qgis · Mar 2, 2021
diff --git a/‎python/core/auto_generated/layout/qgslayoutrendercontext.sip.in
Lines changed: 20 additions & 0 deletions b/‎python/core/auto_generated/layout/qgslayoutrendercontext.sip.in
Lines changed: 20 additions & 0 deletions
diff --git a/‎python/core/auto_generated/qgsfeaturefilterprovider.sip.in
Lines changed: 9 additions & 2 deletions b/‎python/core/auto_generated/qgsfeaturefilterprovider.sip.in
Lines changed: 9 additions & 2 deletions
diff --git a/‎python/server/auto_generated/qgsaccesscontrol.sip.in
Lines changed: 2 additions & 1 deletion b/‎python/server/auto_generated/qgsaccesscontrol.sip.in
Lines changed: 2 additions & 1 deletion
diff --git a/‎python/server/auto_generated/qgsfeaturefilter.sip.in
Lines changed: 3 additions & 0 deletions b/‎python/server/auto_generated/qgsfeaturefilter.sip.in
Lines changed: 3 additions & 0 deletions
diff --git a/‎python/server/auto_generated/qgsfeaturefilterprovidergroup.sip.in
Lines changed: 5 additions & 1 deletion b/‎python/server/auto_generated/qgsfeaturefilterprovidergroup.sip.in
Lines changed: 5 additions & 1 deletion
diff --git a/‎src/core/layout/qgslayoutatlas.cpp
Lines changed: 7 additions & 0 deletions b/‎src/core/layout/qgslayoutatlas.cpp
Lines changed: 7 additions & 0 deletions
diff --git a/‎src/core/layout/qgslayoutitemattributetable.cpp
Lines changed: 74 additions & 1 deletion b/‎src/core/layout/qgslayoutitemattributetable.cpp
Lines changed: 74 additions & 1 deletion
diff --git a/‎src/core/layout/qgslayoutitemattributetable.h
Lines changed: 8 additions & 0 deletions b/‎src/core/layout/qgslayoutitemattributetable.h
Lines changed: 8 additions & 0 deletions
diff --git a/‎src/core/layout/qgslayoutitemmap.cpp
Lines changed: 4 additions & 0 deletions b/‎src/core/layout/qgslayoutitemmap.cpp
Lines changed: 4 additions & 0 deletions
diff --git a/‎src/core/layout/qgslayoutrendercontext.cpp
Lines changed: 10 additions & 0 deletions b/‎src/core/layout/qgslayoutrendercontext.cpp
Lines changed: 10 additions & 0 deletions
diff --git a/‎src/core/layout/qgslayoutrendercontext.h
Lines changed: 22 additions & 0 deletions b/‎src/core/layout/qgslayoutrendercontext.h
Lines changed: 22 additions & 0 deletions
diff --git a/‎src/core/qgsfeaturefilterprovider.h
Lines changed: 10 additions & 2 deletions b/‎src/core/qgsfeaturefilterprovider.h
Lines changed: 10 additions & 2 deletions
diff --git a/‎src/server/qgsaccesscontrol.cpp
Lines changed: 1 addition & 1 deletion b/‎src/server/qgsaccesscontrol.cpp
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/server/qgsaccesscontrol.h
Lines changed: 2 additions & 1 deletion b/‎src/server/qgsaccesscontrol.h
Lines changed: 2 additions & 1 deletion
diff --git a/‎src/server/qgsfeaturefilter.cpp
Lines changed: 6 additions & 0 deletions b/‎src/server/qgsfeaturefilter.cpp
Lines changed: 6 additions & 0 deletions
diff --git a/‎src/server/qgsfeaturefilter.h
Lines changed: 3 additions & 0 deletions b/‎src/server/qgsfeaturefilter.h
Lines changed: 3 additions & 0 deletions
diff --git a/‎src/server/qgsfeaturefilterprovidergroup.cpp
Lines changed: 11 additions & 1 deletion b/‎src/server/qgsfeaturefilterprovidergroup.cpp
Lines changed: 11 additions & 1 deletion
diff --git a/‎src/server/qgsfeaturefilterprovidergroup.h
Lines changed: 6 additions & 1 deletion b/‎src/server/qgsfeaturefilterprovidergroup.h
Lines changed: 6 additions & 1 deletion
diff --git a/‎src/server/services/wms/qgswmsgetprint.cpp
Lines changed: 1 addition & 0 deletions b/‎src/server/services/wms/qgswmsgetprint.cpp
Lines changed: 1 addition & 0 deletions
diff --git a/‎src/server/services/wms/qgswmsrendercontext.cpp
Lines changed: 18 additions & 4 deletions b/‎src/server/services/wms/qgswmsrendercontext.cpp
Lines changed: 18 additions & 4 deletions
diff --git a/‎src/server/services/wms/qgswmsrendercontext.h
Lines changed: 3 additions & 2 deletions b/‎src/server/services/wms/qgswmsrendercontext.h
Lines changed: 3 additions & 2 deletions
diff --git a/‎src/server/services/wms/qgswmsrenderer.cpp
Lines changed: 17 additions & 4 deletions b/‎src/server/services/wms/qgswmsrenderer.cpp
Lines changed: 17 additions & 4 deletions
diff --git a/‎tests/src/python/CMakeLists.txt
Lines changed: 1 addition & 0 deletions b/‎tests/src/python/CMakeLists.txt
Lines changed: 1 addition & 0 deletions
diff --git a/‎tests/src/python/test_qgsserver_accesscontrol_wms_getprint_postgres.py
Lines changed: 385 additions & 0 deletions b/‎tests/src/python/test_qgsserver_accesscontrol_wms_getprint_postgres.py
Lines changed: 385 additions & 0 deletions
diff --git a/‎tests/testdata/control_images/qgis_server/WMS_GetPrint_postgres_print2/v1/WMS_GetPrint_postgres_print2.png
22.5 KB b/‎tests/testdata/control_images/qgis_server/WMS_GetPrint_postgres_print2/v1/WMS_GetPrint_postgres_print2.png
22.5 KB
diff --git a/‎tests/testdata/control_images/qgis_server/WMS_GetPrint_postgres_print2/v2/WMS_GetPrint_postgres_print2.png
25.7 KB b/‎tests/testdata/control_images/qgis_server/WMS_GetPrint_postgres_print2/v2/WMS_GetPrint_postgres_print2.png
25.7 KB
diff --git a/‎tests/testdata/control_images/qgis_server/WMS_GetPrint_postgres_print2_filtered/v1/WMS_GetPrint_postgres_print2_filtered.png
9.66 KB b/‎tests/testdata/control_images/qgis_server/WMS_GetPrint_postgres_print2_filtered/v1/WMS_GetPrint_postgres_print2_filtered.png
9.66 KB
diff --git a/‎tests/testdata/control_images/qgis_server/WMS_GetPrint_postgres_print2_filtered/v2/WMS_GetPrint_postgres_print2_filtered.png
10 KB b/‎tests/testdata/control_images/qgis_server/WMS_GetPrint_postgres_print2_filtered/v2/WMS_GetPrint_postgres_print2_filtered.png
10 KB
diff --git a/‎tests/testdata/control_images/qgis_server/WMS_GetPrint_postgres_print2_subset/v1/WMS_GetPrint_postgres_print2_subset.png
19.8 KB b/‎tests/testdata/control_images/qgis_server/WMS_GetPrint_postgres_print2_subset/v1/WMS_GetPrint_postgres_print2_subset.png
19.8 KB
diff --git a/‎tests/testdata/control_images/qgis_server/WMS_GetPrint_postgres_print2_subset/v2/WMS_GetPrint_postgres_print2_subset.png
20 KB b/‎tests/testdata/control_images/qgis_server/WMS_GetPrint_postgres_print2_subset/v2/WMS_GetPrint_postgres_print2_subset.png
20 KB
diff --git a/‎tests/testdata/qgis_server_accesscontrol/pg_multiple_pks.qgs
Lines changed: 1364 additions & 0 deletions b/‎tests/testdata/qgis_server_accesscontrol/pg_multiple_pks.qgs
Lines changed: 1364 additions & 0 deletions
@@ -311,6 +311,26 @@ Returns the current list of predefined scales for use with the layout.
 .. seealso:: :py:func:`setPredefinedScales`
 
