shLdZdZdZddlmZmZmZmZddlm Z m Z ddl m Z m Z mZmZmZmZmZddlmZmZmZmZddlmZmZdd lmZdd lmZmZm Z m!Z!m"Z"Gd d e Z#y )zCopyright 2021, 3Lizz GPL version 3z info@3liz.org) QgsExpression QgsMapLayer QgsProjectQgsVectorLayer)QgsAccessControlFilterQgsServerInterface)get_lizmap_configget_lizmap_groupsget_lizmap_layer_login_filterget_lizmap_layers_configget_lizmap_override_filterget_lizmap_user_loginis_editing_context) ALL_FEATURES NO_FEATURESFilterByPolygon FilterType)Logger profiling)to_bool) BING_DOMAINBING_KEY GOOGLE_DOMAIN GOOGLE_KEYstrict_tos_checkc eZdZdeddffd Zdedeffd Zdede jffd Z deffd Z e ded edefd Zed ed ed ededef dZxZS)LizmapAccessControlFilter server_ifacereturnNct||||_tt|_tt |_tjd|j d|jy)NzLayerAccessControl : Google z, Bing ) super__init__ifacerr_strict_googler _strict_bingrinfo)selfr __class__s B/var/www/qgis-server/plugins/lizmap_server/lizmap_accesscontrol.pyr"z"LizmapAccessControlFilter.__init__$sY &! .z:,X6 243F3F2GwtO`O`Nabclayerctjd|j|tj}|r|St ||S)z; Return an additional subset string (typically SQL) filter zLizmap layerFilterSubsetString filter_type)rr&get_lizmap_layer_filterr SafeSqlQueryr!layerFilterSubsetString)r'r+ filter_expr(s r)r1z1LizmapAccessControlFilter.layerFilterSubsetString?sF 4511%ZE\E\1]  w.u55r*c t||}|j}tj}|j j }|jsj|jdjdk7rHtjd|d|jddx|_ x|_x|_|_|St#|}t%|}|j'}|j)dd|k7r$||d<t+||d <|j-||jdjd k(} | rL|jd jd k(r*|j j/j1|g|j3j5} t6| v} t8| v} | s| rtjd |dt;|j j=} | sV| r)|j> x|_ x|_x|_|_|S| r'|j@ x|_ x|_x|_|_|StC|dk(r| s| s|S| dj)dd}| rY|sWtEtFrHdx|_ x|_x|_|_tjHd|d|jKd|S| dj)dd}| rY|sWtEtLrHdx|_ x|_x|_|_tjHd|d|jKd|StO| }|s|S|jQ}| j)dr,|| dvr| d|r| d|}d}|j)drQ|djSd}|Dcgc]}|jU}}tC|dk7r|D] }||vsd} nd}nd}|red|vra|dr\| d|d}tW|d|_tW|d|_tYtW|dtW|dg|_nrdx|_x|_|_n\tjd |d!|d"dx|_x|_|_n*tjd#dx|_x|_|_||vs||stjd$||S||}d%|vs|d%stjd&||S|d%Dcgc]}|jU}}|D]%}||vstjd'|d(||cStjd)d*j[|d(|d|_ dx|_x|_|_|Scc}wcc}w)+z Return the layer rights serviceWMSzlayerPermission: Layer z is invalid in !F lizmap_userNlizmap_user_groupsWFSrequest GETFEATUREzLayer 'zD' has been detected as an external layer which might need a API key.roptions googleKeyz The layer 'zb' is protected by a licence, but the API key is not provided. Discarding the layer in the project .bingKey editionLayersacl,T capabilities createFeature deleteFeaturemodifyAttributemodifyGeometryz%No edition config defined for layer: z ()z"Lizmap config has no editionLayerszLizmap config has no layer: group_visibilityz&No Lizmap layer group visibility for: zGroup z* is in Lizmap layer group visibility for: zGroups z, ).r!layerPermissionsnamerinstancer#requestHandlerisValid parameterupperrr&fileNamecanRead canInsert canUpdate canDeleter rcustomVariablesgetlistsetCustomVariablesaccessControlsresolveFilterFeaturessourcelowerrrr configFilePathr$r%lenrrwarningbaseNamerr idsplitstripranyjoin)r'r+rights layer_nameprojectrequest_handlergroups user_login custom_varis_wfs datasource is_googleis_bingcfgapi_key cfg_layerslayer_id edit_layercan_edit group_editgedit_layer_cap cfg_layerrJr(s r)rKz*LizmapAccessControlFilter.layerPermissionsJs)%0ZZ\ %%'**335}}?#<#>- .* <(2J} %/3F|J+ ,  & &z 2!**95;;=F o// :@@BlR JJ % % ' = =ug F\\^))+ !Z/ +  KK'*-qr s  9 9 ;<^b^q^qZqqq!1qF4DvGWM^b^o^oZooo!1oF4DvGWM v;! Y'Mi.