[Fixes #13965] Assign resource ownership to administrator during resource creation configurable via settings

[sijandh35]

Fixes #13965

Checklist

Reviewing is a process done by project maintainers, mostly on a volunteer basis. We try to keep the overhead as small as possible and appreciate if you help us to do so by completing the following items. Feel free to ask in a comment if you have troubles with any of them.

For all pull requests:

• Confirm you have read the contribution guidelines
• You have sent a Contribution Licence Agreement (CLA) as necessary (not required for small changes, e.g., fixing typos in the documentation)
• Make sure the first PR targets the master branch, eventual backports will be managed later. This can be ignored if the PR is fixing an issue that only happens in a specific branch, but not in newer ones.

The following are required only for core and extension modules (they are welcomed, but not required, for contrib modules):

• There is a ticket in https://github.com/GeoNode/geonode/issues describing the issue/improvement/feature (a notable exemption is, changes not visible to end-users)
• The issue connected to the PR must have Labels and Milestone assigned
• PR for bug fixes and small new features are presented as a single commit
• PR title must be in the form "[Fixes #<issue_number>] Title of the PR"
• New unit tests have been added covering the changes, unless there is an explanation on why the tests are not necessary/implemented

Submitting the PR does not require you to check all items, but by the time it gets merged, they should be either satisfied or inapplicable.

[gemini-code-assist]

Summary of Changes

Hello @sijandh35, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request addresses issue #13965 by introducing a new feature that allows GeoNode administrators to configure automatic assignment of resource ownership to a designated administrator account during resource creation. This change provides greater control over resource management, while also ensuring that the original uploader maintains necessary permissions to manage their contributions. The implementation includes new settings, a utility function for owner resolution, and a dedicated permission handler to manage access rights effectively.

Highlights

• Configurable Resource Ownership: Introduced new Django settings, AUTO_ASSIGN_RESOURCE_OWNERSHIP_TO_ADMIN and RESOURCE_OWNERSHIP_ADMIN_USERNAME, allowing administrators to configure automatic assignment of resource ownership to a specific admin user upon creation.
• Resource Owner Resolution Logic: Implemented a new utility function, resolve_resource_owner, which determines the appropriate owner for a resource based on the new settings, falling back to a superuser or the original uploader if the configured admin is invalid or unavailable.
• Preservation of Uploader Permissions: Added a new permission handler, AutoAssignResourceOwnershipHandler, to ensure that the original user who uploads a resource retains 'manage' permissions, even if the resource's ownership is automatically assigned to an administrator.
• Integration into Resource Creation: Integrated the new ownership resolution and permission handling logic into the document and map creation APIs and views, ensuring consistent application of the configurable ownership policy.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Changelog

• geonode/documents/api/views.py
  • Imported resolve_resource_owner utility.
  • Modified perform_create to use resolve_resource_owner for setting the resource owner.
  • Updated set_default_permissions call to pass the resolved owner and the initial user.
• geonode/documents/views.py
  • Imported resolve_resource_owner utility.
  • Modified form_valid to use resolve_resource_owner for setting the resource owner in various creation scenarios.
  • Updated set_default_permissions call to pass the resolved owner and the initial user.
• geonode/maps/api/views.py
  • Imported settings and resolve_resource_owner.
  • Modified perform_create to use resolve_resource_owner for setting the map owner.
  • Conditionally applied resource_manager.set_permissions based on AUTO_ASSIGN_RESOURCE_OWNERSHIP_TO_ADMIN setting, passing the resolved owner and initial user.
• geonode/resource/manager.py
  • Imported resolve_resource_owner utility.
  • Modified set_permissions method signature to accept arbitrary keyword arguments (**kwargs).
  • Updated create method to use resolve_resource_owner for determining the resource owner and to pass initial_user to set_default_permissions.
  • Modified internal set_permissions calls to pass kwargs through.
• geonode/resource/utils.py
  • Imported get_user_model.
  • Added a new function resolve_resource_owner to determine the resource owner based on AUTO_ASSIGN_RESOURCE_OWNERSHIP_TO_ADMIN and RESOURCE_OWNERSHIP_ADMIN_USERNAME settings, with fallback logic.
• geonode/security/handlers.py
  • Imported _to_extended_perms and MANAGE_RIGHTS.
  • Added a new class AutoAssignResourceOwnershipHandler with a fixup_perms static method to ensure the initial uploader retains 'manage' permissions when ownership is auto-assigned.
• geonode/security/models.py
  • Modified set_default_permissions method signature to accept arbitrary keyword arguments (**kwargs).
  • Updated the call to resource_manager.set_permissions to pass kwargs through.
• geonode/settings.py
  • Imported logging and initialized a logger.
  • Defined new settings AUTO_ASSIGN_RESOURCE_OWNERSHIP_TO_ADMIN and RESOURCE_OWNERSHIP_ADMIN_USERNAME based on environment variables, including default values and warning messages.
  • Registered the new geonode.security.handlers.AutoAssignResourceOwnershipHandler in PERMISSIONS_HANDLERS.

