From 472a3d60ceb7f1927f421a5e0185068b3ddcfe0a Mon Sep 17 00:00:00 2001 From: wlorenzetti Date: Wed, 27 Nov 2024 10:56:45 +0100 Subject: [PATCH 1/2] Filter fields by user --- g3w-admin/editing/receivers.py | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/g3w-admin/editing/receivers.py b/g3w-admin/editing/receivers.py index f61f7700f..e6ddd15e2 100644 --- a/g3w-admin/editing/receivers.py +++ b/g3w-admin/editing/receivers.py @@ -455,5 +455,18 @@ def set_editing_visible_status(**kwargs): } }) + # Filter fields by user + if kwargs['sender'].request.user: + visiblefields = kwargs["layer"].visible_fields_for_user(kwargs['sender'].request.user) + toremove = [] + for f in kwargs['vector_params']['fields']: + if f['name'] not in visiblefields: + toremove.append(kwargs['vector_params']['fields'].index(f)) + + if toremove: + for i in toremove: + del kwargs['vector_params']['fields'][i] + + except: return None From dacea518d224b4fc279983f08cf27b6f4517d9f1 Mon Sep 17 00:00:00 2001 From: wlorenzetti Date: Wed, 27 Nov 2024 12:20:48 +0100 Subject: [PATCH 2/2] Move filter fields by user to general api. Add test. --- g3w-admin/core/api/base/views.py | 12 +++++++++ g3w-admin/editing/receivers.py | 13 --------- g3w-admin/qdjango/tests/test_column_acl.py | 31 ++++++++++++++++++++++ 3 files changed, 43 insertions(+), 13 deletions(-) diff --git a/g3w-admin/core/api/base/views.py b/g3w-admin/core/api/base/views.py index 297189904..c9f2391d7 100644 --- a/g3w-admin/core/api/base/views.py +++ b/g3w-admin/core/api/base/views.py @@ -428,6 +428,18 @@ def response_config_mode(self, request): 'fields': fields, } + # Filter fields by user + if self.request.user: + visiblefields = self.layer.visible_fields_for_user(self.request.user) + if len(visiblefields) != len(vector_params['fields']): + newfields = [] + for f in vector_params['fields']: + if f['name'] in visiblefields: + newfields.append(f) + + if newfields: + vector_params['fields'] = newfields + # post_create_maplayerattributes signal post_create_maplayerattributes.send( self, layer=self.layer, vector_params=vector_params) diff --git a/g3w-admin/editing/receivers.py b/g3w-admin/editing/receivers.py index e6ddd15e2..f61f7700f 100644 --- a/g3w-admin/editing/receivers.py +++ b/g3w-admin/editing/receivers.py @@ -455,18 +455,5 @@ def set_editing_visible_status(**kwargs): } }) - # Filter fields by user - if kwargs['sender'].request.user: - visiblefields = kwargs["layer"].visible_fields_for_user(kwargs['sender'].request.user) - toremove = [] - for f in kwargs['vector_params']['fields']: - if f['name'] not in visiblefields: - toremove.append(kwargs['vector_params']['fields'].index(f)) - - if toremove: - for i in toremove: - del kwargs['vector_params']['fields'][i] - - except: return None diff --git a/g3w-admin/qdjango/tests/test_column_acl.py b/g3w-admin/qdjango/tests/test_column_acl.py index 315269ee3..d4a5c6cad 100644 --- a/g3w-admin/qdjango/tests/test_column_acl.py +++ b/g3w-admin/qdjango/tests/test_column_acl.py @@ -288,6 +288,22 @@ def test_vector_api(self): self.assertIsNotNone(record['AREA']) self.assertIsNotNone(record['SOURCETHM']) + # Test for /api/vector/config + response = self._testApiCallAdmin01( + 'core-vector-api', [ + 'config', + 'qdjango', + self.world.project.pk, + self.world.qgis_layer.id()]) + + resp = json.loads(response.content) + + fields = [f['name'] for f in resp['vector']['fields']] + + self.assertTrue('AREA' in fields) + self.assertTrue('SOURCETHM' in fields) + + acl = ColumnAcl(layer=self.world, user=self.test_user1, restricted_fields=['AREA', 'SOURCETHM']) acl.save() @@ -306,6 +322,21 @@ def test_vector_api(self): self.assertIsNone(record['AREA']) self.assertIsNone(record['SOURCETHM']) + # Test for /api/vector/config + response = self._testApiCallAdmin01( + 'core-vector-api', [ + 'config', + 'qdjango', + self.world.project.pk, + self.world.qgis_layer.id()]) + + resp = json.loads(response.content) + + fields = [f['name'] for f in resp['vector']['fields']] + + self.assertFalse('AREA' in fields) + self.assertFalse('SOURCETHM' in fields) + # Test for download API # -------------------------------------------------