[Fixes #13011] Return edit data permissions for remote layers (#13027)

mattiagiupponi · giohappy · web-flow · commit 1ac00768ebd8 · 2025-04-16T10:51:06.000+02:00
* [Fixes #13011] Return edit data permissions for remote layers * [Fixes #13011] Return edit data permissions for remote layers * Added comment to new permissions for remote layers --------- Co-authored-by: Giovanni Allegri <giohappy@gmail.com>
diff --git a/geonode/security/models.py b/geonode/security/models.py
@@ -372,17 +372,21 @@ def get_user_perms(self, user):
         def calculate_perms(instance, user):
             # To avoid circular import
             from geonode.base.models import Configuration
+            from geonode.layers.models import Dataset
 
             config = Configuration.load()
             ctype = ContentType.objects.get_for_model(instance)
             ctype_resource_base = ContentType.objects.get_for_model(instance.get_self_resource())
 
             PERMISSIONS_TO_FETCH = VIEW_PERMISSIONS + DOWNLOAD_PERMISSIONS + ADMIN_PERMISSIONS + SERVICE_PERMISSIONS
             # include explicit permissions appliable to "subtype == 'vector'"
-            if instance.subtype in ["vector", "vector_time"]:
-                PERMISSIONS_TO_FETCH += DATASET_ADMIN_PERMISSIONS
-            elif instance.subtype == "raster":
+
+            if instance.subtype == "raster":
                 PERMISSIONS_TO_FETCH += DATASET_EDIT_STYLE_PERMISSIONS
+            elif isinstance(instance.get_real_instance(), Dataset):
+                # remote layers are included, since https://github.com/GeoNode/geonode/issues/13011
+                # introduces an "optimistic" approach to editing remote layers
+                PERMISSIONS_TO_FETCH += DATASET_ADMIN_PERMISSIONS
 
             resource_perms = Permission.objects.filter(
                 codename__in=PERMISSIONS_TO_FETCH, content_type_id__in=[ctype.id, ctype_resource_base.id]
diff --git a/geonode/security/permissions.py b/geonode/security/permissions.py
@@ -67,7 +67,7 @@
 
 DOWNLOADABLE_RESOURCES = ["dataset", "document"]
 
-DATA_EDITABLE_RESOURCES_SUBTYPES = ["vector", "vector_time"]
+DATA_EDITABLE_RESOURCES_SUBTYPES = ["vector", "vector_time", "remote"]
 
 DATA_STYLABLE_RESOURCES_SUBTYPES = ["raster", "vector", "vector_time"]
 
diff --git a/geonode/security/tests.py b/geonode/security/tests.py
@@ -1757,6 +1757,23 @@ def test_admin_whitelisted_access_middleware(self):
             middleware.process_request(request)
             self.assertTrue(request.user.is_superuser)
 
+    def test_remote_dataset_must_have_change_dataset_data_permission(self):
+        """
+        Ref GeoNode#13011
+        Remote dataset should have "change_dataset_data" permission
+        """
+        dataset = create_single_dataset("remote_dataset")
+        dataset.subtype = "remote"
+        dataset.save()
+        url = reverse("datasets-detail", args=[dataset.id])
+        self.client.force_login(dataset.owner)
+        response = self.client.get(url)
+
+        perms = response.json().get("dataset", {}).get("perms", {})
+        self.assertNotEqual(perms, {})
+
+        self.assertIn("change_dataset_data", perms)
+
 
 class SecurityRulesTests(TestCase):
     """