$$["5 W)9*)EV[ [FN [V- [0@6CS NNj\*((/(8(8(:';1> Mi.$$Y3 7'7'AV[ [FN [V- [0@6CS NNj\*((/(8(8(:';1> M.c2 M88: 77? #3//C4H4R 1(; !>>%(",E!2!8!8!=J5?!@!'')!@J!@:!+!'0A J+/0$( $H* <NA[&)%9(%CN%SN'.~o/N'OF$'.~o/N'OF$'*/@ AB/? @A,(F$NSRF$Rv'7&:J ;J ["AxNs V6+V;c4t |}t|jj }t |dk(r|St |jj}|s|St|}|s|Sd}|jD]I\}}d|vs|ds|dDcgc]}|j} }t | dk(r |ddk(rGd}n|r:t |dk(r |ddk(rydjtt|S|Scc}w)z! The key used to cache documents rFrJr>Tz@@)r!cacheKeyr r#rNr`r r_r itemsrergrYset) r'default_cache_keyrlrsruhas_group_visibilityl_namer|rzrJr(s r)rz"LizmapAccessControlFilter.cacheKeys7!G,.#4::#<#<#>? v;! $ $  9 9 ;<$ $.c2 $ $ %!+!1!1!3  FI!2)DV:W4==O3PQa Q Q#$)fQi2o#'   6{aF1IO99T#f+./ /  # Rs"Dr.ct|jjrtSt |jj}t |jj}t |dk(r|stSt|jj}|stSt|}|stS|j}||vrtS t|jj}t|jd|||} t} | jrp| js.t!j"dj%t&t&S|} | j)r t+|g} | j-| \} } | rt!j2d| t5||}|s | r| StSd|v}|rt7|dr | r| StS|d }t |d k(r.|dd k(r&|d k(r!t9j:|d }| r| d |S|S|j=||||j?j}| r| d |S|S#t.$rM} t!j0| t!j"dj%t&t&cYd} ~ Sd} ~ wwxYw)z/ Get lizmap layer filter based on login filter rfilter_by_polygonr-zOThe filter by polygon configuration is not valid. All features are hidden : {}z\An error occurred when trying to read the filtering by polygon. All features are hidden : {}Nz/The polygon filter subset string is not null : edition_onlyfilterAttributer~r>allz AND ) r r#rNrr rr`r r_r rLrrrX is_filteredis_validrcriticalformatris_filtered_by_usertuple subset_sql Exception log_exceptionr&r rrcreateFieldEqualityExpression_filter_by_login dataProvider)r'r+r.rlrmrsruriedition_contextfilter_polygon_configpolygon_filtergroups_or_user_ecfg_layer_login_filteris_edition_only attribute login_filters r)r/z1LizmapAccessControlFilter.get_lizmap_layer_filter*s &djj&?&?&A B #4::#<#<#>?*4::+D+D+FG  v;! J   9 9 ;< .c2  ZZ\ Z '  01J1J1LMO$3+,' % ! *N$002,557OO#VK02'& "((<<>%*J<%8N$9$D$D^$T!  KKI.IYZ ["?sJ!O%%% ),BB w'=n'MN%% *+<=  v;! q RJ"4D)FFyRWXL()|n== ,, "      % % '  $%U<.9 9_    # OOVK( *   s&BI242I22 K;AK=KKrrlloginprovidercg}t|dr|j|n t|}|jdg}tj|d}|D]}g}tj |} |j|d| |dk(r|j drtj |d} |j|d| tj d |} |j|d| tj d |d} |j|d| |jd j|d j|} | S) aH Build the string according to the filter by login configuration. :param cfg_layer_login_filter: The Lizmap Filter by login configuration. :param groups: List of groups for the current user :param login: The current user :param provider: The layer data provider ('postgres' for example) filterPrivaterrz = postgresallow_multiple_acl_valuesz,%z LIKE z%,z OR )rappendrYrquotedColumnRef quotedStringrXrg) rrlrrvalues value_filters quoted_fieldvaluefilters quoted_valuequoted_like_value layer_filters r)rz*LizmapAccessControlFilter._filter_by_loginsy )/: ; MM% &\F  e %445KL]5^_  7EG(55e:%*@*D*DE`*a$1$>$>%|$L!,v6G5HIJ%2$>$>E7|$L!,v6G5HIJ%2$>$>E7"~$N!,v6G5HIJ  W!5 6/ 74{{=1 r*)__name__ __module__ __qualname__rr"rstrr1rrLayerPermissionsrKrrrr/ staticmethoddictrr __classcell__)r(s@r)rr"sd%7dDd6 6^ 6 6kkk6L6]6]kZ1!#1!fh^h*hY\hhTCCuCSC\_CdgCCr*rN)$ __copyright__ __license__ __email__ qgis.corerrrr qgis.serverrrlizmap_server.corer r r r r rrlizmap_server.filter_by_polygonrrrrlizmap_server.loggerrrlizmap_server.toolsrlizmap_server.tos_definitionsrrrrrrr*r)rsW&   LLB 3'w 6wr*