geonode.security.permissions
============================

.. py:module:: geonode.security.permissions

.. autoapi-nested-parse::

   Permissions will be managed according to a "compact" set:

   - view: view resource
   - download: view and download
   - edit: view download and edit (metadata, style, data)
   - manage: change permissions, delete resource, etc.

   The GET method will return:

   users:

   - username
   - first name
   - last name
   - permissions (view | download | edit | manage)

   organizations:

   - title
   - name
   - permissions (view | download | edit | manage)

   groups:

   - title
   - name
   - permissions (view | download | edit | manage)



Attributes
----------

.. autoapisummary::

   geonode.security.permissions.PERMISSIONS
   geonode.security.permissions.DOWNLOADABLE_RESOURCES
   geonode.security.permissions.DATA_EDITABLE_RESOURCES_SUBTYPES
   geonode.security.permissions.DATA_STYLABLE_RESOURCES_SUBTYPES
   geonode.security.permissions.READ_ONLY_AFFECTED_PERMISSIONS
   geonode.security.permissions.VIEW_PERMISSIONS
   geonode.security.permissions.DOWNLOAD_PERMISSIONS
   geonode.security.permissions.EDIT_PERMISSIONS
   geonode.security.permissions.BASIC_MANAGE_PERMISSIONS
   geonode.security.permissions.MANAGE_PERMISSIONS
   geonode.security.permissions.ADMIN_PERMISSIONS
   geonode.security.permissions.OWNER_PERMISSIONS
   geonode.security.permissions.DATASET_EDIT_DATA_PERMISSIONS
   geonode.security.permissions.DATASET_EDIT_STYLE_PERMISSIONS
   geonode.security.permissions.DATASET_ADMIN_PERMISSIONS
   geonode.security.permissions.SERVICE_PERMISSIONS
   geonode.security.permissions.DEFAULT_PERMISSIONS
   geonode.security.permissions.DEFAULT_PERMS_SPEC
   geonode.security.permissions.NONE_RIGHTS
   geonode.security.permissions.VIEW_RIGHTS
   geonode.security.permissions.DOWNLOAD_RIGHTS
   geonode.security.permissions.EDIT_RIGHTS
   geonode.security.permissions.MANAGE_RIGHTS
   geonode.security.permissions.OWNER_RIGHTS
   geonode.security.permissions.COMPACT_RIGHT_MODES
   geonode.security.permissions.PERM_SPEC_COMPACT_SCHEMA
   geonode.security.permissions._Binding
   geonode.security.permissions._User
   geonode.security.permissions._Group


Exceptions
----------

.. autoapisummary::

   geonode.security.permissions.BindingFailed


Classes
-------

.. autoapisummary::

   geonode.security.permissions.PermSpecConverterBase
   geonode.security.permissions.PermSpec
   geonode.security.permissions.PermSpecUserCompact
   geonode.security.permissions.PermSpecGroupCompact
   geonode.security.permissions.PermSpecCompact


Functions
---------

.. autoapisummary::

   geonode.security.permissions._to_extended_perms
   geonode.security.permissions._to_compact_perms
   geonode.security.permissions._binding
   geonode.security.permissions.get_compact_perms_list


Module Contents
---------------

.. py:data:: PERMISSIONS

.. py:data:: DOWNLOADABLE_RESOURCES
   :value: ['dataset', 'document']


.. py:data:: DATA_EDITABLE_RESOURCES_SUBTYPES
   :value: ['vector', 'vector_time']


.. py:data:: DATA_STYLABLE_RESOURCES_SUBTYPES
   :value: ['raster', 'vector', 'vector_time']


.. py:data:: READ_ONLY_AFFECTED_PERMISSIONS
   :value: ['add_resource']


.. py:data:: VIEW_PERMISSIONS
   :value: ['view_resourcebase']


.. py:data:: DOWNLOAD_PERMISSIONS
   :value: ['download_resourcebase']


.. py:data:: EDIT_PERMISSIONS
   :value: ['change_resourcebase', 'change_resourcebase_metadata']


.. py:data:: BASIC_MANAGE_PERMISSIONS
   :value: ['delete_resourcebase', 'change_resourcebase_permissions']


.. py:data:: MANAGE_PERMISSIONS

.. py:data:: ADMIN_PERMISSIONS

.. py:data:: OWNER_PERMISSIONS

.. py:data:: DATASET_EDIT_DATA_PERMISSIONS
   :value: ['change_dataset_data']


.. py:data:: DATASET_EDIT_STYLE_PERMISSIONS
   :value: ['change_dataset_style']


.. py:data:: DATASET_ADMIN_PERMISSIONS

.. py:data:: SERVICE_PERMISSIONS
   :value: ['add_service', 'delete_service', 'change_resourcebase_metadata', 'add_resourcebase_from_service']


.. py:data:: DEFAULT_PERMISSIONS
   :value: []


.. py:data:: DEFAULT_PERMS_SPEC

.. py:data:: NONE_RIGHTS
   :value: 'none'


.. py:data:: VIEW_RIGHTS
   :value: 'view'


.. py:data:: DOWNLOAD_RIGHTS
   :value: 'download'


.. py:data:: EDIT_RIGHTS
   :value: 'edit'


