[Fixes #14262] Avoid returning all permissions in dataset owner payload

[sijandh35]

Fixes #14262

Checklist

Reviewing is a process done by project maintainers, mostly on a volunteer basis. We try to keep the overhead as small as possible and appreciate if you help us to do so by completing the following items. Feel free to ask in a comment if you have troubles with any of them.

For all pull requests:

• Confirm you have read the contribution guidelines
• You have sent a Contribution Licence Agreement (CLA) as necessary (not required for small changes, e.g., fixing typos in the documentation)
• Make sure the first PR targets the master branch, eventual backports will be managed later. This can be ignored if the PR is fixing an issue that only happens in a specific branch, but not in newer ones.

The following are required only for core and extension modules (they are welcomed, but not required, for contrib modules):

• There is a ticket in https://github.com/GeoNode/geonode/issues describing the issue/improvement/feature (a notable exemption is, changes not visible to end-users)
• The issue connected to the PR must have Labels and Milestone assigned
• PR for bug fixes and small new features are presented as a single commit
• PR title must be in the form "[Fixes #<issue_number>] Title of the PR"
• New unit tests have been added covering the changes, unless there is an explanation on why the tests are not necessary/implemented

Submitting the PR does not require you to check all items, but by the time it gets merged, they should be either satisfied or inapplicable.

[gemini-code-assist]

Code Review

This pull request modifies geonode/security/registry.py to restrict global permissions to only those explicitly defined in the PERMISSIONS map, removing the fallback for custom permissions. The reviewer identifies a high-severity issue where this change could lead to regressions, as it excludes valid GeoNode-specific and extension-based permissions like add_service or delete_service, potentially disabling UI actions for authorized users. It is recommended to either expand the whitelist or implement a more inclusive filtering mechanism.

[gemini-code-assist]

The removal of the else block restricts global permissions to only those explicitly defined in the PERMISSIONS map (which currently only contains add_resourcebase). This will cause other GeoNode-specific global permissions that do not require mapping, such as add_service, delete_service, or any custom permissions from extensions, to be excluded from the global permissions payload.

While this successfully reduces the payload size by filtering out Django/Guardian internal permissions, it may lead to regressions in the UI where authorized users (including admins) can no longer see buttons or perform actions that depend on these global permissions. Consider using a more inclusive filter (e.g., based on app labels) or expanding the PERMISSIONS whitelist in geonode/security/permissions.py to include all relevant GeoNode global permissions.

[giohappy]

/gemoni A solution could be to add a method to register new permissions inside the list of global permissions handled by the PermissionsRegistry.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 74.92%. Comparing base (91c4ec5) to head (39b5a8c).
⚠️ Report is 10 commits behind head on master.

Additional details and impacted files

@@            Coverage Diff             @@
##           master   #14263      +/-   ##
==========================================
- Coverage   74.92%   74.92%   -0.01%     
==========================================
  Files         975      975              
  Lines       59902    59901       -1     
  Branches     8157     8157              
==========================================
- Hits        44884    44883       -1     
  Misses      13194    13194              
  Partials     1824     1824              

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.