 .. versionadded:: 3.10
+%End
+
+    QgsFeatureFilterProvider *featureFilterProvider() const;
+%Docstring
+Returns the possibly NULL feature filter provider.
+
+A feature filter provider for filtering visible features or attributes.
+It is currently used by QGIS Server Access Control Plugins.
+
+.. versionadded:: 3.18
+%End
+
+    void setFeatureFilterProvider( QgsFeatureFilterProvider *featureFilterProvider );
+%Docstring
+Sets feature filter provider to ``featureFilterProvider``.
+
+A feature filter provider for filtering visible features or attributes.
+It is currently used by QGIS Server Access Control Plugins.
+
+.. versionadded:: 3.18
 %End
 
   signals:
 
@@ -16,10 +16,10 @@
 class QgsFeatureFilterProvider
 {
 %Docstring
-Abstract interface for use by classes that filter the features of a layer.
+Abstract interface for use by classes that filter the features or attributes of a layer.
 
 A :py:class:`QgsFeatureFilterProvider` provides a method for modifying a :py:class:`QgsFeatureRequest` in place to apply
-additional filters to the request.
+additional filters to the request, since QGIS 3.18 a method to filter allowed attributes is also available.
 
 .. versionadded:: 2.14
 %End
@@ -37,6 +37,13 @@ Derived classes must implement this method.
 
 :param layer: the layer to filter
 :param featureRequest: the feature request to update
+%End
+
+    virtual QStringList layerAttributes( const QgsVectorLayer *layer, const QStringList &attributes ) const = 0;
+%Docstring
+Returns the list of visible attribute names from a list of ``attributes`` names for the given ``layer``
+
+.. versionadded:: 3.18
 %End
 
     virtual QgsFeatureFilterProvider *clone() const = 0 /Factory/;
 
@@ -108,7 +108,8 @@ Returns the layer delete right
 :return: ``True`` if we can do a delete
 %End
 
-    QStringList layerAttributes( const QgsVectorLayer *layer, const QStringList &attributes ) const;
+    virtual QStringList layerAttributes( const QgsVectorLayer *layer, const QStringList &attributes ) const;
+
 %Docstring
 Returns the authorized layer attributes
 
 
@@ -37,6 +37,9 @@ Filter the features of the layer
 :param filterFeatures: the request to fill
 %End
 
+    virtual QStringList layerAttributes( const QgsVectorLayer *layer, const QStringList &attributes ) const;
+
+
     virtual QgsFeatureFilterProvider *clone() const /Factory/;
 
 %Docstring
 
@@ -30,12 +30,15 @@ Constructor
     virtual void filterFeatures( const QgsVectorLayer *layer, QgsFeatureRequest &filterFeatures ) const;
 
 %Docstring
-Filter the features of the layer
+Filter the features of the layer.
 
 :param layer: the layer to control
 :param filterFeatures: the request to fill
 %End
 
+    virtual QStringList layerAttributes( const QgsVectorLayer *layer, const QStringList &attributes ) const;
+
+
     virtual QgsFeatureFilterProvider *clone() const /Factory/;
 
 %Docstring
@@ -53,6 +56,7 @@ Add another filter provider to the group
 :return: itself
 %End
 
+
 };
 
 /************************************************************************
 
@@ -288,6 +288,13 @@ int QgsLayoutAtlas::updateFeatures()
     req.setFilterExpression( mFilterExpression );
   }
 
+#ifdef HAVE_SERVER_PYTHON_PLUGINS
+  if ( mLayout->renderContext().featureFilterProvider() )
+  {
+    mLayout->renderContext().featureFilterProvider()->filterFeatures( mCoverageLayer.get(), req );
+  }
+#endif
+
   QgsFeatureIterator fit = mCoverageLayer->getFeatures( req );
 
   std::unique_ptr<QgsExpression> nameExpression;
 
@@ -29,6 +29,7 @@
 #include "qgsexception.h"
 #include "qgsmapsettings.h"
 #include "qgsexpressioncontextutils.h"
+#include "qgsexpressionnodeimpl.h"
 #include "qgsgeometryengine.h"
 #include "qgsconditionalstyle.h"
 
@@ -176,6 +177,7 @@ void QgsLayoutItemAttributeTable::resetColumns()
   //rebuild columns list from vector layer fields
   int idx = 0;
   const QgsFields sourceFields = source->fields();
+
   for ( const auto &field : sourceFields )
   {
     QString currentAlias = source->attributeDisplayName( idx );
@@ -329,8 +331,9 @@ void QgsLayoutItemAttributeTable::setDisplayedFields( const QStringList &fields,
     {
       int attrIdx = layerFields.lookupField( field );
       if ( attrIdx < 0 )
+      {
         continue;
-
+      }
       QString currentAlias = source->attributeDisplayName( attrIdx );
       QgsLayoutTableColumn col;
       col.setAttribute( layerFields.at( attrIdx ).name() );
@@ -413,6 +416,13 @@ bool QgsLayoutItemAttributeTable::getTableContents( QgsLayoutTableContents &cont
     }
   }
 
+#ifdef HAVE_SERVER_PYTHON_PLUGINS
+  if ( mLayout->renderContext().featureFilterProvider() )
+  {
+    mLayout->renderContext().featureFilterProvider()->filterFeatures( layer, req );
+  }
+#endif
+
   QgsRectangle selectionRect;
   QgsGeometry visibleRegion;
   std::unique_ptr< QgsGeometryEngine > visibleMapEngine;
@@ -541,6 +551,9 @@ bool QgsLayoutItemAttributeTable::getTableContents( QgsLayoutTableContents &cont
     // We also need a list of just the cell contents, so that we can do a quick check for row uniqueness (when the
     // corresponding option is enabled)
     QVector< Cell > currentRow;
+#ifdef HAVE_SERVER_PYTHON_PLUGINS
+    mColumns = filteredColumns();
+#endif
     currentRow.reserve( mColumns.count() );
     QgsLayoutTableRow rowContents;
     rowContents.reserve( mColumns.count() );
@@ -693,6 +706,66 @@ QVariant QgsLayoutItemAttributeTable::replaceWrapChar( const QVariant &variant )
   return replaced;
 }
 
