[Fixes #12713] make UserHasPerm user the registry

geonode/base/api/permissions.py

@@ -36,7 +36,6 @@
 from rest_framework.permissions import DjangoModelPermissions
 from guardian.shortcuts import get_objects_for_user
 from itertools import chain
-from guardian.shortcuts import get_groups_with_perms
 from geonode.security.registry import permissions_registry
 
 logger = logging.getLogger(__name__)
@@ -252,19 +251,18 @@ def has_permission(self, request, view):
             )
 
             # getting the user permission for that resource
-            resource_perms = permissions_registry.get_perms(instance=res, user=request.user)
-
-            groups = get_groups_with_perms(res, attach_perms=True)
-            # we are making this because the request.user.groups sometimes returns empty si is not fully reliable
-            for group, perm in groups.items():
-                # checking if the user is in that group
-                if group.user_set.filter(username=request.user).exists():
-                    resource_perms = list(chain(resource_perms, perm))
+            resource_perms = permissions_registry.get_perms(instance=res)
 
             if request.user.has_perm("base.add_resourcebase"):
                 resource_perms.append("add_resourcebase")
             # merging all available permissions into a single list
-            available_perms = list(set(resource_perms))
+            available_perms = list(
+                set(
+                    chain.from_iterable(
+                        list(resource_perms["users"].values()) + list(resource_perms["groups"].values())
+                    )
+                )
+            )
             # fixup the permissions name
             perms_without_base = [x.replace("base.", "") for x in perms]
             # if at least one of the permissions is available the request is True