Add check for anonymous user in LayerAclAccessControFilter QGIS serve…

…r filter. (#666) Co-authored-by: wlorenzetti <[email protected]>
g3w-suite · Nov 22, 2023 · 4e0cc56 · 4e0cc56
1 parent 3bf61d6
commit 4e0cc56
Showing 1 changed file with 5 additions and 2 deletions.
diff --git a/g3w-admin/qdjango/server_filters/accesscontrol/layer_acl.py b/g3w-admin/qdjango/server_filters/accesscontrol/layer_acl.py
@@ -10,7 +10,7 @@
 __copyright__ = "Copyright 2015 - 2023, Gis3w"
 __license__ = "MPL 2.0"
 
-from guardian.shortcuts import get_perms
+from guardian.shortcuts import get_perms, get_anonymous_user
 from qgis.server import QgsAccessControlFilter
 from qgis.core import QgsMessageLog, Qgis
 from qdjango.apps import QGS_SERVER
@@ -32,7 +32,10 @@ def layerPermissions(self, layer):
                 project=QGS_SERVER.project, qgs_layer_id=layer.id())
 
             # Check permission
-            perms = get_perms(QGS_SERVER.user, qdjango_layer)
+            perms = list(
+                set(get_perms(QGS_SERVER.user, qdjango_layer)) |
+                set(get_perms(get_anonymous_user(), qdjango_layer))
+            )
             rights.canRead = "view_layer" in perms
             rights.canInsert = "add_layer" in perms
             rights.canUpdate = "change_layer" in perms