+#ifdef HAVE_SERVER_PYTHON_PLUGINS
+QgsLayoutTableColumns QgsLayoutItemAttributeTable::filteredColumns()
+{
+  QgsLayoutTableColumns allowedColumns { mColumns };
+
+  QgsVectorLayer *source { sourceLayer() };
+
+  if ( ! source )
+  {
+    return allowedColumns;
+  }
+
+  QHash<const QString, QSet<QString>> columnAttributesMap;
+  QSet<QString> allowedAttributes;
+
+  for ( const auto &c : qgis::as_const( allowedColumns ) )
+  {
+    if ( ! c.attribute().isEmpty() && ! columnAttributesMap.contains( c.attribute() ) )
+    {
+      columnAttributesMap[ c.attribute() ] = QSet<QString>();
+      const QgsExpression columnExp { c.attribute() };
+      const auto constRefs { columnExp.findNodes<QgsExpressionNodeColumnRef>() };
+      for ( const auto &cref : constRefs )
+      {
+        columnAttributesMap[ c.attribute() ].insert( cref->name() );
+        allowedAttributes.insert( cref->name() );
+      }
+    }
+  }
+
+  if ( mLayout->renderContext().featureFilterProvider() )
+  {
+    const QStringList filteredAttributes { layout()->renderContext().featureFilterProvider()->layerAttributes( source, allowedAttributes.values() ) };
+#if (QT_VERSION >= QT_VERSION_CHECK(5, 14, 0))
+    const QSet<QString> filteredAttributesSet( filteredAttributes.constBegin(), filteredAttributes.constEnd() );
+#else
+    const QSet<QString> filteredAttributesSet { filteredAttributes.toSet() };
+#endif
+    if ( filteredAttributesSet != allowedAttributes )
+    {
+      const auto forbidden { allowedAttributes.subtract( filteredAttributesSet ) };
+      allowedColumns.erase( std::remove_if( allowedColumns.begin(), allowedColumns.end(), [ &columnAttributesMap, &forbidden ]( QgsLayoutTableColumn & c ) -> bool
+      {
+        for ( const auto &f : qgis::as_const( forbidden ) )
+        {
+          if ( columnAttributesMap[ c.attribute() ].contains( f ) )
+          {
+            return true;
+          }
+        }
+        return false;
+      } ), allowedColumns.end() );
+
+    }
+  }
+
+  return allowedColumns;
+}
+#endif
+
 QgsVectorLayer *QgsLayoutItemAttributeTable::sourceLayer() const
 {
   switch ( mSource )
 
@@ -390,6 +390,14 @@ class CORE_EXPORT QgsLayoutItemAttributeTable: public QgsLayoutTable
      */
     QVariant replaceWrapChar( const QVariant &variant ) const;
 
+#ifdef HAVE_SERVER_PYTHON_PLUGINS
+
+    /**
+     * Returns the list of visible columns filtered by the access control filter rules.
+     */
+    QgsLayoutTableColumns filteredColumns( );
+#endif
+
   private slots:
     //! Checks if this vector layer will be removed (and sets mVectorLayer to 0 if yes)
     void removeLayer( const QString &layerId );
 
@@ -1346,6 +1346,10 @@ void QgsLayoutItemMap::drawMap( QPainter *painter, const QgsRectangle &extent, Q
   }
 
   QgsMapRendererCustomPainterJob job( ms, painter );
+#ifdef HAVE_SERVER_PYTHON_PLUGINS
+  job.setFeatureFilterProvider( mLayout->renderContext().featureFilterProvider() );
+#endif
+
   // Render the map in this thread. This is done because of problems
   // with printing to printer on Windows (printing to PDF is fine though).
   // Raster images were not displayed - see #10599
 
@@ -133,3 +133,13 @@ void QgsLayoutRenderContext::setPredefinedScales( const QVector<qreal> &scales )
   std::sort( mPredefinedScales.begin(), mPredefinedScales.end() ); // clazy:exclude=detaching-member
   emit predefinedScalesChanged();
 }
+
+QgsFeatureFilterProvider *QgsLayoutRenderContext::featureFilterProvider() const
+{
+  return mFeatureFilterProvider;
+}
+
+void QgsLayoutRenderContext::setFeatureFilterProvider( QgsFeatureFilterProvider *featureFilterProvider )
+{
+  mFeatureFilterProvider = featureFilterProvider;
+}
@@ -297,6 +297,26 @@ class CORE_EXPORT QgsLayoutRenderContext : public QObject
      */
     QVector<qreal> predefinedScales() const { return mPredefinedScales; }
 
+    /**
+     * Returns the possibly NULL feature filter provider.
+     *
+     * A feature filter provider for filtering visible features or attributes.
+     * It is currently used by QGIS Server Access Control Plugins.
+     *
+     * \since QGIS 3.18
+     */
+    QgsFeatureFilterProvider *featureFilterProvider() const;
+
+    /**
+     * Sets feature filter provider to \a featureFilterProvider.
+     *
+     * A feature filter provider for filtering visible features or attributes.
+     * It is currently used by QGIS Server Access Control Plugins.
+     *
+     * \since QGIS 3.18
+     */
+    void setFeatureFilterProvider( QgsFeatureFilterProvider *featureFilterProvider );
+
   signals:
 
     /**
@@ -342,6 +362,8 @@ class CORE_EXPORT QgsLayoutRenderContext : public QObject
 
     QVector<qreal> mPredefinedScales;
 
+    QgsFeatureFilterProvider *mFeatureFilterProvider = nullptr;
+
     friend class QgsLayoutExporter;
     friend class TestQgsLayout;
     friend class LayoutContextPreviewSettingRestorer;
 
@@ -19,6 +19,7 @@
 #define QGSFEATUREFILTERPROVIDER_H
 
 #include <QtGlobal>
+#include <QStringList>
 #include "qgis_sip.h"
 
 #include "qgis_core.h"
@@ -31,10 +32,11 @@ class QgsFeatureRequest;
 /**
  * \ingroup core
  * \class QgsFeatureFilterProvider
- * \brief Abstract interface for use by classes that filter the features of a layer.
+ * \brief Abstract interface for use by classes that filter the features or attributes of a layer.
  *
  * A QgsFeatureFilterProvider provides a method for modifying a QgsFeatureRequest in place to apply
- * additional filters to the request.
+ * additional filters to the request, since QGIS 3.18 a method to filter allowed attributes is also available.
+ *
  * \since QGIS 2.14
  */
 
@@ -59,6 +61,12 @@ class CORE_EXPORT QgsFeatureFilterProvider
      */
     virtual void filterFeatures( const QgsVectorLayer *layer, QgsFeatureRequest &featureRequest ) const = 0;
 
+    /**
+     * Returns the list of visible attribute names from a list of \a attributes names for the given \a layer
+     * \since QGIS 3.18
+     */
+    virtual QStringList layerAttributes( const QgsVectorLayer *layer, const QStringList &attributes ) const = 0;
+
     /**
      * Create a clone of the feature filter provider
      * \returns a new clone
 
@@ -64,7 +64,7 @@ void QgsAccessControl::filterFeatures( const QgsVectorLayer *layer, QgsFeatureRe
 
   QString expression;
 
-  if ( mResolved && mFilterFeaturesExpressions.keys().contains( layer->id() ) )
+  if ( mResolved && mFilterFeaturesExpressions.contains( layer->id() ) )
   {
     expression = mFilterFeaturesExpressions[layer->id()];
   }
 
@@ -134,7 +134,7 @@ class SERVER_EXPORT QgsAccessControl : public QgsFeatureFilterProvider
      * \param attributes the list of attribute
      * \returns the list of visible attributes
      */
-    QStringList layerAttributes( const QgsVectorLayer *layer, const QStringList &attributes ) const;
+    QStringList layerAttributes( const QgsVectorLayer *layer, const QStringList &attributes ) const override;
 
