Skip to content

Commit

Permalink
Migration 1.9.0-1: recalculate GS security rules.
Browse files Browse the repository at this point in the history
  • Loading branch information
index-git committed Jan 7, 2021
1 parent d857971 commit 31b1130
Show file tree
Hide file tree
Showing 3 changed files with 59 additions and 4 deletions.
3 changes: 2 additions & 1 deletion src/layman/upgrade/__init__.py
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,8 @@


DATA_MIGRATIONS = [
((1, 9, 0), [upgrade_v1_9.initialize_data_versioning, ]),
((1, 9, 0), [upgrade_v1_9.initialize_data_versioning,
upgrade_v1_9.geoserver_everyone_rights_repair]),
]


Expand Down
23 changes: 20 additions & 3 deletions src/layman/upgrade/upgrade_v1_9.py
Original file line number Diff line number Diff line change
@@ -1,14 +1,16 @@
import logging

from layman import settings
from layman.common.prime_db_schema import util as db_util
from layman.layer import LAYER_TYPE
from layman.common import geoserver as gs_common
from layman.common.prime_db_schema import util as db_util, publications
DB_SCHEMA = settings.LAYMAN_PRIME_SCHEMA

logger = logging.getLogger(__name__)


def initialize_data_versioning():
logger.info(f' Starting data versioning initialization')
logger.info(f' Starting - data versioning initialization')

sql_create_table = f'''CREATE TABLE IF NOT EXISTS {DB_SCHEMA}.data_version
(
Expand All @@ -29,4 +31,19 @@ def initialize_data_versioning():
sql_insert = f'''insert into {DB_SCHEMA}.data_version (major_version, minor_version, patch_version, migration) values (1, 9, 0, 0);'''
db_util.run_statement(sql_insert)

logger.info(f' Data versioning initialization DONE')
logger.info(f' DONE - data versioning initialization')


# repair for issue #200
def geoserver_everyone_rights_repair():
logger.info(f' Starting - access rights EVERYONE is not propagated to GeoServer for authenticated users')
publication_infos = publications.get_publication_infos(pub_type=LAYER_TYPE)
for (workspace, publication_type, publication_name), info in publication_infos.items():
for right_type in ['read', 'write']:
users_roles = info['access_rights'][right_type]
security_roles = gs_common.layman_users_to_geoserver_roles(users_roles)
logger.info(f' Setting security roles for: ({workspace}/{publication_name}).{right_type} '
f'to ({security_roles}) from layman roles ({users_roles})')
gs_common.ensure_layer_security_roles(workspace, publication_name, security_roles, right_type[0], settings.LAYMAN_GS_AUTH)

logger.info(f' DONE - access rights EVERYONE is not propagated to GeoServer for authenticated users')
37 changes: 37 additions & 0 deletions src/layman/upgrade/upgrade_v1_9_test.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
import pytest

from . import upgrade_v1_9
from layman import settings, app
from layman.common import geoserver as gs_common
from test import process_client
DB_SCHEMA = settings.LAYMAN_PRIME_SCHEMA

auth = settings.LAYMAN_GS_AUTH


def assert_roles(workspace,
layer,
expected_roles):
for right_type in ['read', 'write']:
rule = f'{workspace}.{layer}.{right_type[0]}'
roles = gs_common.get_security_roles(rule, auth)
assert roles == expected_roles


@pytest.mark.usefixtures('ensure_layman')
def test_geoserver_everyone_rights_repair():
workspace = 'test_geoserver_everyone_rights_repair_workspace'
layer = 'test_geoserver_everyone_rights_repair_layer'
expected_roles1 = {'ROLE_ANONYMOUS'}
expected_roles2 = {'ROLE_ANONYMOUS', 'ROLE_AUTHENTICATED'}

process_client.publish_layer(workspace, layer)
for right_type in ['read', 'write']:
gs_common.ensure_layer_security_roles(workspace, layer, expected_roles1, right_type[0], auth)

assert_roles(workspace, layer, expected_roles1)

with app.app_context():
upgrade_v1_9.geoserver_everyone_rights_repair()

assert_roles(workspace, layer, expected_roles2)

0 comments on commit 31b1130

Please sign in to comment.