From 4e0cc56b366d5e2851d67d118c95fe5b1b21ea3c Mon Sep 17 00:00:00 2001
From: Walter Lorenzetti <lorenzetti@gis3w.it>
Date: Wed, 22 Nov 2023 09:12:57 +0100
Subject: [PATCH] Add check for anonymous user in LayerAclAccessControFilter
 QGIS server filter. (#666)

Co-authored-by: wlorenzetti <lorenzett@gis3w.it>
---
 .../qdjango/server_filters/accesscontrol/layer_acl.py      | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/g3w-admin/qdjango/server_filters/accesscontrol/layer_acl.py b/g3w-admin/qdjango/server_filters/accesscontrol/layer_acl.py
index 0aa90bbf6..2d03f71fd 100644
--- a/g3w-admin/qdjango/server_filters/accesscontrol/layer_acl.py
+++ b/g3w-admin/qdjango/server_filters/accesscontrol/layer_acl.py
@@ -10,7 +10,7 @@
 __copyright__ = "Copyright 2015 - 2023, Gis3w"
 __license__ = "MPL 2.0"
 
-from guardian.shortcuts import get_perms
+from guardian.shortcuts import get_perms, get_anonymous_user
 from qgis.server import QgsAccessControlFilter
 from qgis.core import QgsMessageLog, Qgis
 from qdjango.apps import QGS_SERVER
@@ -32,7 +32,10 @@ def layerPermissions(self, layer):
                 project=QGS_SERVER.project, qgs_layer_id=layer.id())
 
             # Check permission
-            perms = get_perms(QGS_SERVER.user, qdjango_layer)
+            perms = list(
+                set(get_perms(QGS_SERVER.user, qdjango_layer)) |
+                set(get_perms(get_anonymous_user(), qdjango_layer))
+            )
             rights.canRead = "view_layer" in perms
             rights.canInsert = "add_layer" in perms
             rights.canUpdate = "change_layer" in perms