     /**
      * Are we authorized to modify the following geometry
@@ -166,6 +166,7 @@ class SERVER_EXPORT QgsAccessControl : public QgsFeatureFilterProvider
 
     QMap<QString, QString> mFilterFeaturesExpressions;
     bool mResolved;
+
 };
 
 #endif
@@ -29,6 +29,12 @@ void QgsFeatureFilter::filterFeatures( const QgsVectorLayer *layer, QgsFeatureRe
   }
 }
 
+QStringList QgsFeatureFilter::layerAttributes( const QgsVectorLayer *, const QStringList &attributes ) const
+{
+  // Do nothing
+  return attributes;
+}
+
 QgsFeatureFilterProvider *QgsFeatureFilter::clone() const
 {
   auto result = new QgsFeatureFilter();
 
@@ -44,6 +44,8 @@ class SERVER_EXPORT QgsFeatureFilter : public QgsFeatureFilterProvider
      */
     void filterFeatures( const QgsVectorLayer *layer, QgsFeatureRequest &filterFeatures ) const override;
 
+    QStringList layerAttributes( const QgsVectorLayer *layer, const QStringList &attributes ) const override;
+
     /**
      * Returns a clone of the object
      * \returns A clone
@@ -59,6 +61,7 @@ class SERVER_EXPORT QgsFeatureFilter : public QgsFeatureFilterProvider
 
   private:
     QMap<QString, QString> mFilters;
+
 };
 
 #endif
@@ -20,7 +20,6 @@
 
 void QgsFeatureFilterProviderGroup::filterFeatures( const QgsVectorLayer *layer, QgsFeatureRequest &filterFeatures ) const
 {
-  filterFeatures.disableFilter();
   for ( const QgsFeatureFilterProvider *provider : mProviders )
   {
     QgsFeatureRequest temp;
@@ -32,6 +31,17 @@ void QgsFeatureFilterProviderGroup::filterFeatures( const QgsVectorLayer *layer,
   }
 }
 
+QStringList QgsFeatureFilterProviderGroup::layerAttributes( const QgsVectorLayer *layer, const QStringList &attributes ) const
+{
+  QStringList allowedAttributes { attributes };
+  for ( const QgsFeatureFilterProvider *provider : mProviders )
+  {
+    QgsFeatureRequest temp;
+    allowedAttributes = provider->layerAttributes( layer, allowedAttributes );
+  }
+  return allowedAttributes;
+}
+
 QgsFeatureFilterProvider *QgsFeatureFilterProviderGroup::clone() const
 {
   auto result = new QgsFeatureFilterProviderGroup();
 
@@ -36,12 +36,14 @@ class SERVER_EXPORT QgsFeatureFilterProviderGroup : public QgsFeatureFilterProvi
     QgsFeatureFilterProviderGroup() = default;
 
     /**
-     * Filter the features of the layer
+     * Filter the features of the layer.
      * \param layer the layer to control
      * \param filterFeatures the request to fill
      */
     void filterFeatures( const QgsVectorLayer *layer, QgsFeatureRequest &filterFeatures ) const override;
 
+    QStringList layerAttributes( const QgsVectorLayer *layer, const QStringList &attributes ) const override;
+
     /**
      * Returns a clone of the object
      * \returns A clone
@@ -55,8 +57,11 @@ class SERVER_EXPORT QgsFeatureFilterProviderGroup : public QgsFeatureFilterProvi
      */
     QgsFeatureFilterProviderGroup &addProvider( const QgsFeatureFilterProvider *provider );
 
+
   private:
     QList<const QgsFeatureFilterProvider *> mProviders;
+
+
 };
 
 #endif
@@ -64,6 +64,7 @@ namespace QgsWms
     context.setFlag( QgsWmsRenderContext::SetAccessControl );
     context.setFlag( QgsWmsRenderContext::AddHighlightLayers );
     context.setFlag( QgsWmsRenderContext::AddExternalLayers );
+    context.setFlag( QgsWmsRenderContext::AddAllLayers );
     context.setParameters( parameters );
 
     // rendering
 
@@ -182,7 +182,7 @@ qreal QgsWmsRenderContext::dotsPerMm() const
   return dpm / 1000.0;
 }
 
-QStringList QgsWmsRenderContext::flattenedQueryLayers() const
+QStringList QgsWmsRenderContext::flattenedQueryLayers( const QStringList &layerNames ) const
 {
   QStringList result;
   std::function <QStringList( const QString &name )> findLeaves = [ & ]( const QString & name ) -> QStringList
@@ -211,8 +211,8 @@ QStringList QgsWmsRenderContext::flattenedQueryLayers() const
     }
     return _result;
   };
-  const auto constNicks { mParameters.queryLayersNickname() };
-  for ( const auto &name : constNicks )
+
+  for ( const auto &name : qgis::as_const( layerNames ) )
   {
     result.append( findLeaves( name ) );
   }
@@ -429,7 +429,21 @@ void QgsWmsRenderContext::searchLayersToRender()
 
   if ( mFlags & AddQueryLayers )
   {
-    const QStringList queryLayerNames { flattenedQueryLayers() };
+    const QStringList queryLayerNames = flattenedQueryLayers( mParameters.queryLayersNickname() );
+    for ( const QString &layerName : queryLayerNames )
+    {
+      const QList<QgsMapLayer *> layers = mNicknameLayers.values( layerName );
+      for ( QgsMapLayer *lyr : layers )
+        if ( !mLayersToRender.contains( lyr ) )
+        {
+          mLayersToRender.append( lyr );
+        }
+    }
+  }
+
+  if ( mFlags & AddAllLayers )
+  {
+    const QStringList queryLayerNames = flattenedQueryLayers( mParameters.allLayersNickname() );
     for ( const QString &layerName : queryLayerNames )
     {
       const QList<QgsMapLayer *> layers = mNicknameLayers.values( layerName );
 
@@ -48,7 +48,8 @@ namespace QgsWms
         UseWfsLayersOnly       = 0x100,
         AddExternalLayers      = 0x200,
         UseSrcWidthHeight      = 0x400,
-        UseTileBuffer          = 0x800
+        UseTileBuffer          = 0x800,
+        AddAllLayers           = 0x1000 //!< For GetPrint: add layers from LAYER(S) parameter
       };
       Q_DECLARE_FLAGS( Flags, Flag )
 
@@ -209,7 +210,7 @@ namespace QgsWms
        * Returns a list of query layer names where group names are replaced by the names of their layer components.
        * \since QGIS 3.8
        */
-      QStringList flattenedQueryLayers() const;
+      QStringList flattenedQueryLayers( const QStringList &layerNames ) const;
 
 #ifdef HAVE_SERVER_PYTHON_PLUGINS
 
 
@@ -394,7 +394,7 @@ namespace QgsWms
             {
               filterString.append( " AND " );
             }
-            filterString.append( QString( "\"%1\" = %2" ).arg( pkAttributeNames.at( j ) ).arg( atlasPk.at( currentAtlasPk ) ) );
+            filterString.append( QString( "\"%1\" = %2" ).arg( pkAttributeNames.at( j ), atlasPk.at( currentAtlasPk ) ) );
             ++currentAtlasPk;
           }
 
@@ -427,6 +427,14 @@ namespace QgsWms
     // configure layout
     configurePrintLayout( layout.get(), mapSettings, atlas );
 
