U TGˆh“Lã@s¼dZdZdZddlmZmZmZmZddlm Z m Z ddl m Z m Z mZmZmZmZmZddlmZmZmZmZddlmZmZdd lmZdd lmZmZm Z m!Z!m"Z"Gd d „d e ƒZ#d S)zCopyright 2021, 3Lizz GPL version 3z info@3liz.orgé)Ú QgsExpressionÚ QgsMapLayerÚ QgsProjectÚQgsVectorLayer)ÚQgsAccessControlFilterÚQgsServerInterface)Úget_lizmap_configÚget_lizmap_groupsÚget_lizmap_layer_login_filterÚget_lizmap_layers_configÚget_lizmap_override_filterÚget_lizmap_user_loginÚis_editing_context)Ú ALL_FEATURESÚ NO_FEATURESÚFilterByPolygonÚ FilterType)ÚLoggerÚ profiling)Úto_bool)Ú BING_DOMAINÚBING_KEYÚ GOOGLE_DOMAINÚ GOOGLE_KEYÚstrict_tos_checkcseZdZeddœ‡fdd„ Zeedœ‡fdd„ Zee j dœ‡fdd „ Z ed œ‡fd d „ Z e eeed œdd„ƒZeeeeeedœdd„ƒZ‡ZS)ÚLizmapAccessControlFilterN)Ú server_ifaceÚreturncsDtƒ |¡||_ttƒ|_ttƒ|_t  d|j›d|j›¡dS)NzLayerAccessControl : Google z, Bing ) ÚsuperÚ__init__ÚifacerrÚ_strict_googlerÚ _strict_bingrÚinfo)Úselfr©Ú __class__©úD/var/www/lizmap/lizmap/plugins/lizmap_server/lizmap_accesscontrol.pyr$s    z"LizmapAccessControlFilter.__init__)Úlayerrcs.t d¡|j|tjd}|r"|Stƒ |¡S)z; Return an additional subset string (typically SQL) filter zLizmap layerFilterSubsetString©Ú filter_type)rr#Úget_lizmap_layer_filterrZ SafeSqlQueryrÚlayerFilterSubsetString)r$r)Ú filter_expr%r'r(r-?s  z1LizmapAccessControlFilter.layerFilterSubsetStringcs°tƒ |¡}| ¡}t ¡}|j ¡}| ¡sx| d¡  ¡dkrxt   d|›d|  ¡›d¡d|_ |_|_|_|St|ƒ}t|ƒ}| ¡}| dd¡|kr¾||d<t|ƒ|d <| |¡| d¡  ¡d k} | rø| d ¡  ¡d krø|j ¡ |g¡| ¡ ¡} t| k} t| k} | s | r2t   d |›d¡t|j ¡ƒ} | s| rj|j |_ |_|_|_n"| rŒ|j |_ |_|_|_|St!|ƒdkr®| s®| s®|S| d dd¡}| r |s t"t#ƒr d|_ |_|_|_t  $d|›d| %¡›d¡|S| d dd¡}| rj|sjt"t&ƒrjd|_ |_|_|_t  $d|›d| %¡›d¡|St'| ƒ}|s||S| (¡}|  d¡r¾|| dkr’| d|r’| d|}d}| d¡r|d )d¡}dd„|Dƒ}t!|ƒdkr|D]}||kröd}qönd}nd}|r~d|kr~|dr~| d|d}t*|dƒ|_t*|dƒ|_t+t*|d ƒt*|d!ƒgƒ|_nd|_|_|_n*t   d"|›d#|›d$¡d|_|_|_nt   d%¡d|_|_|_||ksî||st   d&|›¡|S||}d'|ks|d's2t   d(|›¡|Sd)d„|d'Dƒ}|D].}||krHt   d*|›d+|›¡|SqHt   d,d- ,|¡›d+|›¡d|_ d|_|_|_|S).z Return the layer rights ÚserviceÚWMSzlayerPermission: Layer z is invalid in ú!FÚ lizmap_userNÚlizmap_user_groupsZWFSÚrequestZ GETFEATUREzLayer 'zD' has been detected as an external layer which might need a API key.rÚoptionsZ googleKeyÚz The layer 'zb' is protected by a licence, but the API key is not provided. Discarding the layer in the project Ú.ZbingKeyZ editionLayersZaclú,cSsg|] }| ¡‘qSr'©Ústrip©Ú.0Úgr'r'r(Ú ¨sz>LizmapAccessControlFilter.layerPermissions..TÚ capabilitiesZ createFeatureÚ deleteFeatureZmodifyAttributeZmodifyGeometryz%No edition config defined for layer: z (ú)z"Lizmap config has no editionLayerszLizmap config has no layer: Úgroup_visibilityz&No Lizmap layer group visibility for: cSsg|] }| ¡‘qSr'r9r;r'r'r(r>äszGroup z* is in Lizmap layer group visibility for: zGroups z, )-rÚlayerPermissionsÚnamerÚinstancer ÚrequestHandlerÚisValidÚ parameterÚupperrr#ÚfileNameZcanReadZ canInsertZ canUpdateZ canDeleter r ÚcustomVariablesÚgetÚlistÚsetCustomVariablesÚaccessControlsZresolveFilterFeaturesÚsourceÚlowerrrrÚconfigFilePathr!r"ÚlenrrÚwarningÚbaseNamerr