_published != gs_resource.advertised: gs_resource.advertised = "true" diff --git a/geonode/geoserver/tests/integration.py b/geonode/geoserver/tests/integration.py index 39d8040e80f..05d049f51ae 100644 --- a/geonode/geoserver/tests/integration.py +++ b/geonode/geoserver/tests/integration.py @@ -244,7 +244,7 @@ def test_unpublished(self): layer.delete() # with settings disabled - with self.settings(RESOURCE_PUBLISHING=True): + with self.settings(ADMIN_RESOURCE_PUBLISHING=True): layer = Dataset.objects.first() layer.is_approved = False layer.is_published = False @@ -284,7 +284,7 @@ def test_default_anonymous_permissions(self): anonymous = get_user_model().objects.get(username="AnonymousUser") norman = get_user_model().objects.get(username="norman") with override_settings( - RESOURCE_PUBLISHING=False, + ADMIN_RESOURCE_PUBLISHING=False, ADMIN_MODERATE_UPLOADS=False, DEFAULT_ANONYMOUS_VIEW_PERMISSION=True, DEFAULT_ANONYMOUS_DOWNLOAD_PERMISSION=False, diff --git a/geonode/layers/api/permissions.py b/geonode/layers/api/permissions.py index 9408469c6fe..6ca3b4c754a 100644 --- a/geonode/layers/api/permissions.py +++ b/geonode/layers/api/permissions.py @@ -51,8 +51,8 @@ def filter_queryset(self, request, queryset, view): obj_with_perms = get_visible_resources( resources, user, - admin_approval_required=settings.ADMIN_MODERATE_UPLOADS, - unpublished_not_visible=settings.RESOURCE_PUBLISHING, + admin_moderate_uplaods=settings.ADMIN_MODERATE_UPLOADS, + admin_resource_publishing=settings.ADMIN_RESOURCE_PUBLISHING, private_groups_not_visibile=settings.GROUP_PRIVATE_RESOURCES, ) diff --git a/geonode/maps/api/permissions.py b/geonode/maps/api/permissions.py index bec44ee8cd5..ac9e52d2718 100644 --- a/geonode/maps/api/permissions.py +++ b/geonode/maps/api/permissions.py @@ -51,8 +51,8 @@ def filter_queryset(self, request, queryset, view): obj_with_perms = get_visible_resources( resources, user, - admin_approval_required=settings.ADMIN_MODERATE_UPLOADS, - unpublished_not_visible=settings.RESOURCE_PUBLISHING, + admin_moderate_uplaods=settings.ADMIN_MODERATE_UPLOADS, + admin_resource_publishing=settings.ADMIN_RESOURCE_PUBLISHING, private_groups_not_visibile=settings.GROUP_PRIVATE_RESOURCES, ) diff --git a/geonode/security/tests.py b/geonode/security/tests.py index 433f4aa6de7..20532e05d98 100644 --- a/geonode/security/tests.py +++ b/geonode/security/tests.py @@ -1238,7 +1238,7 @@ def test_get_visible_resources_should_return_resource_with_metadata_only_none(se if dataset: dataset.delete() - @override_settings(ADMIN_MODERATE_UPLOADS=True, RESOURCE_PUBLISHING=True, GROUP_PRIVATE_RESOURCES=True) + @override_settings(ADMIN_MODERATE_UPLOADS=True, ADMIN_RESOURCE_PUBLISHING=True, GROUP_PRIVATE_RESOURCES=True) def test_get_visible_resources_advanced_workflow(self): admin_user = get_user_model().objects.get(username="admin") standard_user = get_user_model().objects.get(username="bobby") @@ -1252,8 +1252,8 @@ def test_get_visible_resources_advanced_workflow(self): actual = get_visible_resources( queryset=Dataset.objects.all(), user=admin_user, - admin_approval_required=True, - unpublished_not_visible=True, + admin_moderate_uplaods=True, + admin_resource_publishing=True, private_groups_not_visibile=True, ) # The method returns only 'metadata_only=False' resources @@ -1261,8 +1261,8 @@ def test_get_visible_resources_advanced_workflow(self): actual = get_visible_resources( queryset=Dataset.objects.all(), user=standard_user, - admin_approval_required=True, - unpublished_not_visible=True, + admin_moderate_uplaods=True, + admin_resource_publishing=True, private_groups_not_visibile=True, ) # The method returns only 'metadata_only=False' resources @@ -1274,8 +1274,8 @@ def