+#ifdef HAVE_SERVER_PYTHON_PLUGINS
+    QgsFeatureFilterProviderGroup filters;
+    mContext.accessControl()->resolveFilterFeatures( mapSettings.layers() );
+    filters.addProvider( mContext.accessControl() );
+    QgsLayoutRenderContext &layoutRendererContext = layout->renderContext();
+    layoutRendererContext.setFeatureFilterProvider( &filters );
+#endif
+
     // Get the temporary output file
     const QgsWmsParameters::Format format = mWmsParameters.format();
     const QString extension = QgsWmsParameters::formatAsString( format ).toLower();
@@ -479,7 +487,7 @@ namespace QgsWms
       {
         bool ok;
         double _dpi = mWmsParameters.dpi().toDouble( &ok );
-        if ( ! ok )
+        if ( ok )
           dpi = _dpi;
       }
       exportSettings.dpi = dpi;
@@ -501,6 +509,10 @@ namespace QgsWms
           QgsLayoutExporter atlasPngExport( atlas->layout() );
           atlasPngExport.exportToImage( tempOutputFile.fileName(), exportSettings );
         }
+        else
+        {
+          throw QgsServiceException( QStringLiteral( "Bad request" ), QStringLiteral( "Atlas error: empty atlas." ), QString(), 400 );
+        }
       }
       else
       {
@@ -556,6 +568,7 @@ namespace QgsWms
 
   bool QgsRenderer::configurePrintLayout( QgsPrintLayout *c, const QgsMapSettings &mapSettings, bool atlasPrint )
   {
+
     c->renderContext().setSelectionColor( mapSettings.selectionColor() );
     // Maps are configured first
     QList<QgsLayoutItemMap *> maps;
@@ -1174,7 +1187,7 @@ namespace QgsWms
   QDomDocument QgsRenderer::featureInfoDocument( QList<QgsMapLayer *> &layers, const QgsMapSettings &mapSettings,
       const QImage *outputImage, const QString &version ) const
   {
-    const QStringList queryLayers = mContext.flattenedQueryLayers( );
+    const QStringList queryLayers = mContext.flattenedQueryLayers( mContext.parameters().queryLayersNickname() );
 
     bool ijDefined = ( !mWmsParameters.i().isEmpty() && !mWmsParameters.j().isEmpty() );
 
@@ -3246,7 +3259,7 @@ namespace QgsWms
       if ( !( *mapIt )->renderingErrors().isEmpty() )
       {
         const QgsMapRendererJob::Error e = ( *mapIt )->renderingErrors().at( 0 );
-        throw QgsException( QStringLiteral( "Rendering error : '%1' in layer %2" ).arg( e.message ).arg( e.layerID ) );
+        throw QgsException( QStringLiteral( "Rendering error : '%1' in layer %2" ).arg( e.message, e.layerID ) );
       }
     }
   }
 
@@ -384,6 +384,7 @@ if (ENABLE_PGTEST)
   ADD_PYTHON_TEST(PyQgsProviderConnectionPostgres test_qgsproviderconnection_postgres.py)
   if (WITH_SERVER)
     ADD_PYTHON_TEST(PyQgsServerWMSGetFeatureInfoPG test_qgsserver_wms_getfeatureinfo_postgres.py)
+    ADD_PYTHON_TEST(PyQgsServerAccessControlWMSGetPrintPG test_qgsserver_accesscontrol_wms_getprint_postgres.py)
   endif()
 endif()
 
