[GeoNode-users] GeoNodish way to restrict download
Paolo Corti
pcorti at gmail.com
Wed Feb 25 00:52:47 PST 2015
Hi
I was sure to have filed a ticket but cannot find it anymore,
therefore I will add it later.
The fact here is that GeoNode will correctly prevent the user to
download a layer if he has not the permission to download it only by
not showing the download button.
Unluckily an astute user will still be able to download the datasets if
he can figure out the GeoServer WFS link.
This was not possible to fix also in the GeoServer side because of the
way the GeoServer security plugin is actually conceived.
One possible solutions would be to proxy any WFS request and make the
permissions check, as we did for the REST API call modifying styles,
but would need to be implemented. Some months ago I created a branch
with a very row and prototypal implementation of this:
https://github.com/capooti/geonode/commit/b4b232293d748fbe33ae436962dc8c9f1c289d50
If to have this discrepancy is a big concern, you could consider to
disable the GeoServer WFS. Unluckily the WFS services will be disabled
for all of the layers, making impossible the download for all of the
layers, but also some other features like editing (and maybe identify?
I cannot remember if it relies on WMS or WFS GetFeatureInfo). So it
depends on situation if this could be considered acceptable.
During the sprint we have been talking with Alessio Fabiani to figure
out a way to integrate GeoFence in GeoNode (for GeoNode 2.4++ only).
Using GeoFence we will have a wider set of permissions, including
effectively disable download for a specific layer, restrict a layer on
a specific extent, disabling some of the layer attributes for a
specific user/group.
This sounds very exciting but we will have all to bear until the time
this stuff is implemented.
Please consider also this similar issue, related to metadata editing:
https://github.com/GeoNode/geonode/issues/1726
If I understand correctly here, this can be critical for GeoNetwork,
while for pycsw only if enabling transactions that by default are
disabled
p
On Tue, Feb 24, 2015 at 6:11 AM, Erick Omwandho Opiyo
<e.omwandho at gmail.com> wrote:
> Check under topic for layers - setting layers permission.
>
> On Tue, Feb 24, 2015 at 8:10 AM, Erick Omwandho Opiyo <e.omwandho at gmail.com>
> wrote:
>>
>> Hi Steve,
>>
>> I think the issue has been implemented in the newer version of Geonode
>> version 2.4b18. When you upload a new layer you have the option for only
>> viewing or download check documentation at
>> https://geonode.readthedocs.org/en/master/reference/security.html?highlight=security.
>>
>> Erick
>>
>>
>>
>> On Tue, Feb 24, 2015 at 2:32 AM, Stephen Mather
>> <stephen at smathermather.com> wrote:
>>>
>>> Hi All,
>>>
>>> What's the best way to allow for viewing, clicking for more info, but not
>>> allow download of raw data (csv, shapefile, geojson, etc.)?
>>>
>>> Thanks,
>>> Best,
>>> Steve
>>>
>>> _______________________________________________
>>> geonode-users mailing list
>>> geonode-users at lists.osgeo.org
>>> http://lists.osgeo.org/cgi-bin/mailman/listinfo/geonode-users
>>>
>>
>>
>>
>> --
>> Kind Regards,
>>
>> Erick Omwandho Opiyo
>>
>> Cell: 0724590982
>> Blog: http://eomwandho.wordpress.com
>
>
>
>
> --
> Kind Regards,
>
> Erick Omwandho Opiyo
>
> Cell: 0724590982
> Blog: http://eomwandho.wordpress.com
>
> _______________________________________________
> geonode-users mailing list
> geonode-users at lists.osgeo.org
> http://lists.osgeo.org/cgi-bin/mailman/listinfo/geonode-users
>
--
Paolo Corti
Geospatial software developer
web: http://www.paolocorti.net
twitter: @capooti
skype: capooti
More information about the geonode-users
mailing list