Activity

• The author confirmed reading the contribution guidelines.
• The author confirmed sending a Contribution Licence Agreement (CLA) as necessary.
• The author confirmed that a ticket (Assign resource ownership to administrator during resource creation configurable via settings #13965) exists in the GeoNode issues tracker describing the improvement.
• The author ensured the PR title follows the required format '[Fixes #<issue_number>] Title of the PR'.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request introduces a configurable setting to assign resource ownership to an administrator upon creation. The changes are spread across multiple files to handle this new logic. Overall, the implementation is good, but I've found a few issues related to conditional logic that could lead to bugs if the new setting is disabled. I've also identified a potential KeyError in one of the new handlers. My review comments provide specific suggestions to address these points.

[gemini-code-assist]

The call to _resource.set_default_permissions is conditional on the AUTO_ASSIGN_RESOURCE_OWNERSHIP_TO_ADMIN setting. If this setting is False, no default permissions will be set for newly created resources via resource_manager.create. This is a critical bug. The if condition should be removed, and set_default_permissions should be called unconditionally.

                _resource.set_default_permissions(owner=resolved_owner, created=True, initial_user=initial_user)

[sijandh35]

The condition is needed only for the auto-assign feature (AUTO_ASSIGN_RESOURCE_OWNERSHIP_TO_ADMIN=True) to set uploader manage permissions passing initial_user.
When the setting is False, the normal intial flow still sets default permissions through set_missing_info() -> set_default_permissions(owner=user).

[gemini-code-assist]

The call to resource_manager.set_permissions is inside a conditional block that checks AUTO_ASSIGN_RESOURCE_OWNERSHIP_TO_ADMIN. This means if the setting is False, no permissions will be set on map creation, which is a bug. This call should be unconditional and should use instance.set_default_permissions for consistency with other parts of the codebase.

        instance.set_default_permissions(owner=resolved_owner, created=True, initial_user=self.request.user)

[sijandh35]

Updated using instance.set_default_permissions, but the condition remains, which is used only when AUTO_ASSIGN_RESOURCE_OWNERSHIP_TO_ADMIN = True to set uploader manage permissions by passing initial_user. When False, it works as default,how permissions were previously handled through _post_change_routines.

[codecov]

Codecov Report

❌ Patch coverage is 93.78882% with 10 lines in your changes missing coverage. Please review.
✅ Project coverage is 74.31%. Comparing base (a3959be) to head (7c223c2).
⚠️ Report is 28 commits behind head on master.

Additional details and impacted files

@@            Coverage Diff             @@
##           master   #13970      +/-   ##
==========================================
+ Coverage   74.24%   74.31%   +0.07%     
==========================================
  Files         947      950       +3     
  Lines       56620    56952     +332     
  Branches     7675     7723      +48     
==========================================
+ Hits        42038    42326     +288     
- Misses      12892    12925      +33     
- Partials     1690     1701      +11     

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.