 
@@ -0,0 +1,385 @@
+# -*- coding: utf-8 -*-
+"""QGIS Unit tests for QgsServer WMS GetPrint with postgres access control filters.
+
+From build dir, run: ctest -R PyQgsServerAccessControlWMSGetPrintPG -V
+
+
+.. note:: This program is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2 of the License, or
+(at your option) any later version.
+
+"""
+__author__ = 'Alessandro Pasotti'
+__date__ = '25/02/2021'
+__copyright__ = 'Copyright 2021, The QGIS Project'
+
+import os
+import re
+import hashlib
+
+# Needed on Qt 5 so that the serialization of XML is consistent among all executions
+os.environ['QT_HASH_SEED'] = '1'
+
+import urllib.parse
+
+from qgis.core import QgsProject, QgsProviderRegistry, QgsVectorLayer
+from qgis.PyQt.QtCore import QTemporaryDir
+from qgis.PyQt.QtGui import QImage
+from qgis.server import (QgsServer, QgsBufferServerRequest,
+                         QgsBufferServerResponse, QgsAccessControlFilter)
+from qgis.testing import unittest
+from test_qgsserver import QgsServerTestBase
+from utilities import unitTestDataPath
+
+
+class RestrictedAccessControl(QgsAccessControlFilter):
+    """Restricts access to pk1 = 1 AND pk2 = 1"""
+
+    # Be able to deactivate the access control to have a reference point
+    active = {
+        'layerFilterExpression': False,
+        'layerFilterSubsetString': False,
+        'authorizedLayerAttributes': False,
+        'layerPermissions': False,
+    }
+
+    def layerFilterExpression(self, layer):
+        """ Return an additional expression filter """
+
+        if not self.active['layerFilterExpression']:
+            return super().layerFilterExpression(layer)
+
+        if layer.name() == "multiple_pks":
+            return "pk1 = 1 AND pk2 = 1"
+        else:
+            return None
+
+    def layerFilterSubsetString(self, layer):
+        """ Return an additional subset string (typically SQL) filter """
+
+        if not self.active['layerFilterSubsetString']:
+            return super().layerFilterSubsetString(layer)
+
+        if layer.name() == "multiple_pks":
+            return "pk1 = 1 AND pk2 = 1"
+        else:
+            return None
+
+    def authorizedLayerAttributes(self, layer, attributes):
+        """ Return the authorised layer attributes """
+
+        if not self.active['authorizedLayerAttributes']:
+            return super().authorizedLayerAttributes(layer, attributes)
+
+        allowed = []
+
+        for attr in attributes:
+            if "name" != attr and "virtual" != attr:  # spellok
+                allowed.append(attr)  # spellok
+
+        return allowed
+
+    def layerPermissions(self, layer):
+        """ Return the layer rights """
+
+        rights = QgsAccessControlFilter.LayerPermissions()
+        rights.canRead = not self.active['layerPermissions']
+
+        return rights
+
+
+class TestQgsServerAccessControlWMSGetPrintPG(QgsServerTestBase):
+    """QGIS Server WMS Tests for GetPrint request"""
+
+    # Set to True in child classes to re-generate reference files for this class
+    # regenerate_reference = True
+
+    @classmethod
+    def setUpClass(cls):
+
+        super().setUpClass()
+
+        if 'QGIS_PGTEST_DB' in os.environ:
+            cls.dbconn = os.environ['QGIS_PGTEST_DB']
+        else:
+            cls.dbconn = 'service=qgis_test dbname=qgis_test sslmode=disable '
+
+        # Test layer
+        md = QgsProviderRegistry.instance().providerMetadata('postgres')
+        uri = cls.dbconn + ' dbname=qgis_test sslmode=disable '
+        conn = md.createConnection(uri, {})
+
+        project_path = os.path.join(unitTestDataPath('qgis_server_accesscontrol'), 'pg_multiple_pks.qgs')
+        cls.temp_dir = QTemporaryDir()
+        cls.temp_project_path = os.path.join(cls.temp_dir.path(), 'pg_multiple_pks.qgs')
+
+        # Create test layer
+
+        conn.executeSql("DROP TABLE IF EXISTS qgis_test.multiple_pks")
+        conn.executeSql(
+            "CREATE TABLE qgis_test.multiple_pks ( pk1 bigint not null, pk2 bigint not null, name text not null, geom geometry(POINT,4326), PRIMARY KEY ( pk1, pk2 ) )")
+        conn.executeSql(
+            "INSERT INTO qgis_test.multiple_pks VALUES ( 1, 1, '1-1', ST_GeomFromText('point(7 45)', 4326))")
+        conn.executeSql(
+            "INSERT INTO qgis_test.multiple_pks VALUES ( 1, 2, '1-2', ST_GeomFromText('point(8 46)', 4326))")
+
+        cls.layer_uri = uri + \
+            " sslmode=disable key='pk1,pk2' estimatedmetadata=true srid=4326 type=Point checkPrimaryKeyUnicity='0' table=\"qgis_test\".\"multiple_pks\" (geom)"
+        layer = QgsVectorLayer(cls.layer_uri, 'multiple_pks', 'postgres')
+
+        assert layer.isValid()
+
+        project = open(project_path, 'r').read()
+        with open(cls.temp_project_path, 'w+') as f:
+            f.write(re.sub(r'<datasource>.*</datasource>', '<datasource>%s</datasource>' % cls.layer_uri, project))
+
+        cls.test_project = QgsProject()
+        cls.test_project.read(cls.temp_project_path)
+
+        # Setup access control
+        cls._server = QgsServer()
+        cls._server_iface = cls._server.serverInterface()
+        cls._accesscontrol = RestrictedAccessControl(cls._server_iface)
+        cls._server_iface.registerAccessControl(cls._accesscontrol, 100)
+
+    def _clear_constraints(self):
+        self._accesscontrol.active['authorizedLayerAttributes'] = False
+        self._accesscontrol.active['layerFilterExpression'] = False
+        self._accesscontrol.active['layerFilterSubsetString'] = False
+        self._accesscontrol.active['layerPermissions'] = False
+
+    def setUp(self):
+        super().setUp()
+        self._clear_constraints()
+
+    def _check_exception(self, qs, exception_text):
+        """Check that server throws"""
+
+        req = QgsBufferServerRequest('http://my_server/' + qs)
+        res = QgsBufferServerResponse()
+        self._server.handleRequest(req, res, self.test_project)
+        self.assertEqual(res.statusCode(), 400)
+        self.assertTrue(exception_text in bytes(res.body()).decode('utf8'))
+
+    def _check_white(self, qs):
+        """Check that output is a white image"""
+
+        req = QgsBufferServerRequest('http://my_server/' + qs)
+        res = QgsBufferServerResponse()
+        self._server.handleRequest(req, res, self.test_project)
+        self.assertEqual(res.statusCode(), 200)
+
+        result_path = os.path.join(self.temp_dir.path(), 'white.png')
+        with open(result_path, 'wb+') as f:
+            f.write(res.body())
+
+        # A full white image is expected
+        image = QImage(result_path)
+        self.assertTrue(image.isGrayscale())
+        color = image.pixelColor(100, 100)
+        self.assertEqual(color.red(), 255)
+        self.assertEqual(color.green(), 255)
+        self.assertEqual(color.blue(), 255)
+
+    def test_wms_getprint_postgres(self):
+        """Test issue GH #41800 """
+
+        # Extent for feature where pk1 = 1, pk2 = 2
+        qs = "?" + "&".join(["%s=%s" % i for i in list({
+            'SERVICE': "WMS",
+            'VERSION': "1.3.0",
+            'REQUEST': "GetPrint",
+            'CRS': 'EPSG:4326',
+            'FORMAT': 'png',
+            'LAYERS': 'multiple_pks',
+            'DPI': 72,
+            'TEMPLATE': "print1",
+            'map0:EXTENT': '45.70487804878048621,7.67926829268292099,46.22987804878049189,8.42479674796748235',
+        }.items())])
+
+        def _check_red():
+
+            req = QgsBufferServerRequest('http://my_server/' + qs)
+            res = QgsBufferServerResponse()
+            self._server.handleRequest(req, res, self.test_project)
