- fix thumbs and gf rules

geonode/geoserver/helpers.py

@@ -1788,6 +1788,9 @@ def _prepare_thumbnail_body_from_opts(request_body):
     from geonode.utils import (_v,
                                bbox_to_projection,
                                bounds_to_zoom_level)
+    if isinstance(request_body, basestring):
+        request_body = json.loads(request_body)
+
     # Defaults
     _img_src_template = """<img src='{ogc_location}'
     style='width: {width}px; height: {height}px;

geonode/layers/views.py

@@ -91,7 +91,8 @@
 from .tasks import delete_layer
 
 if check_ogc_backend(geoserver.BACKEND_PACKAGE):
-    from geonode.geoserver.helpers import _render_thumbnail
+    from geonode.geoserver.helpers import (_render_thumbnail,
+                                           _prepare_thumbnail_body_from_opts)
 if check_ogc_backend(qgis_server.BACKEND_PACKAGE):
     from geonode.qgis_server.models import QGISServerLayer
 CONTEXT_LOG_FILE = ogc_server_settings.LOG_FILE
@@ -1384,7 +1385,11 @@ def layer_thumbnail(request, layername):
                     request.body)['image'].split(';base64,')
                 image = base64.b64decode(image)
             else:
-                image = _render_thumbnail(request.body)
+                image = None
+                try:
+                    image = _prepare_thumbnail_body_from_opts(request.body)
+                except BaseException:
+                    image = _render_thumbnail(request.body)
 
             if not image:
                 return

geonode/security/models.py

@@ -28,6 +28,7 @@
 from .utils import (get_users_with_perms,
                     set_owner_permissions,
                     set_geofence_all,
+                    purge_geofence_layer_rules,
                     sync_geofence_with_guardian,
                     remove_object_permissions)
 
@@ -168,6 +169,8 @@ def set_permissions(self, perm_spec):
         }
         """
         remove_object_permissions(self)
+        if settings.OGC_SERVER['default'].get("GEOFENCE_SECURITY_ENABLED", False):
+            purge_geofence_layer_rules(self)
 
         # default permissions for resource owner
         set_owner_permissions(self)

geonode/security/tests.py

@@ -207,43 +207,43 @@ def test_perm_specs_synchronization(self):
         # Reset GeoFence Rules
         purge_geofence_all()
         geofence_rules_count = get_geofence_rules_count()
-        self.assertTrue(geofence_rules_count == 0)
+        self.assertEquals(geofence_rules_count, 0)
 
         perm_spec = {'users': {'AnonymousUser': []}}
         layer.set_permissions(perm_spec)
         geofence_rules_count = get_geofence_rules_count()
         _log("1. geofence_rules_count: %s " % geofence_rules_count)
-        self.assertTrue(geofence_rules_count == 1)
+        self.assertEquals(geofence_rules_count, 1)
 
         perm_spec = {
             "users": {"admin": ["view_resourcebase"]}, "groups": {}}
         layer.set_permissions(perm_spec)
         geofence_rules_count = get_geofence_rules_count()
         _log("2. geofence_rules_count: %s " % geofence_rules_count)
-        self.assertTrue(geofence_rules_count == 4)
+        self.assertEquals(geofence_rules_count, 4)
 
         perm_spec = {'users': {"admin": ['change_layer_data']}}
         layer.set_permissions(perm_spec)
         geofence_rules_count = get_geofence_rules_count()
         _log("3. geofence_rules_count: %s " % geofence_rules_count)
-        self.assertTrue(geofence_rules_count == 2)
+        self.assertEquals(geofence_rules_count, 2)
 
         perm_spec = {'groups': {'bar': ['view_resourcebase']}}
         layer.set_permissions(perm_spec)
         geofence_rules_count = get_geofence_rules_count()
         _log("4. geofence_rules_count: %s " % geofence_rules_count)
-        self.assertTrue(geofence_rules_count == 8)
+        self.assertEquals(geofence_rules_count, 4)
 
         perm_spec = {'groups': {'bar': ['change_resourcebase']}}
         layer.set_permissions(perm_spec)
         geofence_rules_count = get_geofence_rules_count()
         _log("5. geofence_rules_count: %s " % geofence_rules_count)
-        self.assertTrue(geofence_rules_count == 2)
+        self.assertEquals(geofence_rules_count, 1)
 
         # Reset GeoFence Rules
         purge_geofence_all()
         geofence_rules_count = get_geofence_rules_count()
-        self.assertTrue(geofence_rules_count == 0)
+        self.assertEquals(geofence_rules_count, 0)
 
     @on_ogc_backend(geoserver.BACKEND_PACKAGE)
     def test_layer_permissions(self):

geonode/security/utils.py

@@ -431,9 +431,6 @@ def sync_geofence_with_guardian(layer, perms, user=None, group=None):
     """
     Sync Guardian permissions to GeoFence.
     """
-    # Cleanup old rules first
-    purge_geofence_layer_rules(layer.get_self_resource())
-
     # Create new rule-set
     gf_services = {}
     gf_services["*"] = 'view_resourcebase' in perms or 'change_layer_style' in perms
@@ -444,18 +441,24 @@ def sync_geofence_with_guardian(layer, perms, user=None, group=None):
     gf_services["WCS"] = ('download_resourcebase' in perms or 'change_layer_data' in perms) \
         and not layer.is_vector()
     gf_services["WPS"] = 'download_resourcebase' or 'change_layer_data' in perms
+
+    _user = None
+    if user:
+        _user = user if isinstance(user, basestring) else user.username
+    _group = None
+    if group:
+        _group = group if isinstance(group, basestring) else group.name
     for service, allowed in gf_services.iteritems():
         if allowed:
-            if user:
-                logger.debug("Adding to geofence the rule: %s %s %s" % (layer, service, user))
-                _user = user if isinstance(user, basestring) else user.username
+            if _user:
+                logger.debug("Adding 'user' to geofence the rule: %s %s %s" % (layer, service, _user))
                 _update_geofence_rule(layer.name, layer.workspace, service, user=_user)
-            else:
+            elif not _group:
                 logger.debug("Adding to geofence the rule: %s %s *" % (layer, service))
                 _update_geofence_rule(layer.name, layer.workspace, service)
-            if group:
-                logger.debug("Adding to geofence the rule: %s %s %s" % (layer, service, user))
-                _group = group if isinstance(group, basestring) else group.name
+
+            if _group:
+                logger.debug("Adding 'group' to geofence the rule: %s %s %s" % (layer, service, _group))
                 _update_geofence_rule(layer.name, layer.workspace, service, group=_group)
     if not settings.DELAYED_SECURITY_SIGNALS:
         set_geofence_invalidate_cache()