ÚidÚsplitrÚanyÚjoin)r$r)ÚrightsÚ layer_nameÚprojectÚrequest_handlerÚgroupsÚ user_loginÚ custom_varZis_wfsZ datasourceZ is_googleZis_bingÚcfgZapi_keyÚ cfg_layersÚlayer_idZ edit_layerZcan_editZ group_editr=Zedit_layer_capÚ cfg_layerrBr%r'r(rCJsÄ      ÿÿ       þ ÿ  ÿ ÿz*LizmapAccessControlFilter.layerPermissions)rc sàtƒ ¡}t|j ¡ƒ}t|ƒdkr(|St|j ¡ƒ}|s>|St|ƒ}|sN|Sd}|  ¡D]N\}}d|ksZ|dstqZdd„|dDƒ}t|ƒdkr |ddkr qZd}qªqZ|rÜt|ƒdkrÊ|ddkrÊd Sd   t t |ƒƒ¡S|S) z! The key used to cache documents rFrBcSsg|] }| ¡‘qSr'r9r;r'r'r(r>sz6LizmapAccessControlFilter.cacheKey..ér6Tz@@) rÚcacheKeyr r rFrSrrRr ÚitemsrYrMÚset) r$Zdefault_cache_keyr^rarbZhas_group_visibilityZl_namerdrBr%r'r(rf÷s0  z"LizmapAccessControlFilter.cacheKey)r)r+rc Cst|j ¡ƒrtSt|j ¡ƒ}t|j ¡ƒ}t|ƒdkrB|sBtSt|j ¡ƒ}|sXtSt |ƒ}|shtS|  ¡}||kr|tSzvt |j ¡ƒ}t |  d¡|||d} t} |  ¡rð|  ¡sÌt d t¡¡tWS|} |  ¡rât|gƒ} |  | ¡\} } WnFtk r8} z&t | ¡t d t¡¡tWY¢Sd} ~ XYnX| rPt d| ›¡t||ƒ}|sn| rj| StSd|k}|r˜t|dƒr˜| r”| StS|d }t|ƒd krê|dd krê|d krêt |d ¡}| ræ| ›d |›S|S| |||| ¡  ¡¡}| r| ›d |›S|S)z/ Get lizmap layer filter based on login filter rZfilter_by_polygonr*zOThe filter by polygon configuration is not valid. All features are hidden : {}z\An error occurred when trying to read the filtering by polygon. All features are hidden : {}Nz/The polygon filter subset string is not null : Z edition_onlyÚfilterAttributerer6Úallz AND ) r r rFrr r rSrrRr rDrrrLZ is_filteredZis_validrÚcriticalÚformatrZis_filtered_by_userÚtupleZ subset_sqlÚ ExceptionÚ log_exceptionr#r rrÚcreateFieldEqualityExpressionÚ_filter_by_loginÚ dataProvider)r$r)r+r^r_rarbr[Zedition_contextZfilter_polygon_configZpolygon_filterZgroups_or_userÚ_ÚeÚcfg_layer_login_filterZis_edition_onlyÚ attributeZ login_filterr'r'r(r,*sŽüÿÿ  ÿÿ &  üz1LizmapAccessControlFilter.get_lizmap_layer_filter)rur^ÚloginÚproviderrc Cs g}t|dƒr| |¡nt|ƒ}| d¡g}t |d¡}|D]¶}g}t |¡} | |›d| ›¡|dkrê| d¡rêt |›d¡} | |›d| ›¡t d |›¡} | |›d| ›¡t d |›d¡} | |›d| ›¡| d  |¡¡qDd  |¡} | S) aH Build the string according to the filter by login configuration. :param cfg_layer_login_filter: The Lizmap Filter by login configuration. :param groups: List of groups for the current user :param login: The current user :param provider: The layer data provider ('postgres' for example) Ú filterPrivaterjriz = ZpostgresZallow_multiple_acl_valuesz,%z LIKE z%,z OR )rÚappendrMrZquotedColumnRefZ quotedStringrLrY) rur^rwrxÚvaluesZ value_filtersZ quoted_fieldÚvalueÚfiltersZ quoted_valueZquoted_like_valueZ layer_filterr'r'r(rq•s*      z*LizmapAccessControlFilter._filter_by_login)Ú__name__Ú __module__Ú __qualname__rrrÚstrr-rrÚLayerPermissionsrCrfrrr,Ú staticmethodÚdictrmrqÚ __classcell__r'r'r%r(r"s .3jrN)$Ú __copyright__Ú __license__Ú __email__Ú qgis.corerrrrÚ qgis.serverrrÚlizmap_server.corerr r r r r rZlizmap_server.filter_by_polygonrrrrÚlizmap_server.loggerrrÚlizmap_server.toolsrZlizmap_server.tos_definitionsrrrrrrr'r'r'r(Ús$