+            self.assertEqual(res.statusCode(), 200)
+
+            result_path = os.path.join(self.temp_dir.path(), 'red.png')
+            with open(result_path, 'wb+') as f:
+                f.write(res.body())
+
+            # A full red image is expected
+            image = QImage(result_path)
+            self.assertFalse(image.isGrayscale())
+            color = image.pixelColor(100, 100)
+            self.assertEqual(color.red(), 255)
+            self.assertEqual(color.green(), 0)
+            self.assertEqual(color.blue(), 0)
+
+        _check_red()
+
+        # Now activate the rule to exclude the feature where pk1 = 1, pk2 = 2
+        # A white image is expected
+
+        self._accesscontrol.active['layerFilterExpression'] = True
+        self._check_white(qs)
+
+        # Activate the other rule for subset string
+
+        self._accesscontrol.active['layerFilterExpression'] = False
+        self._accesscontrol.active['layerFilterSubsetString'] = True
+        self._check_white(qs)
+
+        # Activate the other rule for layer permission
+
+        self._accesscontrol.active['layerFilterSubsetString'] = False
+        self._accesscontrol.active['layerPermissions'] = True
+
+        req = QgsBufferServerRequest('http://my_server/' + qs)
+        res = QgsBufferServerResponse()
+        self._server.handleRequest(req, res, self.test_project)
+        self.assertEqual(res.statusCode(), 403)
+
+        # Test attribute table (template print2) with no rule
+        self._accesscontrol.active['layerPermissions'] = False
+
+        req = QgsBufferServerRequest('http://my_server/' + qs.replace('print1', 'print2'))
+        res = QgsBufferServerResponse()
+        self._server.handleRequest(req, res, self.test_project)
+        self.assertEqual(res.statusCode(), 200)
+
+        self._img_diff_error(res.body(), res.headers(), "WMS_GetPrint_postgres_print2")
+
+        # Test attribute table with rule
+        self._accesscontrol.active['authorizedLayerAttributes'] = True
+
+        req = QgsBufferServerRequest('http://my_server/' + qs.replace('print1', 'print2'))
+        res = QgsBufferServerResponse()
+        self._server.handleRequest(req, res, self.test_project)
+        self.assertEqual(res.statusCode(), 200)
+
+        self._img_diff_error(res.body(), res.headers(), "WMS_GetPrint_postgres_print2_filtered")
+
+        # Re-Test attribute table (template print2) with no rule
+        self._accesscontrol.active['authorizedLayerAttributes'] = False
+
+        req = QgsBufferServerRequest('http://my_server/' + qs.replace('print1', 'print2'))
+        res = QgsBufferServerResponse()
+        self._server.handleRequest(req, res, self.test_project)
+        self.assertEqual(res.statusCode(), 200)
+
+        self._img_diff_error(res.body(), res.headers(), "WMS_GetPrint_postgres_print2")
+
+        # Test with layer permissions
+        self._accesscontrol.active['layerPermissions'] = True
+        req = QgsBufferServerRequest('http://my_server/' + qs.replace('print1', 'print2'))
+        res = QgsBufferServerResponse()
+        self._server.handleRequest(req, res, self.test_project)
+        self.assertEqual(res.statusCode(), 403)
+
+        # Test with subset string
+        self._accesscontrol.active['layerPermissions'] = False
+        self._accesscontrol.active['layerFilterSubsetString'] = True
+        req = QgsBufferServerRequest('http://my_server/' + qs.replace('print1', 'print2'))
+        res = QgsBufferServerResponse()
+        self._server.handleRequest(req, res, self.test_project)
+        self.assertEqual(res.statusCode(), 200)
+
+        self._img_diff_error(res.body(), res.headers(), "WMS_GetPrint_postgres_print2_subset")
+
+        # Test with filter expression
+        self._accesscontrol.active['layerFilterExpression'] = True
+        self._accesscontrol.active['layerFilterSubsetString'] = False
+        req = QgsBufferServerRequest('http://my_server/' + qs.replace('print1', 'print2'))
+        res = QgsBufferServerResponse()
+        self._server.handleRequest(req, res, self.test_project)
+        self.assertEqual(res.statusCode(), 200)
+
+        self._img_diff_error(res.body(), res.headers(), "WMS_GetPrint_postgres_print2_subset")
+
+        # Test attribute table with attribute filter
+        self._accesscontrol.active['layerFilterExpression'] = False
+        self._accesscontrol.active['authorizedLayerAttributes'] = True
+
+        req = QgsBufferServerRequest('http://my_server/' + qs.replace('print1', 'print2'))
+        res = QgsBufferServerResponse()
+        self._server.handleRequest(req, res, self.test_project)
+        self.assertEqual(res.statusCode(), 200)
+
+        self._img_diff_error(res.body(), res.headers(), "WMS_GetPrint_postgres_print2_filtered")
+
+        # Clear constraints
+        self._clear_constraints()
+        _check_red()
+
+        req = QgsBufferServerRequest('http://my_server/' + qs.replace('print1', 'print2'))
+        res = QgsBufferServerResponse()
+        self._server.handleRequest(req, res, self.test_project)
+        self.assertEqual(res.statusCode(), 200)
+
+        self._img_diff_error(res.body(), res.headers(), "WMS_GetPrint_postgres_print2")
+
+    def test_atlas(self):
+        """Test atlas"""
+
+        qs = "?" + "&".join(["%s=%s" % i for i in list({
+            'SERVICE': "WMS",
+            'VERSION': "1.3.0",
+            'REQUEST': "GetPrint",
+            'CRS': 'EPSG:4326',
+            'FORMAT': 'png',
+            'LAYERS': 'multiple_pks',
+            'DPI': 72,
+            'TEMPLATE': "print1",
+        }.items())])
+
+        req = QgsBufferServerRequest('http://my_server/' + qs + '&ATLAS_PK=1,2')
+        res = QgsBufferServerResponse()
+
+        self._server.handleRequest(req, res, self.test_project)
+        self.assertEqual(res.statusCode(), 200)
+
+        result_path = os.path.join(self.temp_dir.path(), 'atlas_1_2.png')
+        with open(result_path, 'wb+') as f:
+            f.write(res.body())
+
+        # A full red image is expected
+        image = QImage(result_path)
+        self.assertFalse(image.isGrayscale())
+        color = image.pixelColor(100, 100)
+        self.assertEqual(color.red(), 255)
+        self.assertEqual(color.green(), 0)
+        self.assertEqual(color.blue(), 0)
+
+        # Forbid 1-1
+        self._accesscontrol.active['layerFilterSubsetString'] = True
+        self._check_exception(qs + '&ATLAS_PK=1,2', "Atlas error: empty atlas.")
+
+        self._accesscontrol.active['layerFilterSubsetString'] = False
+        self._accesscontrol.active['layerFilterExpression'] = True
+        self._check_exception(qs + '&ATLAS_PK=1,2', "Atlas error: empty atlas.")
+
+        # Remove all constraints
+        self._clear_constraints()
+        req = QgsBufferServerRequest('http://my_server/' + qs + '&ATLAS_PK=1,2')
+        res = QgsBufferServerResponse()
+
+        self._server.handleRequest(req, res, self.test_project)
+        self.assertEqual(res.statusCode(), 200)
+
+        result_path = os.path.join(self.temp_dir.path(), 'atlas_1_2.png')
+        with open(result_path, 'wb+') as f:
+            f.write(res.body())
+
+        # A full red image is expected
+        image = QImage(result_path)
+        self.assertFalse(image.isGrayscale())
+        color = image.pixelColor(100, 100)
+        self.assertEqual(color.red(), 255)
+        self.assertEqual(color.green(), 0)
+        self.assertEqual(color.blue(), 0)
+
+
+if __name__ == '__main__':
+    unittest.main()
Original file line number	Diff line number	Diff line change
