diff --git a/geonode/base/api/views.py b/geonode/base/api/views.py index b45b16e1e22..54ebee6a29b 100644 --- a/geonode/base/api/views.py +++ b/geonode/base/api/views.py @@ -634,7 +634,7 @@ def resource_service_permissions(self, request, pk): url_name="set-thumb-from-bbox", methods=["post"], permission_classes=[ - IsAuthenticated, UserHasPerms + IsAuthenticated, UserHasPerms(perms_dict={"default": {"POST": ["base.add_resourcebase"]}}) ]) def set_thumbnail_from_bbox(self, request, resource_id): import traceback @@ -784,7 +784,7 @@ def resource_service_ingest(self, request, resource_type: str = None): url_name="resource-service-create", methods=["post"], permission_classes=[ - IsAuthenticated, UserHasPerms + IsAuthenticated, UserHasPerms(perms_dict={"default": {"POST": ["base.add_resourcebase"]}}) ]) def resource_service_create(self, request, resource_type: str = None): """Instructs the Async dispatcher to execute a 'CREATE' operation @@ -1185,7 +1185,7 @@ def resource_service_copy(self, request, pk): url_name="ratings", methods=['post', 'get'], permission_classes=[ - IsAuthenticatedOrReadOnly, UserHasPerms + IsAuthenticatedOrReadOnly, UserHasPerms(perms_dict={"default": {"POST": ["base.add_resourcebase"]}}) ]) def ratings(self, request, pk): resource = get_object_or_404(ResourceBase, pk=pk) @@ -1304,7 +1304,7 @@ def set_thumbnail(self, request, pk): detail=True, methods=["get", "put", "delete", "post"], permission_classes=[ - IsOwnerOrAdmin, UserHasPerms + IsOwnerOrAdmin, UserHasPerms(perms_dict={"default": {"POST": ["base.add_resourcebase"]}}) ], url_path=r"extra_metadata", # noqa url_name="extra-metadata", diff --git a/geonode/geoapps/api/views.py b/geonode/geoapps/api/views.py index 6dc0595f0ec..21b11c404ec 100644 --- a/geonode/geoapps/api/views.py +++ b/geonode/geoapps/api/views.py @@ -42,7 +42,7 @@ class GeoAppViewSet(DynamicModelViewSet): """ http_method_names = ['get', 'patch', 'post', 'put'] authentication_classes = [SessionAuthentication, BasicAuthentication, OAuth2Authentication] - permission_classes = [IsAuthenticatedOrReadOnly, UserHasPerms] + permission_classes = [IsAuthenticatedOrReadOnly, UserHasPerms(perms_dict={"default": {"POST": ["base.add_resourcebase"]}})] filter_backends = [ DynamicFilterBackend, DynamicSortingFilter, DynamicSearchFilter, ExtentFilter, GeoAppPermissionsFilter diff --git a/geonode/layers/api/views.py b/geonode/layers/api/views.py index 3cfc5eb9e56..d38093c894d 100644 --- a/geonode/layers/api/views.py +++ b/geonode/layers/api/views.py @@ -55,7 +55,7 @@ class DatasetViewSet(DynamicModelViewSet): """ http_method_names = ['get', 'patch', 'put'] authentication_classes = [SessionAuthentication, BasicAuthentication, OAuth2Authentication] - permission_classes = [IsAuthenticatedOrReadOnly, UserHasPerms] + permission_classes = [IsAuthenticatedOrReadOnly, UserHasPerms(perms_dict={"default": {"POST": ["base.add_resourcebase"]}})] filter_backends = [ DynamicFilterBackend, DynamicSortingFilter, diff --git a/geonode/maps/api/views.py b/geonode/maps/api/views.py index ca33839ed34..49ad6627169 100644 --- a/geonode/maps/api/views.py +++ b/geonode/maps/api/views.py @@ -54,7 +54,7 @@ class MapViewSet(DynamicModelViewSet): http_method_names = ['get', 'patch', 'post', 'put'] authentication_classes = [SessionAuthentication, BasicAuthentication, OAuth2Authentication] - permission_classes = [IsAuthenticatedOrReadOnly, UserHasPerms] + permission_classes = [IsAuthenticatedOrReadOnly, UserHasPerms(perms_dict={"default": {"POST": ["base.add_resourcebase"]}})] filter_backends = [ DynamicFilterBackend, DynamicSortingFilter,