test_get_visible_resources_advanced_workflow(self): actual = get_visible_resources( queryset=Dataset.objects.all(), user=admin_user, - admin_approval_required=True, - unpublished_not_visible=True, + admin_moderate_uplaods=True, + admin_resource_publishing=True, private_groups_not_visibile=True, ) # The method returns only 'metadata_only=False' resources @@ -1283,8 +1283,8 @@ def test_get_visible_resources_advanced_workflow(self): actual = get_visible_resources( queryset=Dataset.objects.all(), user=standard_user, - admin_approval_required=True, - unpublished_not_visible=True, + admin_moderate_uplaods=True, + admin_resource_publishing=True, private_groups_not_visibile=True, ) # The method returns only 'metadata_only=False' resources @@ -1292,8 +1292,8 @@ def test_get_visible_resources_advanced_workflow(self): actual = get_visible_resources( queryset=Dataset.objects.all(), user=None, - admin_approval_required=True, - unpublished_not_visible=True, + admin_moderate_uplaods=True, + admin_resource_publishing=True, private_groups_not_visibile=True, ) # The method returns only 'metadata_only=False' resources @@ -1307,8 +1307,8 @@ def test_get_visible_resources_advanced_workflow(self): actual = get_visible_resources( queryset=Dataset.objects.all(), user=admin_user, - admin_approval_required=True, - unpublished_not_visible=True, + admin_moderate_uplaods=True, + admin_resource_publishing=True, private_groups_not_visibile=True, ) # The method returns only 'metadata_only=False' resources @@ -1316,8 +1316,8 @@ def test_get_visible_resources_advanced_workflow(self): actual = get_visible_resources( queryset=Dataset.objects.all(), user=standard_user, - admin_approval_required=True, - unpublished_not_visible=True, + admin_moderate_uplaods=True, + admin_resource_publishing=True, private_groups_not_visibile=True, ) # The method returns only 'metadata_only=False' resources @@ -1325,8 +1325,8 @@ def test_get_visible_resources_advanced_workflow(self): actual = get_visible_resources( queryset=Dataset.objects.all(), user=None, - admin_approval_required=True, - unpublished_not_visible=True, + admin_moderate_uplaods=True, + admin_resource_publishing=True, private_groups_not_visibile=True, ) # The method returns only 'metadata_only=False' resources @@ -1343,8 +1343,8 @@ def test_get_visible_resources(self): actual = get_visible_resources( queryset=layers, user=standard_user, - admin_approval_required=True, - unpublished_not_visible=True, + admin_moderate_uplaods=True, + admin_resource_publishing=True, private_groups_not_visibile=True, ) self.assertNotIn(_title, list(actual.values_list("title", flat=True))) @@ -1843,12 +1843,12 @@ def setUp(self): self.resource = create_single_dataset(name="test_layer", owner=self.author, group=self.group_profile.group) self.anonymous_user = get_anonymous_user() - @override_settings(RESOURCE_PUBLISHING=False) + @override_settings(ADMIN_RESOURCE_PUBLISHING=False) @override_settings(ADMIN_MODERATE_UPLOADS=False) def test_set_compact_permissions(self): """ **AUTO PUBLISHING** - test_set_compact_permissions - - `RESOURCE_PUBLISHING = False` + - `ADMIN_RESOURCE_PUBLISHING = False` - `ADMIN_MODERATE_UPLOADS = False` """ use_cases = [ @@ -1911,11 +1911,11 @@ def test_set_compact_permissions(self): msg=f"use case #{counter} - user: {authorized_subject.username}", ) - @override_settings(RESOURCE_PUBLISHING=True) - def test_permissions_are_set_as_expected_resource_publishing_True(self): + @override_settings(ADMIN_RESOURCE_PUBLISHING=True) + def test_permissions_are_set_as_expected_ADMIN_RESOURCE_PUBLISHING_True(self): """ - **SIMPLE PUBLISHING** - test_permissions_are_set_as_expected_resource_publishing_True - - `RESOURCE_PUBLISHING = True` (Autopublishing is disabled) + **SIMPLE