.. py:data:: MANAGE_RIGHTS
   :value: 'manage'


.. py:data:: OWNER_RIGHTS
   :value: 'owner'


.. py:data:: COMPACT_RIGHT_MODES

.. py:data:: PERM_SPEC_COMPACT_SCHEMA

.. py:function:: _to_extended_perms(perm: str, resource_type: str = None, resource_subtype: str = None, is_owner: bool = False) -> list

   Explode "compact" permissions into an "extended" set, accordingly to the schema below:

   - view: view resource
   - download: view and download
   - edit: view download and edit (metadata, style, data)
   - manage: change permissions, delete resource, etc.
   - owner: admin permissions


.. py:function:: _to_compact_perms(perms: list, resource_type: str = None, resource_subtype: str = None, is_owner: bool = False) -> str

   Compress standard permissions into a "compact" set, accordingly to the schema below:

   - view: view resource
   - download: view and download
   - edit: view download and edit (metadata, style, data)
   - manage: change permissions, delete resource, etc.
   - owner: admin permissions


.. py:data:: _Binding

.. py:data:: _User

.. py:data:: _Group

.. py:function:: _binding(name, expected=True, ro=True, binding=None)

.. py:exception:: BindingFailed

   Bases: :py:obj:`Exception`


   Something in the API has changed


.. py:class:: PermSpecConverterBase(json, resource, parent=None)

   Bases: :py:obj:`object`


   .. py:attribute:: _object_name
      :value: None



   .. py:attribute:: _resource


   .. py:attribute:: _parent


   .. py:method:: _bind_json(json)


   .. py:method:: _bind_custom_json(json)


   .. py:method:: _binding_failed(msg, args)


   .. py:method:: _to_json_object(deep=True, top_level=True)


   .. py:method:: _to_json_object_custom(json)


   .. py:method:: __repr__()


.. py:class:: PermSpec(json, resource, parent=None)

   Bases: :py:obj:`PermSpecConverterBase`


   .. py:attribute:: _object_name
      :value: 'perm_spec'



   .. py:attribute:: _bindings


   .. py:property:: compact
      Converts a standard and verbose 'perm_spec' into 'compact mode'.

      - This method also recognizes special/internal security groups, such as 'anonymous' and 'registered-members',
        and places their permissions in a specific node called 'groups'.
      - Every security group different from the former ones, associated with a GeoNode 'GroupProfile',
        will instead be placed in a node called 'organizations'.

      Example:

      .. code-block:: json

          {
              "users": [
                  {
                      "id": 1001,
                      "username": "afabiani",
                      "first_name": "",
                      "last_name": "",
                      "avatar": "",
                      "permissions": "manage",
                      "is_superuser": true,
                      "is_staff": false
                  }
              ],
              "organizations": [],
              "groups": [
                  {
                      "id": 3,
                      "title": "Registered Members",
                      "name": "registered-members",
                      "permissions": "edit"
                  },
                  {
                      "id": 2,
                      "title": "anonymous",
                      "name": "anonymous",
                      "permissions": "download"
                  }
              ]
          }


.. py:class:: PermSpecUserCompact(json, resource, parent=None)

   Bases: :py:obj:`PermSpecConverterBase`


   .. py:attribute:: _object_name
      :value: 'perm_spec_user_compact'



   .. py:attribute:: _bindings


.. py:class:: PermSpecGroupCompact(json, resource, parent=None)

   Bases: :py:obj:`PermSpecConverterBase`


   .. py:attribute:: _object_name
      :value: 'perm_spec_group_compact'



   .. py:attribute:: _bindings


.. py:class:: PermSpecCompact(json, resource, parent=None)

   Bases: :py:obj:`PermSpecConverterBase`


   .. py:attribute:: _object_name
      :value: 'perm_spec_compact'



   .. py:attribute:: _bindings


   .. py:method:: validate(perm_spec)
      :classmethod:



   .. py:property:: extended
      Converts a 'perm_spec' in 'compact mode' into a standard and verbose format.

      Example:

      .. code-block:: json

          {
              "groups": {
                  "<Group: registered-members>": [
                      "view_resourcebase",
                      "download_resourcebase",
                      "change_resourcebase"
                  ],
                  "<Group: anonymous>": [
                      "view_resourcebase"
                  ]
              },
              "users": {
                  "<Profile: AnonymousUser>": [
                      "view_resourcebase"
                  ],
                  "<Profile: afabiani>": [
                      "view_resourcebase",
                      "download_resourcebase",
                      "change_resourcebase_metadata",
                      "change_resourcebase",
                      "delete_resourcebase",
                      "change_resourcebase_permissions",
                      "publish_resourcebase"
                  ]
              }
          }


   .. py:method:: merge(perm_spec_compact_patch: PermSpecCompact)

      Merges 'perm_spec_compact_patch' to the current one.

      - Existing elements will be overridden.
      - Non existing elements will be added.
      - If you need to delete elements you cannot use this method.



.. py:function:: get_compact_perms_list(perms: list, resource_type: str = None, resource_subtype: str = None, is_owner: bool = False, is_none_allowed: bool = True, compact_perms_labels: dict = {}) -> list

   Transforms an extended "perm_spec" into a list of compact perms.