[GeoNode-devel] Question about GeoNdoe Layer "view" and "download" permissions

Alessio Fabiani alessio.fabiani at geo-solutions.it
Thu Nov 3 07:54:06 PDT 2016 

Please take a look and comment the following GNIP

https://github.com/GeoNode/geonode/issues/2696


Best Regards,
Alessio Fabiani.

==
GeoServer Professional Services from the experts!
Visit http://goo.gl/it488V for more information.
==

Ing. Alessio Fabiani
@alfa7691
Founder/Technical Lead

GeoSolutions S.A.S.
Via di Montramito 3/A
55054  Massarosa (LU)
Italy
phone: +39 0584 962313
fax:     +39 0584 1660272
mob:   +39 331 6233686

http://www.geo-solutions.it
http://twitter.com/geosolutions_it

-------------------------------------------------------

*AVVERTENZE AI SENSI DEL D.Lgs. 196/2003*

Le informazioni contenute in questo messaggio di posta elettronica e/o
nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il
loro utilizzo è consentito esclusivamente al destinatario del messaggio,
per le finalità indicate nel messaggio stesso. Qualora riceviate questo
messaggio senza esserne il destinatario, Vi preghiamo cortesemente di
darcene notizia via e-mail e di procedere alla distruzione del messaggio
stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso,
divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od
utilizzarlo per finalità diverse, costituisce comportamento contrario ai
principi dettati dal D.Lgs. 196/2003.



The information in this message and/or attachments, is intended solely for
the attention and use of the named addressee(s) and may be confidential or
proprietary in nature or covered by the provisions of privacy act
(Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection
Code).Any use not in accord with its purpose, any disclosure, reproduction,
copying, distribution, or either dissemination, either whole or partial, is
strictly forbidden except previous formal approval of the named
addressee(s). If you are not the intended recipient, please contact
immediately the sender by telephone, fax or e-mail and delete the
information in this message that has been received in error. The sender
does not give any warranty or accept liability as the content, accuracy or
completeness of sent messages and accepts no responsibility  for changes
made after they were sent or for other risks which arise as a result of
e-mail transmission, viruses, etc.

---------------------------------------------------------------------

On Mon, Oct 24, 2016 at 6:19 PM, Jeffrey Johnson <ortelius at gmail.com> wrote:

> +1 on this proposal. Feels like we should make a GNIP or put it in an
> issue or something so we can refer back to this discussion in the
> future when questions come up.
>
> On Mon, Oct 24, 2016 at 9:16 AM, Alessio Fabiani
> <alessio.fabiani at geo-solutions.it> wrote:
> > Dear all,
> > I did not hear anymore comments on this, but what about the following
> > proposal?
> >
> > We can distinguish between "view services" and "download services". In
> OGC
> > the "view services" are the ones related to mapping, like the WMS, while
> the
> > "download services" are the raw ones, like WFS and WCS. This is also the
> > mapping that INSPIRE does over OGC.
> >
> > What I propose is to:
> >
> > 1. If a user has "view" permissions he can access to maps and portryals,
> > i.e. he can access to the WMS service.
> >
> > 2. If a user has "download" permissions he can access to raw services
> like
> > WFS for vectorial data and WCS for raster data, i.e. he can download
> Layers
> > as Shapefiles or GML2 or GeoTIFFs.
> >
> > The two permissions will be separated.
> >
> > Also the Download Page must be revised. It must have two TABS, one for
> > WMS-like downloads (PNG, JPEG, GIF) and one for W*S-like ones
> (Shapefiles,
> > GML2, GeoTIFF, ...).
> >
> > Hope what wrote is clear enough. Feel free to ask for details and or
> > clarifications.
> >
> > Thoughts?
> >
> >
> > Best Regards,
> > Alessio Fabiani.
> >
> > ==
> > GeoServer Professional Services from the experts!
> > Visit http://goo.gl/it488V for more information.
> > ==
> >
> > Ing. Alessio Fabiani
> > @alfa7691
> > Founder/Technical Lead
> >
> > GeoSolutions S.A.S.
> > Via di Montramito 3/A
> > 55054  Massarosa (LU)
> > Italy
> > phone: +39 0584 962313
> > fax:     +39 0584 1660272
> > mob:   +39 331 6233686
> >
> > http://www.geo-solutions.it
> > http://twitter.com/geosolutions_it
> >
> > -------------------------------------------------------
> >
> > AVVERTENZE AI SENSI DEL D.Lgs. 196/2003
> >
> > Le informazioni contenute in questo messaggio di posta elettronica e/o
> nel/i
> > file/s allegato/i sono da considerarsi strettamente riservate. Il loro
> > utilizzo è consentito esclusivamente al destinatario del messaggio, per
> le
> > finalità indicate nel messaggio stesso. Qualora riceviate questo
> messaggio
> > senza esserne il destinatario, Vi preghiamo cortesemente di darcene
> notizia
> > via e-mail e di procedere alla distruzione del messaggio stesso,
> > cancellandolo dal Vostro sistema. Conservare il messaggio stesso,
> divulgarlo
> > anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo
> per
> > finalità diverse, costituisce comportamento contrario ai principi dettati
> > dal D.Lgs. 196/2003.
> >
> >
> >
> > The information in this message and/or attachments, is intended solely
> for
> > the attention and use of the named addressee(s) and may be confidential
> or
> > proprietary in nature or covered by the provisions of privacy act
> > (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection
> > Code).Any use not in accord with its purpose, any disclosure,
> reproduction,
> > copying, distribution, or either dissemination, either whole or partial,
> is
> > strictly forbidden except previous formal approval of the named
> > addressee(s). If you are not the intended recipient, please contact
> > immediately the sender by telephone, fax or e-mail and delete the
> > information in this message that has been received in error. The sender
> does
> > not give any warranty or accept liability as the content, accuracy or
> > completeness of sent messages and accepts no responsibility  for changes
> > made after they were sent or for other risks which arise as a result of
> > e-mail transmission, viruses, etc.
> >
> > ---------------------------------------------------------------------
> >
> >
> > On Thu, Oct 20, 2016 at 1:29 PM, Simone Dalmasso <
> simone.dalmasso at gmail.com>
> > wrote:
> >>
> >> Ciao Alessio,
> >>
> >> I think it could make sense to enforce such constraint also adding other
> >> permissions like edit_metadata etc. It would require some work on the
> ui so
> >> that the user is aware of what's going on.
> >>
> >> 2016-10-20 13:07 GMT+02:00 Alessio Fabiani
> >> <alessio.fabiani at geo-solutions.it>:
> >>>
> >>> Dear all,
> >>> while working on this GNIP (GNIP: GeoServer A&A Improvements)
> >>>
> >>> https://github.com/GeoNode/geonode/issues/2374
> >>>
> >>> (which by the way has been updated allowing GeoNode and GeoServer to
> rely
> >>> on OAuth2 Protocol and GeoFence)
> >>>
