PnX-SI · jacquesfize · Jan 5, 2024 · May 24, 2023 · Dec 13, 2023 · Dec 14, 2023
diff --git a/.github/workflows/cypress.yml b/.github/workflows/cypress.yml
@@ -81,6 +81,7 @@ jobs:
           add_sample_data: true
           install_sig_layers: true
           install_grid_layer_5: true
+          install_grid_layer_10: true
           install_ref_sensitivity: true
         # FRONTEND
       - name: Cache node modules

diff --git a/.github/workflows/pytest.yml b/.github/workflows/pytest.yml
@@ -48,12 +48,6 @@ jobs:
           --health-retries 5
 
     steps:
-      - name: Add postgis_raster database extension
-        if: ${{ matrix.postgis-version >= 3 }}
-        run: |
-          psql -h localhost -U geonatadmin -d geonature2db -tc 'CREATE EXTENSION "postgis_raster";'
-        env:
-          PGPASSWORD: geonatpasswd
       - uses: actions/checkout@v4
         with:
           submodules: true
@@ -104,6 +98,7 @@ jobs:
           add_sample_data: true
           install_sig_layers: true
           install_grid_layer_5: true
+          install_grid_layer_10: true
           install_ref_sensitivity: true
       - name: Show database status
         run: |

diff --git a/backend/dependencies/UsersHub-authentification-module b/backend/dependencies/UsersHub-authentification-module
diff --git a/backend/geonature/core/gn_commons/schemas.py b/backend/geonature/core/gn_commons/schemas.py
@@ -52,8 +52,9 @@ class Meta:
         model = TValidations
         load_instance = True
         include_fk = True
-        validation_label = fields.Nested(NomenclatureSchema, dump_only=True)
-        validator_role = MA.Nested(UserSchema, dump_only=True)
+
+    validation_label = fields.Nested(NomenclatureSchema, dump_only=True)
+    validator_role = MA.Nested(UserSchema, dump_only=True)
 
 
 class BibWidgetSchema(MA.SQLAlchemyAutoSchema):

diff --git a/backend/geonature/core/gn_meta/schemas.py b/backend/geonature/core/gn_meta/schemas.py
@@ -13,6 +13,10 @@
 from geonature.utils.schema import CruvedSchemaMixin
 from geonature.core.gn_commons.models import TModules
 from geonature.core.gn_commons.schemas import ModuleSchema
+
+# Note: import of SourceSchema is importent as it trigger import of synthese models
+# which define TDatasets.sources & TDatasets.synthese_records_count, and these must be
+# defined before AutoSchema creation to be known by marshmallow!
 from geonature.core.gn_synthese.schemas import SourceSchema
 from geonature.core.gn_permissions.tools import get_scopes_by_action
 

diff --git a/backend/geonature/core/gn_permissions/admin.py b/backend/geonature/core/gn_permissions/admin.py
@@ -11,6 +11,7 @@
 from sqlalchemy import select
 
 from geonature.utils.env import db
+from geonature.utils.config import config
 from geonature.core.admin.admin import admin
 from geonature.core.admin.utils import CruvedProtectedMixin, DynamicOptionsMixin
 from geonature.core.gn_permissions.models import (
@@ -356,7 +357,10 @@ class PermissionAdmin(CruvedProtectedMixin, ModelView):
         "role.nom_complet": "nom du rôle",
         "availability": "Permission",
         "scope": "Filtre sur l'appartenance des données",
-        "sensitivity_filter": "Exclure les données sensibles",
+        "sensitivity_filter": (
+            "Flouter" if config["SYNTHESE"]["BLUR_SENSITIVE_OBSERVATIONS"] else "Exclure"
+        )
+        + " les données sensibles",
     }
     column_select_related_list = ("availability",)
     column_searchable_list = ("role.identifiant", "role.nom_complet")

diff --git a/backend/geonature/core/gn_synthese/models.py b/backend/geonature/core/gn_synthese/models.py
@@ -12,6 +12,7 @@
     joinedload,
     contains_eager,
     deferred,
+    query_expression,
 )
 from sqlalchemy.sql import select, func, exists
 from sqlalchemy.schema import FetchedValue
@@ -20,7 +21,7 @@
 from geoalchemy2.shape import to_shape
 
 from geojson import Feature
-from flask import g
+from flask import g, current_app
 import flask_sqlalchemy
 from utils_flask_sqla.models import qfilter
 
@@ -414,6 +415,7 @@
     the_geom_4326_geojson = column_property(func.ST_AsGeoJSON(the_geom_4326), deferred=True)
     the_geom_point = deferred(DB.Column(Geometry("GEOMETRY", 4326)))
     the_geom_local = deferred(DB.Column(Geometry("GEOMETRY")))
+    the_geom_authorized = query_expression()
     precision = DB.Column(DB.Integer)
     id_area_attachment = DB.Column(DB.Integer, ForeignKey(LAreas.id_area))
     date_min = DB.Column(DB.DateTime, nullable=False)
@@ -455,13 +457,23 @@
             return True
 
     def _has_permissions_grant(self, permissions):
+        blur_sensitive_observations = current_app.config["SYNTHESE"]["BLUR_SENSITIVE_OBSERVATIONS"]
         if not permissions:
             return False
         for perm in permissions:
             if perm.has_other_filters_than("SCOPE", "SENSITIVITY"):
                 continue  # unsupported filters
-            if perm.sensitivity_filter and self.nomenclature_sensitivity.cd_nomenclature != "0":
-                continue  # sensitivity filter denied access, check next permission
+            if perm.sensitivity_filter:
+                if (
+                    blur_sensitive_observations
+                    and self.nomenclature_sensitivity.cd_nomenclature == "4"
+                ):
+                    continue
+                if (
+                    not blur_sensitive_observations
+                    and self.nomenclature_sensitivity.cd_nomenclature != "0"
+                ):
+                    continue
             if perm.scope_value:
                 if g.current_user == self.digitiser:
                     return True