diff --git a/g3w-admin/qdjango/auth.py b/g3w-admin/qdjango/auth.py index d4bbfa259..accc7e789 100644 --- a/g3w-admin/qdjango/auth.py +++ b/g3w-admin/qdjango/auth.py @@ -12,26 +12,36 @@ def __init__(self, **kwargs): def auth_request(self, **kwargs): + anonymous_user = get_anonymous_user() + # Check for caching token - # TODO: create pluggable authentication layers + # ----------------------- if (len(set(settings.G3WADMIN_LOCAL_MORE_APPS).intersection(set(['caching', 'qmapproxy']))) > 0 and 'g3wsuite_caching_token' in self.request.GET and \ (settings.TILESTACHE_CACHE_TOKEN == self.request.GET['g3wsuite_caching_token'] or \ getattr('MAPPROXY_URL_TOKEN') == self.request.GET['g3wsuite_caching_token'])): return True - if self.request.user.has_perm('qdjango.view_project', self.project) or\ - get_anonymous_user().has_perm('qdjango.view_project', self.project): + # Check for user != Anonymous user + # User already authenticated (session, middleware, etc.) + if self.request.user != anonymous_user and self.request.user.has_perm('qdjango.view_project', self.project): return True else: - # try to authenticate by http basic authentication + + # Try to authenticate by HTTP Basic Authentication + # ------------------------------------------------ try: ba = BasicAuthentication() user, other = ba.authenticate(self.request) self.request.user = user return user.has_perm('qdjango.view_project', self.project) except Exception as e: - print(e) + + # Check for Anonymous user + # ------------------------- + if anonymous_user.has_perm('qdjango.view_project', self.project): + return True + pass raise AuthForbiddenRequest() diff --git a/g3w-admin/qdjango/tests/data/geodata/qgis_widget_test_data.gpkg b/g3w-admin/qdjango/tests/data/geodata/qgis_widget_test_data.gpkg index cfd75cf96..85299a068 100644 Binary files a/g3w-admin/qdjango/tests/data/geodata/qgis_widget_test_data.gpkg and b/g3w-admin/qdjango/tests/data/geodata/qgis_widget_test_data.gpkg differ diff --git a/g3w-admin/qdjango/tests/test_ows.py b/g3w-admin/qdjango/tests/test_ows.py index b3ee298ed..a00710c89 100644 --- a/g3w-admin/qdjango/tests/test_ows.py +++ b/g3w-admin/qdjango/tests/test_ows.py @@ -19,6 +19,7 @@ from qgis.PyQt.QtCore import QPoint from core.models import G3WSpatialRefSys from core.models import Group as CoreGroup +from guardian.shortcuts import get_anonymous_user from django.core.files import File from django.core.management import call_command from django.test import Client, override_settings @@ -179,7 +180,7 @@ def test_authorizzer(self): self.assertEqual(response.status_code, 403) - # give permission to user + # Give permission to user assign_perm('view_project', self.test_viewer1, self.qdjango_project) for l in self.qdjango_project.layer_set.all(): assign_perm("view_layer", self.test_viewer1, l) @@ -194,8 +195,8 @@ def test_authorizzer(self): c.logout() - # try basic authentication - # for viewer1 + # Try basic authentication for viewer1 + # ------------------------------------ c = Client(HTTP_AUTHORIZATION='Basic dmlld2VyMTp2aWV3ZXIx') response = c.get(ows_url, { 'REQUEST': 'GetCapabilities', @@ -249,6 +250,29 @@ def test_authorizzer(self): self.assertEqual(response.status_code, 200) self.assertTrue(b"world" in response.content) + c.logout() + + c = Client() + + # Test for Anonymous user + # ----------------------- + response = c.get(ows_url, { + 'REQUEST': 'GetCapabilities', + 'SERVICE': 'WMS' + }) + + self.assertEqual(response.status_code, 403) + + # Give permission to Anonympus user + assign_perm('view_project', get_anonymous_user(), self.qdjango_project) + + response = c.get(ows_url, { + 'REQUEST': 'GetCapabilities', + 'SERVICE': 'WMS' + }) + + self.assertEqual(response.status_code, 200) + def test_get_getfeatureinfo(self): """Test GetFeatureInfo for QGIS widget"""