> >>> we are facing an "issue" trying to set layers' access rules accordingly
> >>> to GeoNode permissions.
> >>>
> >>> Long story short, currently GeoNode allows a user to setup two
> different
> >>> kind of Layer access permissions:
> >>>
> >>> 1. View permissions (the Layer can be visualized on map and is listed
> on
> >>> the GeoNode layers list)
> >>>
> >>> 2. Download permissions (the Layer can be downloaded in several
> formats,
> >>> JPEG, PNG, PDF etc...)
> >>>
> >>> While this is correctly handled on GeoNode side, I guess there are some
> >>> discrepancies on how this can be handled on the backend (GeoServer in
> this
> >>> case).
> >>>
> >>> The thing is, if you can download a layer on the backend you
> necessarily
> >>> have also permissions to see it. Unless view and download use different
> >>> protocols (which is not the case) to download a layer a user must have
> >>> permissions to access it.
> >>>
> >>> That means that even if in GeoNode we remove view permissions to a
> layer
> >>> but we leave download ones, the Layer won't be listed in GeoNode but
> it will
> >>> be always accessible from GeoServer.
> >>>
> >>> I'm going to ask here, is it correct to maintain this logic? Should be
> >>> instead put more controls on GeoNode and make view permissions take
> >>> precedence on download ones (if you cannot view it you cannot download
> it
> >>> either)?
> >>>
> >>> Thoughts?
> >>>
> >>> Best Regards,
> >>> Alessio Fabiani.
> >>>
> >>> ==
> >>> GeoServer Professional Services from the experts!
> >>> Visit http://goo.gl/it488V for more information.
> >>> ==
> >>>
> >>> Ing. Alessio Fabiani
> >>> @alfa7691
> >>> Founder/Technical Lead
> >>>
> >>> GeoSolutions S.A.S.
> >>> Via di Montramito 3/A
> >>> 55054  Massarosa (LU)
> >>> Italy
> >>> phone: +39 0584 962313
> >>> fax:     +39 0584 1660272
> >>> mob:   +39 331 6233686
> >>>
> >>> http://www.geo-solutions.it
> >>> http://twitter.com/geosolutions_it
> >>>
> >>> -------------------------------------------------------
> >>>
> >>> AVVERTENZE AI SENSI DEL D.Lgs. 196/2003
> >>>
> >>> Le informazioni contenute in questo messaggio di posta elettronica e/o
> >>> nel/i file/s allegato/i sono da considerarsi strettamente riservate.
> Il loro
> >>> utilizzo è consentito esclusivamente al destinatario del messaggio,
> per le
> >>> finalità indicate nel messaggio stesso. Qualora riceviate questo
> messaggio
> >>> senza esserne il destinatario, Vi preghiamo cortesemente di darcene
> notizia
> >>> via e-mail e di procedere alla distruzione del messaggio stesso,
> >>> cancellandolo dal Vostro sistema. Conservare il messaggio stesso,
> divulgarlo
> >>> anche in parte, distribuirlo ad altri soggetti, copiarlo, od
> utilizzarlo per
> >>> finalità diverse, costituisce comportamento contrario ai principi
> dettati
> >>> dal D.Lgs. 196/2003.
> >>>
> >>>
> >>>
> >>> The information in this message and/or attachments, is intended solely
> >>> for the attention and use of the named addressee(s) and may be
> confidential
> >>> or proprietary in nature or covered by the provisions of privacy act
> >>> (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection
> >>> Code).Any use not in accord with its purpose, any disclosure,
> reproduction,
> >>> copying, distribution, or either dissemination, either whole or
> partial, is
> >>> strictly forbidden except previous formal approval of the named
> >>> addressee(s). If you are not the intended recipient, please contact
> >>> immediately the sender by telephone, fax or e-mail and delete the
> >>> information in this message that has been received in error. The
> sender does
> >>> not give any warranty or accept liability as the content, accuracy or
> >>> completeness of sent messages and accepts no responsibility  for
> changes
> >>> made after they were sent or for other risks which arise as a result of
> >>> e-mail transmission, viruses, etc.
> >>>
> >>> ---------------------------------------------------------------------
> >>>
> >>>
> >>> _______________________________________________
> >>> geonode-devel mailing list
> >>> geonode-devel at lists.osgeo.org
> >>> http://lists.osgeo.org/mailman/listinfo/geonode-devel
> >>>
> >>
> >>
> >>
> >> --
> >> Simone
> >
> >
> >
> > _______________________________________________
> > geonode-devel mailing list
> > geonode-devel at lists.osgeo.org
> > http://lists.osgeo.org/mailman/listinfo/geonode-devel
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/geonode-devel/attachments/20161103/92510000/attachment-0001.html>

More information about the geonode-devel mailing list