diff --git a/g3w-admin/qdjango/auth.py b/g3w-admin/qdjango/auth.py
index d4bbfa259..accc7e789 100644
--- a/g3w-admin/qdjango/auth.py
+++ b/g3w-admin/qdjango/auth.py
@@ -12,26 +12,36 @@ def __init__(self, **kwargs):
def auth_request(self, **kwargs):
+ anonymous_user = get_anonymous_user()
+
# Check for caching token
- # TODO: create pluggable authentication layers
+ # -----------------------
if (len(set(settings.G3WADMIN_LOCAL_MORE_APPS).intersection(set(['caching', 'qmapproxy']))) > 0
and 'g3wsuite_caching_token' in self.request.GET and \
(settings.TILESTACHE_CACHE_TOKEN == self.request.GET['g3wsuite_caching_token'] or \
getattr('MAPPROXY_URL_TOKEN') == self.request.GET['g3wsuite_caching_token'])):
return True
- if self.request.user.has_perm('qdjango.view_project', self.project) or\
- get_anonymous_user().has_perm('qdjango.view_project', self.project):
+ # Check for user != Anonymous user
+ # User already authenticated (session, middleware, etc.)
+ if self.request.user != anonymous_user and self.request.user.has_perm('qdjango.view_project', self.project):
return True
else:
- # try to authenticate by http basic authentication
+
+ # Try to authenticate by HTTP Basic Authentication
+ # ------------------------------------------------
try:
ba = BasicAuthentication()
user, other = ba.authenticate(self.request)
self.request.user = user
return user.has_perm('qdjango.view_project', self.project)
except Exception as e:
- print(e)
+
+ # Check for Anonymous user
+ # -------------------------
+ if anonymous_user.has_perm('qdjango.view_project', self.project):
+ return True
+
pass
raise AuthForbiddenRequest()
diff --git a/g3w-admin/qdjango/tests/test_ows.py b/g3w-admin/qdjango/tests/test_ows.py
index b3ee298ed..a00710c89 100644
--- a/g3w-admin/qdjango/tests/test_ows.py
+++ b/g3w-admin/qdjango/tests/test_ows.py
@@ -19,6 +19,7 @@
from qgis.PyQt.QtCore import QPoint
from core.models import G3WSpatialRefSys
from core.models import Group as CoreGroup
+from guardian.shortcuts import get_anonymous_user
from django.core.files import File
from django.core.management import call_command
from django.test import Client, override_settings
@@ -179,7 +180,7 @@ def test_authorizzer(self):
self.assertEqual(response.status_code, 403)
- # give permission to user
+ # Give permission to user
assign_perm('view_project', self.test_viewer1, self.qdjango_project)
for l in self.qdjango_project.layer_set.all():
assign_perm("view_layer", self.test_viewer1, l)
@@ -194,8 +195,8 @@ def test_authorizzer(self):
c.logout()
- # try basic authentication
- # for viewer1
+ # Try basic authentication for viewer1
+ # ------------------------------------
c = Client(HTTP_AUTHORIZATION='Basic dmlld2VyMTp2aWV3ZXIx')
response = c.get(ows_url, {
'REQUEST': 'GetCapabilities',
@@ -249,6 +250,29 @@ def test_authorizzer(self):
self.assertEqual(response.status_code, 200)
self.assertTrue(b"<Name>world</Name>" in response.content)
+ c.logout()
+
+ c = Client()
+
+ # Test for Anonymous user
+ # -----------------------
+ response = c.get(ows_url, {
+ 'REQUEST': 'GetCapabilities',
+ 'SERVICE': 'WMS'
+ })
+
+ self.assertEqual(response.status_code, 403)
+
+ # Give permission to Anonympus user
+ assign_perm('view_project', get_anonymous_user(), self.qdjango_project)
+
+ response = c.get(ows_url, {
+ 'REQUEST': 'GetCapabilities',
+ 'SERVICE': 'WMS'
+ })
+
+ self.assertEqual(response.status_code, 200)
+
def test_get_getfeatureinfo(self):
"""Test GetFeatureInfo for QGIS widget"""