[GeoNode-users] GeoNodish way to restrict download

Stephen Mather stephen at smathermather.com
Wed Feb 25 08:30:22 PST 2015


Sounds like this is going some very interesting places. Integration of
GeoFence would be epic. Is this something that would be implemented faster
with funding, or something which has other dependencies or competing
priorities?

Regarding disabling WFS, the consequences of that (which we have observed
so far) is editing styles breaks, but otherwise this is an acceptable
compromise if we run a dedicated server for these datasets. I think
GetFeatureInfo still works. As I understand it, while it is technically a
WFS style request, it is implemented and controlled on the WMS side of the
house.

Thanks,
Best,
Steve





On Wed, Feb 25, 2015 at 3:52 AM, Paolo Corti <pcorti at gmail.com> wrote:

> Hi
>
> I was sure to have filed a ticket but cannot find it anymore,
> therefore I will add it later.
>
> The fact here is that GeoNode will correctly prevent the user to
> download a layer if he has not the permission to download it only by
> not showing the download button.
> Unluckily an astute user will still be able to download the datasets if
> he can figure out the GeoServer WFS link.
> This was not possible to fix also in the GeoServer side because of the
> way the GeoServer security plugin is actually conceived.
> One possible solutions would be to proxy any WFS request and make the
> permissions check, as we did for the REST API call modifying styles,
> but would need to be implemented. Some months ago I created a branch
> with a very row and prototypal implementation of this:
>
> https://github.com/capooti/geonode/commit/b4b232293d748fbe33ae436962dc8c9f1c289d50
>
> If to have this discrepancy is a big concern, you could consider to
> disable the GeoServer WFS. Unluckily the WFS services will be disabled
> for all of the layers, making impossible the download for all of the
> layers, but also some other features like editing (and maybe identify?
> I cannot remember if it relies on WMS or WFS GetFeatureInfo). So it
> depends on situation if this could be considered acceptable.
>
> During the sprint we have been talking with Alessio Fabiani to figure
> out a way to integrate GeoFence in GeoNode (for GeoNode 2.4++ only).
> Using GeoFence we will have a wider set of permissions, including
> effectively disable download for a specific layer, restrict a layer on
> a specific extent, disabling some of the layer attributes for a
> specific user/group.
> This sounds very exciting but we will have all to bear until the time
> this stuff is implemented.
>
> Please consider also this similar issue, related to metadata editing:
> https://github.com/GeoNode/geonode/issues/1726
> If I understand correctly here, this can be critical for GeoNetwork,
> while for pycsw only if enabling transactions that by default are
> disabled
>
> p
>
> On Tue, Feb 24, 2015 at 6:11 AM, Erick Omwandho Opiyo
> <e.omwandho at gmail.com> wrote:
> > Check under topic for layers - setting layers permission.
> >
> > On Tue, Feb 24, 2015 at 8:10 AM, Erick Omwandho Opiyo <
> e.omwandho at gmail.com>
> > wrote:
> >>
> >> Hi Steve,
> >>
> >> I think the issue has been implemented in the newer version of Geonode
> >> version 2.4b18. When you upload a new layer you have the option for only
> >> viewing or download check documentation at
> >>
> https://geonode.readthedocs.org/en/master/reference/security.html?highlight=security
> .
> >>
> >> Erick
> >>
> >>
> >>
> >> On Tue, Feb 24, 2015 at 2:32 AM, Stephen Mather
> >> <stephen at smathermather.com> wrote:
> >>>
> >>> Hi All,
> >>>
> >>> What's the best way to allow for viewing, clicking for more info, but
> not
> >>> allow download of raw data (csv, shapefile, geojson, etc.)?
> >>>
> >>> Thanks,
> >>> Best,
> >>> Steve
> >>>
> >>> _______________________________________________
> >>> geonode-users mailing list
> >>> geonode-users at lists.osgeo.org
> >>> http://lists.osgeo.org/cgi-bin/mailman/listinfo/geonode-users
> >>>
> >>
> >>
> >>
> >> --
> >> Kind Regards,
> >>
> >> Erick Omwandho Opiyo
> >>
> >> Cell:               0724590982
> >> Blog:              http://eomwandho.wordpress.com
> >
> >
> >
> >
> > --
> > Kind Regards,
> >
> > Erick Omwandho Opiyo
> >
> > Cell:               0724590982
> > Blog:              http://eomwandho.wordpress.com
> >
> > _______________________________________________
> > geonode-users mailing list
> > geonode-users at lists.osgeo.org
> > http://lists.osgeo.org/cgi-bin/mailman/listinfo/geonode-users
> >
>
>
>
> --
> Paolo Corti
> Geospatial software developer
> web: http://www.paolocorti.net
> twitter: @capooti
> skype: capooti
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/geonode-users/attachments/20150225/51f53ed9/attachment-0001.html>


More information about the geonode-users mailing list