Add handler for permissions workflow

geonode/resource/manager.py

@@ -45,7 +45,12 @@
 from geonode.thumbs.utils import ThumbnailAlgorithms
 from geonode.documents.tasks import create_document_thumbnail
 from geonode.security.permissions import PermSpecCompact, DATA_STYLABLE_RESOURCES_SUBTYPES
-from geonode.security.utils import perms_as_set, get_user_groups, skip_registered_members_common_group
+from geonode.security.utils import (
+    perms_as_set,
+    get_user_groups,
+    skip_registered_members_common_group,
+)
+from geonode.security.registry import permissions_registry
 
 from . import settings as rm_settings
 from .utils import update_resource, resourcebase_post_save
@@ -574,11 +579,12 @@ def set_permissions(
                     else:
                         _permissions = None
 
-                    # Fixup Advanced Workflow permissions
-                    _perm_spec = AdvancedSecurityWorkflowManager.get_permissions(
-                        _resource.uuid,
-                        instance=_resource,
-                        permissions=_permissions,
+                    """
+                    Align _perm_spec based on the permissions handlers
+                    """
+                    _perm_spec = permissions_registry.fixup_perms(
+                        _resource,
+                        _permissions,
                         created=created,
                         approval_status_changed=approval_status_changed,
                         group_status_changed=group_status_changed,

geonode/security/apps.py

@@ -22,3 +22,9 @@
 class GeoNodeSecurityAppConfig(AppConfig):
     name = "geonode.security"
     verbose_name = "GeoNode Security"
+
+    def ready(self):
+        super().ready()
+        from geonode.security.registry import permissions_registry
+
+        permissions_registry.init_registry()

geonode/security/handlers.py

@@ -0,0 +1,53 @@
+#########################################################################
+#
+# Copyright (C) 2024 OSGeo
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+#########################################################################
+from abc import ABC
+
+from geonode.security.utils import AdvancedSecurityWorkflowManager
+
+
+class BasePermissionsHandler(ABC):
+    """
+    Abstract permissions handler.
+    This is the base class, all the permissions instances should
+    inherit from this class.
+    All the flows that touches the permissions will use this class
+    (example advanced workflow)
+    """
+
+    @staticmethod
+    def fixup_perms(instance, perms_payload, *args, **kwargs):
+        return perms_payload
+
+
+class AdvancedWorkflowPermissionsHandler(BasePermissionsHandler):
+    """
+    Handler that takes care of adjusting the permissions for the advanced workflow
+    """
+
+    @staticmethod
+    def fixup_perms(instance, perms_payload, *args, **kwargs):
+        # Fixup Advanced Workflow permissions
+        return AdvancedSecurityWorkflowManager.get_permissions(
+            instance.uuid,
+            instance=instance,
+            permissions=perms_payload,
+            created=kwargs.get("created"),
+            approval_status_changed=kwargs.get("approval_status_changed"),
+            group_status_changed=kwargs.get("group_status_changed"),
+        )

geonode/security/registry.py

@@ -0,0 +1,62 @@
+#########################################################################
+#
+# Copyright (C) 2024 OSGeo
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+#########################################################################
+from django.conf import settings
+from django.utils.module_loading import import_string
+from geonode.security.handlers import BasePermissionsHandler
+
+
+class PermissionsHandlerRegistry:
+
+    REGISTRY = []
+
+    def init_registry(self):
+        self._register()
+        self.sanity_checks()
+
+    def add(self, module_path):
+        item = import_string(module_path)()
+        self.__check_item(item)
+        self.REGISTRY.append(item)
+
+    def _register(self):
+        for module_path in settings.PERMISSIONS_HANDLERS:
+            self.add(module_path)
+
+    def sanity_checks(self):
+        for item in self.REGISTRY:
+            self.__check_item(item)
+
+    def __check_item(self, item):
+        """
+        Ensure that the handler is a subclass of BasePermissionsHandler
+        """
+        if not isinstance(item, BasePermissionsHandler):
+            raise Exception(f"Handler {item} is not a subclass of BasePermissionsHandler")
+
+    def fixup_perms(self, instance, payload, *args, **kwargs):
+        for handler in self.REGISTRY:
+            payload = handler.fixup_perms(instance, payload, *args, **kwargs)
+        return payload
+
+    @classmethod
+    def get_registry(cls):
+        return PermissionsHandlerRegistry.REGISTRY
+
+
+permissions_registry = PermissionsHandlerRegistry()

geonode/settings.py

@@ -2327,3 +2327,6 @@ def get_geonode_catalogue_service():
 ]
 INSTALLED_APPS += ("geonode.assets",)
 GEONODE_APPS += ("geonode.assets",)
+
+
+PERMISSIONS_HANDLERS = ["geonode.security.handlers.AdvancedWorkflowPermissionsHandler"]