Skip to content

Commit

Permalink
Fix incorrect logic when computing queryable permissions
Browse files Browse the repository at this point in the history
  • Loading branch information
@manisandro
manisandro committed Apr 11, 2024
1 parent 17777e0 commit e416d8b
Showing 1 changed file with 30 additions and 30 deletions.
60 changes: 30 additions & 30 deletions src/config_generator/feature_info_service_config.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -285,8 +285,6 @@ def additional_wms_permissions(self, role, session):
# collect info layer permissions for each info service
available_info_layers = self.available_info_layers(session)
for info_service, info_layers in available_info_layers.items():
queryable = True

# lookup permissions
if self.permissions_default_allow:
info_service_restricted_for_public = info_service in \
Expand All @@ -308,45 +306,47 @@ def additional_wms_permissions(self, role, session):
info_service in role_permissions['maps']:
info_service_permitted_for_role = True

if (
info_service_restricted_for_public
and not info_service_permitted_for_role
):
continue

# NOTE: use ordered keys
wms_service = OrderedDict()
wms_service['name'] = info_service

# collect info layers
layers = []
for info_layer, info_attributes in info_layers.items():
# lookup permissions
if self.permissions_default_allow:
info_layer_restricted_for_public = info_layer in \
public_restrictions['info_layers'].get(info_service, {}) or \
info_layer in public_restrictions['layers'].get(info_service, {})
else:
info_layer_restricted_for_public = info_layer not in \
public_permissions['info_layers'].get(info_service, {}) and \
info_layer not in public_permissions['layers'].get(info_service, {})

info_layer_permitted_for_role = info_layer in \
role_permissions['info_layers'].get(info_service, {})

# Special case: if layer is restricted for public and info_layer not explicitly permitted,
# but info_layer is default_allow and layer resource is permitted, allow
if not info_layer_permitted_for_role and \
self.permissions_default_allow and \
info_layer not in public_restrictions['info_layers'].get(info_service, {}) and \
info_layer in role_permissions['layers'].get(info_service, {}):
info_layer_permitted_for_role = True

queryable = True
if (
info_layer_restricted_for_public
and not info_layer_permitted_for_role
info_service_restricted_for_public
and not info_service_permitted_for_role
):
queryable = False
else:
# lookup permissions
if self.permissions_default_allow:
info_layer_restricted_for_public = info_layer in \
public_restrictions['info_layers'].get(info_service, {}) or \
info_layer in public_restrictions['layers'].get(info_service, {})
else:
info_layer_restricted_for_public = info_layer not in \
public_permissions['info_layers'].get(info_service, {}) and \
info_layer not in public_permissions['layers'].get(info_service, {})

info_layer_permitted_for_role = info_layer in \
role_permissions['info_layers'].get(info_service, {})

# Special case: if layer is restricted for public and info_layer not explicitly permitted,
# but info_layer is default_allow and layer resource is permitted, allow
if not info_layer_permitted_for_role and \
self.permissions_default_allow and \
info_layer not in public_restrictions['info_layers'].get(info_service, {}) and \
info_layer in role_permissions['layers'].get(info_service, {}):
info_layer_permitted_for_role = True

if (
info_layer_restricted_for_public
and not info_layer_permitted_for_role
):
queryable = False

# NOTE: use ordered keys
wms_layer = OrderedDict()
Expand Down

0 comments on commit e416d8b

Please sign in to comment.