geonode.security.permissions

Permissions will be managed according to a “compact” set:

• view: view resource

• download: view and download

• edit: view download and edit (metadata, style, data)

• manage: change permissions, delete resource, etc.

The GET method will return:

users:

• username

• first name

• last name

• permissions (view | download | edit | manage)

organizations:

• title

• name

• permissions (view | download | edit | manage)

groups:

• title

• name

• permissions (view | download | edit | manage)

Attributes

PERMISSIONS
DOWNLOADABLE_RESOURCES
DATA_EDITABLE_RESOURCES_SUBTYPES
DATA_STYLABLE_RESOURCES_SUBTYPES
READ_ONLY_AFFECTED_PERMISSIONS
VIEW_PERMISSIONS
DOWNLOAD_PERMISSIONS
EDIT_PERMISSIONS
BASIC_MANAGE_PERMISSIONS
MANAGE_PERMISSIONS
ADMIN_PERMISSIONS
OWNER_PERMISSIONS
DATASET_EDIT_DATA_PERMISSIONS
DATASET_EDIT_STYLE_PERMISSIONS
DATASET_ADMIN_PERMISSIONS
SERVICE_PERMISSIONS
DEFAULT_PERMISSIONS
DEFAULT_PERMS_SPEC
NONE_RIGHTS
VIEW_RIGHTS
DOWNLOAD_RIGHTS
EDIT_RIGHTS
MANAGE_RIGHTS
OWNER_RIGHTS
COMPACT_RIGHT_MODES
PERM_SPEC_COMPACT_SCHEMA
_Binding
_User
_Group

Exceptions

BindingFailed

Something in the API has changed

Classes

PermSpecConverterBase
PermSpec
PermSpecUserCompact
PermSpecGroupCompact
PermSpecCompact

Functions

_to_extended_perms(→ list)	Explode "compact" permissions into an "extended" set, accordingly to the schema below:
_to_compact_perms(→ str)	Compress standard permissions into a "compact" set, accordingly to the schema below:
_binding(name[, expected, ro, binding])
get_compact_perms_list(→ list)	Transforms an extended "perm_spec" into a list of compact perms.

Module Contents

geonode.security.permissions.PERMISSIONS

geonode.security.permissions.DOWNLOADABLE_RESOURCES = ['dataset', 'document']

geonode.security.permissions.DATA_EDITABLE_RESOURCES_SUBTYPES = ['vector', 'vector_time']

geonode.security.permissions.DATA_STYLABLE_RESOURCES_SUBTYPES = ['raster', 'vector', 'vector_time']

geonode.security.permissions.READ_ONLY_AFFECTED_PERMISSIONS = ['add_resource']

geonode.security.permissions.VIEW_PERMISSIONS = ['view_resourcebase']

geonode.security.permissions.DOWNLOAD_PERMISSIONS = ['download_resourcebase']

geonode.security.permissions.EDIT_PERMISSIONS = ['change_resourcebase', 'change_resourcebase_metadata']

geonode.security.permissions.BASIC_MANAGE_PERMISSIONS = ['delete_resourcebase', 'change_resourcebase_permissions']

geonode.security.permissions.MANAGE_PERMISSIONS

geonode.security.permissions.ADMIN_PERMISSIONS

geonode.security.permissions.OWNER_PERMISSIONS

geonode.security.permissions.DATASET_EDIT_DATA_PERMISSIONS = ['change_dataset_data']

geonode.security.permissions.DATASET_EDIT_STYLE_PERMISSIONS = ['change_dataset_style']

geonode.security.permissions.DATASET_ADMIN_PERMISSIONS

geonode.security.permissions.SERVICE_PERMISSIONS = ['add_service', 'delete_service', 'change_resourcebase_metadata', 'add_resourcebase_from_service']

geonode.security.permissions.DEFAULT_PERMISSIONS = []

geonode.security.permissions.DEFAULT_PERMS_SPEC

geonode.security.permissions.NONE_RIGHTS = 'none'

geonode.security.permissions.VIEW_RIGHTS = 'view'

geonode.security.permissions.DOWNLOAD_RIGHTS = 'download'

geonode.security.permissions.EDIT_RIGHTS = 'edit'

geonode.security.permissions.MANAGE_RIGHTS = 'manage'

geonode.security.permissions.OWNER_RIGHTS = 'owner'

geonode.security.permissions.COMPACT_RIGHT_MODES

geonode.security.permissions.PERM_SPEC_COMPACT_SCHEMA

geonode.security.permissions._to_extended_perms(perm: str, resource_type: str = None, resource_subtype: str = None, is_owner: bool = False) → list

Explode “compact” permissions into an “extended” set, accordingly to the schema below:

• view: view resource

• download: view and download

• edit: view download and edit (metadata, style, data)

• manage: change permissions, delete resource, etc.

