<div dir="ltr">+1</div><div class="gmail_extra"><br><div class="gmail_quote">2015-07-14 16:49 GMT+02:00 Jeffrey Johnson <span dir="ltr"><<a href="mailto:ortelius@gmail.com" target="_blank">ortelius@gmail.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">This seems reasonable to me, but havent tested it. Anyone have any concerns or objections to merging it?</div><div class="gmail_extra"><br><div class="gmail_quote"><div><div class="h5">On Mon, Jul 13, 2015 at 11:13 AM, Daniel Berry <span dir="ltr"><<a href="mailto:dberry@boundlessgeo.com" target="_blank">dberry@boundlessgeo.com</a>></span> wrote:<br></div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div class="h5"><div dir="ltr"><pre style="white-space:pre-wrap;color:rgb(0,0,0)">I would like to propose the pull request be added to the geoserver-geonode-ext master.</pre><pre><font color="#000000"><span style="white-space:pre-wrap"><a href="https://github.com/GeoNode/geoserver-geonode-ext/pull/41" target="_blank">https://github.com/GeoNode/geoserver-geonode-ext/pull/41</a><br></span></font></pre><pre style="white-space:pre-wrap;color:rgb(0,0,0)"><span style="font-family:arial,sans-serif"><br></span></pre><pre style="white-space:pre-wrap;color:rgb(0,0,0)"><span style="font-family:arial,sans-serif">The geonode_authorize_layer.sql does not work correctly for group authentication.</span><br></pre><pre><font color="#000000"><span style="white-space:pre-wrap">
When creating a new group an entry is added to the "auth_group" table with the first row automatically created for the anonymous group

----
auth_group
id [PK] serial, name character varying(80)
1,anonymous
----

The geonode_authorize_layer function creates the group_ids (integer[]) by querying the "groups_groupmember"."group_id" column.

The issue is that the group_id column does not account for the anonymous group. So when GeoServer is running the prepared statement. The result is actually "groups_groupmember"."group_id" -1. A quick fix is just to add 1 to each value in the "group_ids", since the anonymous group will always be the first entry.

I replaced the following in geonode_authorize_layer.sql

SELECT INTO group_ids array_agg("groups_groupmember"."group_id" + 1)
  FROM "groups_groupmember"
  WHERE "groups_groupmember"."user_id" = "user".id;
  
with the following:
 
SELECT INTO group_ids array_agg("groups_groupmember"."group_id" + 1)
  FROM "groups_groupmember"
  WHERE "groups_groupmember"."user_id" = "user".id;<span><font color="#888888"><br></font></span></span></font></pre><span><font color="#888888"><div><br></div>-- <br><div><div dir="ltr"><div><b>Daniel Berry</b></div><div>Professional Services Engineer | Boundless</div><div><a href="mailto:dberry@boundlessgeo.com" target="_blank">dberry<font color="#1155cc">@boundlessgeo.com</font></a></div><div><a href="tel:512-468-3946" value="+15124683946" target="_blank">512-468-3946</a> (cell)</div><div>@boundlessgeo</div><div><br></div><div><img src="http://boundlessgeo.com/wp-content/themes/open-geo/images/logo.png" width="200" height="35"></div></div></div>
</font></span></div>
<br></div></div>_______________________________________________<br>
geonode-devel mailing list<br>
<a href="mailto:geonode-devel@lists.osgeo.org" target="_blank">geonode-devel@lists.osgeo.org</a><br>
<a href="http://lists.osgeo.org/cgi-bin/mailman/listinfo/geonode-devel" rel="noreferrer" target="_blank">http://lists.osgeo.org/cgi-bin/mailman/listinfo/geonode-devel</a><br>
<br></blockquote></div><br></div>
<br>_______________________________________________<br>
geonode-devel mailing list<br>
<a href="mailto:geonode-devel@lists.osgeo.org">geonode-devel@lists.osgeo.org</a><br>
<a href="http://lists.osgeo.org/cgi-bin/mailman/listinfo/geonode-devel" rel="noreferrer" target="_blank">http://lists.osgeo.org/cgi-bin/mailman/listinfo/geonode-devel</a><br>
<br></blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature">Simone </div>
</div>