`@@ -64,7 +64,7 @@ void QgsAccessControl::filterFeatures( const QgsVectorLayer *layer, QgsFeatureRe`
`64`	`64`
`65`	`65`	`QString expression;`
`66`	`66`
`67`		`- if ( mResolved && mFilterFeaturesExpressions.keys().contains( layer->id() ) )`
	`67`	`+ if ( mResolved && mFilterFeaturesExpressions.contains( layer->id() ) )`
`68`	`68`	`{`
`69`	`69`	`expression = mFilterFeaturesExpressions[layer->id()];`
`70`	`70`	`}`
Original file line number	Diff line number	Diff line change
`@@ -29,6 +29,12 @@ void QgsFeatureFilter::filterFeatures( const QgsVectorLayer *layer, QgsFeatureRe`
`29`	`29`	`}`
`30`	`30`	`}`
`31`	`31`
	`32`	`+QStringList QgsFeatureFilter::layerAttributes( const QgsVectorLayer *, const QStringList &attributes ) const`
	`33`	`+{`
	`34`	`+ // Do nothing`
	`35`	`+ return attributes;`
	`36`	`+}`
	`37`	`+`
`32`	`38`	`QgsFeatureFilterProvider *QgsFeatureFilter::clone() const`
`33`	`39`	`{`
`34`	`40`	`auto result = new QgsFeatureFilter();`
Original file line number	Diff line number	Diff line change
`@@ -20,7 +20,6 @@`
`20`	`20`
`21`	`21`	`void QgsFeatureFilterProviderGroup::filterFeatures( const QgsVectorLayer *layer, QgsFeatureRequest &filterFeatures ) const`
`22`	`22`	`{`
`23`		`- filterFeatures.disableFilter();`
`24`	`23`	`for ( const QgsFeatureFilterProvider *provider : mProviders )`
`25`	`24`	`{`
`26`	`25`	`QgsFeatureRequest temp;`
`@@ -32,6 +31,17 @@ void QgsFeatureFilterProviderGroup::filterFeatures( const QgsVectorLayer *layer,`
`32`	`31`	`}`
`33`	`32`	`}`
`34`	`33`
	`34`	`+QStringList QgsFeatureFilterProviderGroup::layerAttributes( const QgsVectorLayer *layer, const QStringList &attributes ) const`
	`35`	`+{`
	`36`	`+ QStringList allowedAttributes { attributes };`
	`37`	`+ for ( const QgsFeatureFilterProvider *provider : mProviders )`
	`38`	`+ {`
	`39`	`+ QgsFeatureRequest temp;`
	`40`	`+ allowedAttributes = provider->layerAttributes( layer, allowedAttributes );`
	`41`	`+ }`
	`42`	`+ return allowedAttributes;`
	`43`	`+}`
	`44`	`+`
`35`	`45`	`QgsFeatureFilterProvider *QgsFeatureFilterProviderGroup::clone() const`
`36`	`46`	`{`
`37`	`47`	`auto result = new QgsFeatureFilterProviderGroup();`
Original file line number	Diff line number	Diff line change
`@@ -182,7 +182,7 @@ qreal QgsWmsRenderContext::dotsPerMm() const`
`182`	`182`	`return dpm / 1000.0;`
`183`	`183`	`}`
`184`	`184`
`185`		`-QStringList QgsWmsRenderContext::flattenedQueryLayers() const`
	`185`	`+QStringList QgsWmsRenderContext::flattenedQueryLayers( const QStringList &layerNames ) const`
`186`	`186`	`{`
`187`	`187`	`QStringList result;`
`188`	`188`	`std::function <QStringList( const QString &name )> findLeaves = [ & ]( const QString & name ) -> QStringList`
`@@ -211,8 +211,8 @@ QStringList QgsWmsRenderContext::flattenedQueryLayers() const`
`211`	`211`	`}`
`212`	`212`	`return _result;`
`213`	`213`	`};`
`214`		`- const auto constNicks { mParameters.queryLayersNickname() };`
`215`		`- for ( const auto &name : constNicks )`
	`214`	`+`
	`215`	`+ for ( const auto &name : qgis::as_const( layerNames ) )`
`216`	`216`	`{`
`217`	`217`	`result.append( findLeaves( name ) );`
`218`	`218`	`}`
`@@ -429,7 +429,21 @@ void QgsWmsRenderContext::searchLayersToRender()`
`429`	`429`
`430`	`430`	`if ( mFlags & AddQueryLayers )`
`431`	`431`	`{`
`432`		`- const QStringList queryLayerNames { flattenedQueryLayers() };`
	`432`	`+ const QStringList queryLayerNames = flattenedQueryLayers( mParameters.queryLayersNickname() );`
	`433`	`+ for ( const QString &layerName : queryLayerNames )`
	`434`	`+ {`
	`435`	`+ const QList<QgsMapLayer *> layers = mNicknameLayers.values( layerName );`
	`436`	`+ for ( QgsMapLayer *lyr : layers )`
	`437`	`+ if ( !mLayersToRender.contains( lyr ) )`
	`438`	`+ {`
	`439`	`+ mLayersToRender.append( lyr );`
	`440`	`+ }`
	`441`	`+ }`
	`442`	`+ }`
	`443`	`+`
	`444`	`+ if ( mFlags & AddAllLayers )`
	`445`	`+ {`
	`446`	`+ const QStringList queryLayerNames = flattenedQueryLayers( mParameters.allLayersNickname() );`
`433`	`447`	`for ( const QString &layerName : queryLayerNames )`
`434`	`448`	`{`
`435`	`449`	`const QList<QgsMapLayer *> layers = mNicknameLayers.values( layerName );`
Original file line number	Diff line number	Diff line change
`@@ -394,7 +394,7 @@ namespace QgsWms`
`394`	`394`	`{`
`395`	`395`	`filterString.append( " AND " );`
`396`	`396`	`}`
`397`		`- filterString.append( QString( "\"%1\" = %2" ).arg( pkAttributeNames.at( j ) ).arg( atlasPk.at( currentAtlasPk ) ) );`
	`397`	`+ filterString.append( QString( "\"%1\" = %2" ).arg( pkAttributeNames.at( j ), atlasPk.at( currentAtlasPk ) ) );`
`398`	`398`	`++currentAtlasPk;`
`399`	`399`	`}`
`400`	`400`
`@@ -427,6 +427,14 @@ namespace QgsWms`
`427`	`427`	`// configure layout`
`428`	`428`	`configurePrintLayout( layout.get(), mapSettings, atlas );`
`429`	`429`
	`430`	`+#ifdef HAVE_SERVER_PYTHON_PLUGINS`
	`431`	`+ QgsFeatureFilterProviderGroup filters;`
	`432`	`+ mContext.accessControl()->resolveFilterFeatures( mapSettings.layers() );`
	`433`	`+ filters.addProvider( mContext.accessControl() );`
	`434`	`+ QgsLayoutRenderContext &layoutRendererContext = layout->renderContext();`
	`435`	`+ layoutRendererContext.setFeatureFilterProvider( &filters );`
	`436`	`+#endif`
	`437`	`+`
`430`	`438`	`// Get the temporary output file`
`431`	`439`	`const QgsWmsParameters::Format format = mWmsParameters.format();`
`432`	`440`	`const QString extension = QgsWmsParameters::formatAsString( format ).toLower();`
`@@ -479,7 +487,7 @@ namespace QgsWms`
`479`	`487`	`{`
`480`	`488`	`bool ok;`
`481`	`489`	`double _dpi = mWmsParameters.dpi().toDouble( &ok );`
`482`		`- if ( ! ok )`
	`490`	`+ if ( ok )`
`483`	`491`	`dpi = _dpi;`
`484`	`492`	`}`
`485`	`493`	`exportSettings.dpi = dpi;`
`@@ -501,6 +509,10 @@ namespace QgsWms`
`501`	`509`	`QgsLayoutExporter atlasPngExport( atlas->layout() );`
`502`	`510`	`atlasPngExport.exportToImage( tempOutputFile.fileName(), exportSettings );`
`503`	`511`	`}`
	`512`	`+ else`
	`513`	`+ {`
	`514`	`+ throw QgsServiceException( QStringLiteral( "Bad request" ), QStringLiteral( "Atlas error: empty atlas." ), QString(), 400 );`
	`515`	`+ }`
`504`	`516`	`}`
`505`	`517`	`else`
`506`	`518`	`{`
`@@ -556,6 +568,7 @@ namespace QgsWms`
`556`	`568`
`557`	`569`	`bool QgsRenderer::configurePrintLayout( QgsPrintLayout *c, const QgsMapSettings &mapSettings, bool atlasPrint )`
`558`	`570`	`{`
	`571`	`+`
`559`	`572`	`c->renderContext().setSelectionColor( mapSettings.selectionColor() );`
`560`	`573`	`// Maps are configured first`
`561`	`574`	`QList<QgsLayoutItemMap *> maps;`
`@@ -1174,7 +1187,7 @@ namespace QgsWms`
`1174`	`1187`	`QDomDocument QgsRenderer::featureInfoDocument( QList<QgsMapLayer *> &layers, const QgsMapSettings &mapSettings,`
`1175`	`1188`	`const QImage *outputImage, const QString &version ) const`
`1176`	`1189`	`{`
`1177`		`- const QStringList queryLayers = mContext.flattenedQueryLayers( );`
	`1190`	`+ const QStringList queryLayers = mContext.flattenedQueryLayers( mContext.parameters().queryLayersNickname() );`
`1178`	`1191`
`1179`	`1192`	`bool ijDefined = ( !mWmsParameters.i().isEmpty() && !mWmsParameters.j().isEmpty() );`
`1180`	`1193`
`@@ -3246,7 +3259,7 @@ namespace QgsWms`
`3246`	`3259`	`if ( !( *mapIt )->renderingErrors().isEmpty() )`
`3247`	`3260`	`{`
`3248`	`3261`	`const QgsMapRendererJob::Error e = ( *mapIt )->renderingErrors().at( 0 );`
`3249`		`- throw QgsException( QStringLiteral( "Rendering error : '%1' in layer %2" ).arg( e.message ).arg( e.layerID ) );`
	`3262`	`+ throw QgsException( QStringLiteral( "Rendering error : '%1' in layer %2" ).arg( e.message, e.layerID ) );`
`3250`	`3263`	`}`
`3251`	`3264`	`}`
`3252`	`3265`	`}`