• owner: admin permissions

geonode.security.permissions._to_compact_perms(perms: list, resource_type: str = None, resource_subtype: str = None, is_owner: bool = False) → str

Compress standard permissions into a “compact” set, accordingly to the schema below:

• view: view resource

• download: view and download

• edit: view download and edit (metadata, style, data)

• manage: change permissions, delete resource, etc.

• owner: admin permissions

geonode.security.permissions._Binding

geonode.security.permissions._User

geonode.security.permissions._Group

geonode.security.permissions._binding(name, expected=True, ro=True, binding=None)

exception geonode.security.permissions.BindingFailed

Bases: Exception

Something in the API has changed

class geonode.security.permissions.PermSpecConverterBase(json, resource, parent=None)

Bases: object

_object_name = None

_resource

_parent

_bind_json(json)

_bind_custom_json(json)

_binding_failed(msg, args)

_to_json_object(deep=True, top_level=True)

_to_json_object_custom(json)

__repr__()

class geonode.security.permissions.PermSpec(json, resource, parent=None)

Bases: PermSpecConverterBase

_object_name = 'perm_spec'

_bindings

property compact

Converts a standard and verbose 'perm_spec' into 'compact mode'.

• This method also recognizes special/internal security groups, such as ‘anonymous’ and ‘registered-members’, and places their permissions in a specific node called ‘groups’.

• Every security group different from the former ones, associated with a GeoNode ‘GroupProfile’, will instead be placed in a node called ‘organizations’.

Example:

{
    "users": [
        {
            "id": 1001,
            "username": "afabiani",
            "first_name": "",
            "last_name": "",
            "avatar": "",
            "permissions": "manage",
            "is_superuser": true,
            "is_staff": false
        }
    ],
    "organizations": [],
    "groups": [
        {
            "id": 3,
            "title": "Registered Members",
            "name": "registered-members",
            "permissions": "edit"
        },
        {
            "id": 2,
            "title": "anonymous",
            "name": "anonymous",
            "permissions": "download"
        }
    ]
}

class geonode.security.permissions.PermSpecUserCompact(json, resource, parent=None)

Bases: PermSpecConverterBase

_object_name = 'perm_spec_user_compact'

_bindings

class geonode.security.permissions.PermSpecGroupCompact(json, resource, parent=None)

Bases: PermSpecConverterBase

_object_name = 'perm_spec_group_compact'

_bindings

class geonode.security.permissions.PermSpecCompact(json, resource, parent=None)

Bases: PermSpecConverterBase

_object_name = 'perm_spec_compact'

_bindings

classmethod validate(perm_spec)

property extended

Converts a 'perm_spec' in 'compact mode' into a standard and verbose format.

Example:

{
    "groups": {
        "<Group: registered-members>": [
            "view_resourcebase",
            "download_resourcebase",
            "change_resourcebase"
        ],
        "<Group: anonymous>": [
            "view_resourcebase"
        ]
    },
    "users": {
        "<Profile: AnonymousUser>": [
            "view_resourcebase"
        ],
        "<Profile: afabiani>": [
            "view_resourcebase",
            "download_resourcebase",
            "change_resourcebase_metadata",
            "change_resourcebase",
            "delete_resourcebase",
            "change_resourcebase_permissions",
            "publish_resourcebase"
        ]
    }
}

merge(perm_spec_compact_patch: PermSpecCompact)

Merges ‘perm_spec_compact_patch’ to the current one.

• Existing elements will be overridden.

• Non existing elements will be added.

• If you need to delete elements you cannot use this method.

geonode.security.permissions.get_compact_perms_list(perms: list, resource_type: str = None, resource_subtype: str = None, is_owner: bool = False, is_none_allowed: bool = True, compact_perms_labels: dict = {}) → list

Transforms an extended “perm_spec” into a list of compact perms.