PUBLISHING** - test_permissions_are_set_as_expected_ADMIN_RESOURCE_PUBLISHING_True + - `ADMIN_RESOURCE_PUBLISHING = True` (Autopublishing is disabled) - `ADMIN_MODERATE_UPLOADS = False` """ use_cases = [ @@ -1981,12 +1981,12 @@ def test_permissions_are_set_as_expected_resource_publishing_True(self): msg=f"use case #{counter} - user: {authorized_subject.username}", ) - @override_settings(RESOURCE_PUBLISHING=True) + @override_settings(ADMIN_RESOURCE_PUBLISHING=True) @override_settings(ADMIN_MODERATE_UPLOADS=True) - def test_permissions_are_set_as_expected_admin_upload_resource_publishing_True(self): + def test_permissions_are_set_as_expected_admin_upload_ADMIN_RESOURCE_PUBLISHING_True(self): """ - **ADVANCED WORKFLOW** - test_permissions_are_set_as_expected_admin_upload_resource_publishing_True - - `RESOURCE_PUBLISHING = True` + **ADVANCED WORKFLOW** - test_permissions_are_set_as_expected_admin_upload_ADMIN_RESOURCE_PUBLISHING_True + - `ADMIN_RESOURCE_PUBLISHING = True` - `ADMIN_MODERATE_UPLOADS = True` """ use_cases = [ @@ -2052,12 +2052,12 @@ def test_permissions_are_set_as_expected_admin_upload_resource_publishing_True(s self.resource.is_published = True self.resource.save() - @override_settings(RESOURCE_PUBLISHING=False) + @override_settings(ADMIN_RESOURCE_PUBLISHING=False) @override_settings(ADMIN_MODERATE_UPLOADS=False) - def test_permissions_are_set_as_expected_admin_upload_resource_publishing_False(self): + def test_permissions_are_set_as_expected_admin_upload_ADMIN_RESOURCE_PUBLISHING_False(self): """ - **AUTO PUBLISHING** - test_permissions_are_set_as_expected_admin_upload_resource_publishing_False - - `RESOURCE_PUBLISHING = False` + **AUTO PUBLISHING** - test_permissions_are_set_as_expected_admin_upload_ADMIN_RESOURCE_PUBLISHING_False + - `ADMIN_RESOURCE_PUBLISHING = False` - `ADMIN_MODERATE_UPLOADS = False` """ use_cases = [ @@ -2112,12 +2112,12 @@ def test_permissions_are_set_as_expected_admin_upload_resource_publishing_False( msg=f"use case #{counter} - user: {authorized_subject.username}", ) - @override_settings(RESOURCE_PUBLISHING=True) + @override_settings(ADMIN_RESOURCE_PUBLISHING=True) @override_settings(ADMIN_MODERATE_UPLOADS=True) def test_permissions_on_user_role_promotion_to_manager(self): """ **ADVANCED WORKFLOW** - test_permissions_on_user_role_promotion_to_manager - - `RESOURCE_PUBLISHING = True` + - `ADMIN_RESOURCE_PUBLISHING = True` - `ADMIN_MODERATE_UPLOADS = True` """ sut = GroupMember.objects.filter(user=self.group_member).exclude(group__title="Registered Members").first() @@ -2164,12 +2164,12 @@ def test_permissions_on_user_role_promotion_to_manager(self): self.resource.save() sut.demote() - @override_settings(RESOURCE_PUBLISHING=True) + @override_settings(ADMIN_RESOURCE_PUBLISHING=True) @override_settings(ADMIN_MODERATE_UPLOADS=True) def test_permissions_on_user_role_demote_to_member(self): """ **ADVANCED WORKFLOW** - test_permissions_on_user_role_demote_to_member - - `RESOURCE_PUBLISHING = True` + - `ADMIN_RESOURCE_PUBLISHING = True` - `ADMIN_MODERATE_UPLOADS = True` """ sut = GroupMember.objects.filter(user=self.group_manager).exclude(group__title="Registered Members").first() @@ -2191,11 +2191,11 @@ def test_permissions_on_user_role_demote_to_member(self): set(expected_perms), set(perms_got), msg=f"use case #0 - user: {authorized_subject.username}" ) - @override_settings(RESOURCE_PUBLISHING=True) - def test_permissions_on_user_role_demote_to_member_only_RESOURCE_PUBLISHING_active(self): + @override_settings(ADMIN_RESOURCE_PUBLISHING=True) + def test_permissions_on_user_role_demote_to_member_only_ADMIN_RESOURCE_PUBLISHING_active(self): """ - **SIMPLE PUBLISHING** - test_permissions_on_user_role_demote_to_member_only_RESOURCE_PUBLISHING_active - - `RESOURCE_PUBLISHING = True` (Autopublishing is disabled) + **SIMPLE PUBLISHING** - test_permissions_on_user_role_demote_to_member_only_ADMIN_RESOURCE_PUBLISHING_active + - `ADMIN_RESOURCE_PUBLISHING = True` (Autopublishing is disabled) - `ADMIN_MODERATE_UPLOADS = False` """ sut = GroupMember.objects.filter(user=self.group_manager).exclude(group__title="Registered Members").first() @@ -2221,11 +2221,11 @@ def test_permissions_on_user_role_demote_to_member_only_RESOURCE_PUBLISHING_acti set(expected_perms), set(perms_got), msg=f"use case #0 - user: {authorized_subject.username}" ) - @override_settings(RESOURCE_PUBLISHING=True) - def test_permissions_on_user_role_promote_to_manager_only_RESOURCE_PUBLISHING_active(self): + @override_settings(ADMIN_RESOURCE_PUBLISHING=True) + def test_permissions_on_user_role_promote_to_manager_only_ADMIN_RESOURCE_PUBLISHING_active(self): """ - **SIMPLE PUBLISHING** - test_permissions_on_user_role_promote_to_manager_only_RESOURCE_PUBLISHING_active - - `RESOURCE_PUBLISHING = True` (Autopublishing is disabled) + **SIMPLE PUBLISHING** - test_permissions_on_user_role_promote_to_manager_only_ADMIN_RESOURCE_PUBLISHING_active + - `ADMIN_RESOURCE_PUBLISHING = True` (Autopublishing is disabled) - `ADMIN_MODERATE_UPLOADS = False` """ sut = GroupMember.objects.filter(user=self.group_member).exclude(group__title="Registered Members").first() @@ -2268,7 +2268,7 @@ def test_permissions_on_user_role_promote_to_manager_only_RESOURCE_PUBLISHING_ac ) -@override_settings(RESOURCE_PUBLISHING=True) +@override_settings(ADMIN_RESOURCE_PUBLISHING=True) @override_settings(ADMIN_MODERATE_UPLOADS=True) class TestPermissionChanges(GeoNodeBaseTestSupport): def setUp(self): diff --git a/geonode/security/utils.py b/geonode/security/utils.py index 91b567562de..911bc6f68f4 100644 --- a/geonode/security/utils.py +++ b/geonode/security/utils.py @@ -28,7 +28,7 @@ from django.contrib.contenttypes.models import ContentType from django.contrib.auth.models import Group, Permission from guardian.utils import get_user_obj_perms_model -from guardian.shortcuts import get_objects_for_user, get_objects_for_group +from guardian.shortcuts import get_objects_for_user, get_objects_for_group, get_anonymous_user from geonode.groups.conf import settings as groups_settings from geonode.groups.models import GroupProfile @@ -56,8 +56,8 @@ def get_visible_resources( user, request=None, metadata_only=False, - admin_approval_required=False, - unpublished_not_visible=False, + admin_moderate_uplaods=False, + admin_resource_publishing=False, private_groups_not_visibile=False, ): # Get the list of objects the user has access to @@ -93,16 +93,20 @@ def get_visible_resources( ) filter_set = filter_set.filter(id__in=_allowed_resources.values("id")) - if admin_approval_required and not AdvancedSecurityWorkflowManager.is_simplified_workflow(): + if admin_moderate_uplaods and not AdvancedSecurityWorkflowManager.is_simplified_workflow(): if not user or not user.is_authenticated or user.is_anonymous: filter_set = filter_set.filter( Q(is_published=True) | Q(group__in=public_groups) | Q(group__in=groups) ).exclude(is_approved=False) # Hide Unpublished Resources to Anonymous Users - if unpublished_not_visible: - if not user or not user.is_authenticated or user.is_anonymous: - filter_set = filter_set.exclude(is_published=False) + if admin_resource_publishing and (not user or not user.is_authenticated or user.is_anonymous): + filter_set = filter_set.exclude(is_published=False) + else: + if user.is_anonymous: + user = get_anonymous_user() + filter_set = filter_set.exclude(~Q(owner=user.id) & Q(is_published=False)) + # Hide Resources Belonging to Private Groups if private_groups_not_visibile: @@ -184,8 +188,8 @@ def get_resources_with_perms(user, filter_options={}, shortcut_kwargs={}): resources_with_perms = get_visible_resources( resources, user, - admin_approval_required=settings.ADMIN_MODERATE_UPLOADS, - unpublished_not_visible=settings.RESOURCE_PUBLISHING, + admin_moderate_uplaods=settings.ADMIN_MODERATE_UPLOADS, + admin_resource_publishing=settings.ADMIN_RESOURCE_PUBLISHING, private_groups_not_visibile=settings.GROUP_PRIVATE_RESOURCES, ) @@ -222,7 +226,7 @@ def get_geoapp_subtypes(): def skip_registered_members_common_group(user_group): _members_group_name = groups_settings.REGISTERED_MEMBERS_GROUP_NAME - if (settings.RESOURCE_PUBLISHING or settings.ADMIN_MODERATE_UPLOADS) and _members_group_name == user_group.name: + if (settings.ADMIN_RESOURCE_PUBLISHING or settings.ADMIN_MODERATE_UPLOADS) and _members_group_name == user_group.name: return True return False @@ -289,7 +293,7 @@ def is_group_private_mode(): @staticmethod def is_manager_publish_mode(): - return settings.RESOURCE_PUBLISHING + return settings.ADMIN_RESOURCE_PUBLISHING @staticmethod def is_admin_moderate_mode(): @@ -299,7 +303,7 @@ def is_admin_moderate_mode(): def is_auto_publishing_workflow(): """ **AUTO PUBLISHING** - - `RESOURCE_PUBLISHING = False` + - `ADMIN_RESOURCE_PUBLISHING = False` - `ADMIN_MODERATE_UPLOADS = False` - When user creates a resource: @@ -307,13 +311,13 @@ def is_auto_publishing_workflow(): - ANONYMOUS can view and download - No change to the Group Manager is applied """ - return not settings.RESOURCE_PUBLISHING and not settings.ADMIN_MODERATE_UPLOADS + return not settings.ADMIN_RESOURCE_PUBLISHING and not settings.ADMIN_MODERATE_UPLOADS @staticmethod def is_simple_publishing_workflow(): """ **SIMPLE PUBLISHING** - - `RESOURCE_PUBLISHING = True` (Autopublishing is disabled) + - `ADMIN_RESOURCE_PUBLISHING = True` (Autopublishing is disabled) - `ADMIN_MODERATE_UPLOADS = False` - When user creates a resource: @@ -327,13 +331,13 @@ def is_simple_publishing_workflow(): - Group MANAGERS of the *resource's group* will get the owner permissions (`publish_resource` EXCLUDED) - Group MEMBERS of the *resource's group* will get the `view_resourcebase`, `download_resourcebase` permission """ - return settings.RESOURCE_PUBLISHING and not settings.ADMIN_MODERATE_UPLOADS + return settings.ADMIN_RESOURCE_PUBLISHING and not settings.ADMIN_MODERATE_UPLOADS @staticmethod def is_advanced_workflow(): """ **ADVANCED WORKFLOW** - - `RESOURCE_PUBLISHING = True` + - `ADMIN_RESOURCE_PUBLISHING = True` - `ADMIN_MODERATE_UPLOADS = True` - When user creates a resource: @@ -347,13 +351,13 @@ def is_advanced_workflow(): - Group MANAGERS of the resource's group will get the owner permissions (`publish_resource` INCLUDED) - Group MEMBERS of the resource's group will get the `view_resourcebase`, `download_resourcebase` permission """ - return settings.RESOURCE_PUBLISHING and settings.ADMIN_MODERATE_UPLOADS + return settings.ADMIN_RESOURCE_PUBLISHING and settings.ADMIN_MODERATE_UPLOADS @staticmethod def is_simplified_workflow(): """ **SIMPLIFIED WORKFLOW** - - `RESOURCE_PUBLISHING = False` + - `ADMIN_RESOURCE_PUBLISHING = False` - `ADMIN_MODERATE_UPLOADS = True` - **NOTE**: Is it even possibile? when the resource is automatically published, can it be un-published? @@ -365,7 +369,7 @@ def is_simplified_workflow(): - Group MEMBERS of the user's group will get the `view_resourcebase`, `download_resourcebase` permission - ANONYMOUS can view and download """ - return not settings.RESOURCE_PUBLISHING and settings.ADMIN_MODERATE_UPLOADS + return not settings.ADMIN_RESOURCE_PUBLISHING and settings.ADMIN_MODERATE_UPLOADS @staticmethod def is_allowed_to_approve(user, resource): @@ -485,7 +489,7 @@ def get_workflow_permissions( ) -> dict: """ Adapts the provided "perm_spec" accordingly to the following schema: - | RESOURCE_PUBLISHING | ADMIN_MODERATE_UPLOADS + | ADMIN_RESOURCE_PUBLISHING | ADMIN_MODERATE_UPLOADS -------------------------------------------------------------------- AUTO PUBLISH | X | X SIMPLE PUBLISHING | V | X diff --git a/geonode/settings.py b/geonode/settings.py index bd597c2ac93..181d64cc5c1 100644 --- a/geonode/settings.py +++ b/geonode/settings.py @@ -27,6 +27,7 @@ from schema import Optional from datetime import timedelta from urllib.parse import urlparse, urljoin +import warnings # # General Django development settings @@ -1907,7 +1908,11 @@ def get_geonode_catalogue_service(): # ######################################################## # # option to enable/disable resource unpublishing for administrators and members -RESOURCE_PUBLISHING = ast.literal_eval(os.getenv("RESOURCE_PUBLISHING", "False")) +if os.getenv("RESOURCE_PUBLISHING", "False"): + warnings.warn("The env variable RESOURCE_PUBLISHING is deprecated, please use ADMIN_RESOURCE_PUBLISHING") + ADMIN_RESOURCE_PUBLISHING = ast.literal_eval(os.getenv("RESOURCE_PUBLISHING", "False")) +else: + ADMIN_RESOURCE_PUBLISHING = ast.literal_eval(os.getenv("ADMIN_RESOURCE_PUBLISHING", "False")) # Each uploaded Dataset must be approved by an Admin before becoming visible ADMIN_MODERATE_UPLOADS = ast.literal_eval(os.environ.get("ADMIN_MODERATE_UPLOADS", "False")) diff --git a/package/debian/changelog b/package/debian/changelog index 18b218405c1..48769374b29 100644 --- a/package/debian/changelog +++ b/package/debian/changelog @@ -5307,7 +5307,7 @@ geonode (2.4.0+alpha32) trusty; urgency=high [ capooti ] * [c44d5a] Added a request download button in layer and document detail pages. The request will be sent to resource owner using django-notification * [6f5abc] Making flake8 happy. Using get_object_or_404 for getting the resource - * [0a419a] Refactored the RESOURCE_PUBLISHING setting, now it is not activated by default + * [0a419a] Refactored the ADMIN_RESOURCE_PUBLISHING setting, now it is not activated by default [ state-hiu ] * [26bee7] initial levels support @@ -5359,7 +5359,7 @@ geonode (2.4.0+alpha28) trusty; urgency=high * [d0a8c3] Added some basic documentation on publishing/unpublishing resources * [050c6b] Forgot a documentation image from previous commit * [a774d4] Making flake8 happy - * [b58499] Added a RESOURCE_PUBLISHING to enable/disable resource unpublishing for django staff members + * [b58499] Added a ADMIN_RESOURCE_PUBLISHING to enable/disable resource unpublishing for django staff members * [715d8b] Now when unpublishing the layer is unadvertised in GeoSever. Users with publish_resourcebase can still access the layer detail page. * [842242] Moved integration permissions test to its appropriate TestCase diff --git a/package/support/geonode.local_settings b/package/support/geonode.local_settings index 6530b168322..e66fb807c3a 100644 --- a/package/support/geonode.local_settings +++ b/package/support/geonode.local_settings @@ -416,7 +416,7 @@ ACCOUNT_APPROVAL_REQUIRED = False CLIENT_RESULTS_LIMIT = 20 API_LIMIT_PER_PAGE = 1000 FREETEXT_KEYWORDS_READONLY = False -RESOURCE_PUBLISHING = False +ADMIN_RESOURCE_PUBLISHING = False ADMIN_MODERATE_UPLOADS = False GROUP_PRIVATE_RESOURCES = False GROUP_MANDATORY_RESOURCES = False diff --git a/start_django_async.sh b/start_django_async.sh index 6b2d25eb84e..35d5caf5526 100755 --- a/start_django_async.sh +++ b/start_django_async.sh @@ -1,7 +1,7 @@ #!/bin/bash set -e -export RESOURCE_PUBLISHING=True +export ADMIN_RESOURCE_PUBLISHING=True export ADMIN_MODERATE_UPLOADS=True export NOTIFICATION_ENABLED=True export MONITORING_ENABLED=False