-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
User defined permissions will break the permissions exposed by the API #12639
Comments
@giohappy @mattiagiupponi the solution seems as easy as doing # return constant names defined by GeoNode
#perms = [PERMISSIONS[db_perm] for db_perm in group_perms]
perms = group_perms
Do you want me to create a PR for it? However, looking at the whole method geonode/geonode/people/models.py Lines 199 to 216 in 677c578
it seems that staff users do not get extra permissions at all. Is this intended? |
Interesting ! |
BTW: The
This quick guess omits the actual mapping. However, I created a PR which adds all permissions (even for admin and staff). |
@ridoo I think it's fine to include custom permissions here. |
Expected Behavior
Create and add custom permissions to a user (via group) does not have any effect on handling user permissions.
Actual Behavior
Adding new permissions to a user, which are not known by GeoNode, raises an exception while mapping permissions in
people/models.py#perms
. As a result the API skips theperms
attribute completely. With the API skipping that attribute, geonode-mapstore-client sees no permissions given to a user. For example a user who has actual contributor permissions, will not have the ability to (for example) add new resources.Steps to Reproduce the Problem
See my discussion about custom permissions to reproduce.
1001
) to contributor group/api/v2/users/1001
containsperms
attribute/api/v2/users/1001
is missingperms
attributeSpecifications
The text was updated successfully, but these errors were encountered: