[GeoNode-users] GeoNodish way to restrict download

Stephen Mather stephen at smathermather.com
Wed Feb 25 12:10:41 PST 2015 

Thanks Ariel,

I look forward to following.

Best,
Steve



On Wed, Feb 25, 2015 at 11:57 AM, Ariel Nunez <ingenieroariel at gmail.com>
wrote:

> Moving to GeoFence to replace the current auth system is something that
> can move at it's own pace. We discussed this option during the past code
> sprint (a full recap is due, will get to that soon and post here) and there
> was interest from the group.
>
> I would say the next step is to draft a GNIP, vote on it and use that as a
> tool for organizations to either implement it or contract it out.
>
> -a
>
> On Wed, Feb 25, 2015 at 11:30 AM, Stephen Mather <
> stephen at smathermather.com> wrote:
>
>> Sounds like this is going some very interesting places. Integration of
>> GeoFence would be epic. Is this something that would be implemented faster
>> with funding, or something which has other dependencies or competing
>> priorities?
>>
>> Regarding disabling WFS, the consequences of that (which we have observed
>> so far) is editing styles breaks, but otherwise this is an acceptable
>> compromise if we run a dedicated server for these datasets. I think
>> GetFeatureInfo still works. As I understand it, while it is technically a
>> WFS style request, it is implemented and controlled on the WMS side of the
>> house.
>>
>> Thanks,
>> Best,
>> Steve
>>
>>
>>
>>
>>
>> On Wed, Feb 25, 2015 at 3:52 AM, Paolo Corti <pcorti at gmail.com> wrote:
>>
>>> Hi
>>>
>>> I was sure to have filed a ticket but cannot find it anymore,
>>> therefore I will add it later.
>>>
>>> The fact here is that GeoNode will correctly prevent the user to
>>> download a layer if he has not the permission to download it only by
>>> not showing the download button.
>>> Unluckily an astute user will still be able to download the datasets if
>>> he can figure out the GeoServer WFS link.
>>> This was not possible to fix also in the GeoServer side because of the
>>> way the GeoServer security plugin is actually conceived.
>>> One possible solutions would be to proxy any WFS request and make the
>>> permissions check, as we did for the REST API call modifying styles,
>>> but would need to be implemented. Some months ago I created a branch
>>> with a very row and prototypal implementation of this:
>>>
>>> https://github.com/capooti/geonode/commit/b4b232293d748fbe33ae436962dc8c9f1c289d50
>>>
>>> If to have this discrepancy is a big concern, you could consider to
>>> disable the GeoServer WFS. Unluckily the WFS services will be disabled
>>> for all of the layers, making impossible the download for all of the
>>> layers, but also some other features like editing (and maybe identify?
>>> I cannot remember if it relies on WMS or WFS GetFeatureInfo). So it
>>> depends on situation if this could be considered acceptable.
>>>
>>> During the sprint we have been talking with Alessio Fabiani to figure
>>> out a way to integrate GeoFence in GeoNode (for GeoNode 2.4++ only).
>>> Using GeoFence we will have a wider set of permissions, including
>>> effectively disable download for a specific layer, restrict a layer on
>>> a specific extent, disabling some of the layer attributes for a
>>> specific user/group.
>>> This sounds very exciting but we will have all to bear until the time
>>> this stuff is implemented.
>>>
>>> Please consider also this similar issue, related to metadata editing:
>>> https://github.com/GeoNode/geonode/issues/1726
>>> If I understand correctly here, this can be critical for GeoNetwork,
>>> while for pycsw only if enabling transactions that by default are
>>> disabled
>>>
>>> p
>>>
>>> On Tue, Feb 24, 2015 at 6:11 AM, Erick Omwandho Opiyo
>>> <e.omwandho at gmail.com> wrote:
>>> > Check under topic for layers - setting layers permission.
>>> >
>>> > On Tue, Feb 24, 2015 at 8:10 AM, Erick Omwandho Opiyo <
>>> e.omwandho at gmail.com>
>>> > wrote:
>>> >>
>>> >> Hi Steve,
>>> >>
>>> >> I think the issue has been implemented in the newer version of Geonode
>>> >> version 2.4b18. When you upload a new layer you have the option for
>>> only
>>> >> viewing or download check documentation at
>>> >>
>>> https://geonode.readthedocs.org/en/master/reference/security.html?highlight=security
>>> .
>>> >>
>>> >> Erick
>>> >>
>>> >>
>>> >>
>>> >> On Tue, Feb 24, 2015 at 2:32 AM, Stephen Mather
>>> >> <stephen at smathermather.com> wrote:
>>> >>>
>>> >>> Hi All,
>>> >>>
>>> >>> What's the best way to allow for viewing, clicking for more info,
>>> but not
>>> >>> allow download of raw data (csv, shapefile, geojson, etc.)?
>>> >>>
>>> >>> Thanks,
>>> >>> Best,
>>> >>> Steve
>>> >>>
>>> >>> _______________________________________________
>>> >>> geonode-users mailing list
>>> >>> geonode-users at lists.osgeo.org
>>> >>> http://lists.osgeo.org/cgi-bin/mailman/listinfo/geonode-users
>>> >>>
>>> >>
>>> >>
>>> >>
>>> >> --
>>> >> Kind Regards,
>>> >>
>>> >> Erick Omwandho Opiyo
>>> >>
>>> >> Cell:               0724590982
>>> >> Blog:              http://eomwandho.wordpress.com
>>> >
>>> >
>>> >
>>> >
>>> > --
>>> > Kind Regards,
>>> >
>>> > Erick Omwandho Opiyo
>>> >
>>> > Cell:               0724590982
>>> > Blog:              http://eomwandho.wordpress.com
>>> >
>>> > _______________________________________________
>>> > geonode-users mailing list
>>> > geonode-users at lists.osgeo.org
>>> > http://lists.osgeo.org/cgi-bin/mailman/listinfo/geonode-users
>>> >
>>>
>>>
>>>
>>> --
>>> Paolo Corti
>>> Geospatial software developer
>>> web: http://www.paolocorti.net
>>> twitter: @capooti
>>> skype: capooti
>>>
>>
>>
>> _______________________________________________
>> geonode-users mailing list
>> geonode-users at lists.osgeo.org
>> http://lists.osgeo.org/cgi-bin/mailman/listinfo/geonode-users
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/geonode-users/attachments/20150225/d4561e33/attachment.html>

More information about the geonode-users mailing list