[GeoNode-users] developpement: Modifying permission behavior and data visibility in Geonode

Paolo Corti pcorti at gmail.com
Tue Jun 9 07:50:01 PDT 2015 

Yes, Ariel is totally right.
Currently we don't have a specific permission for viewing metadata.
This is implicit with the view_resourcebase permission that gives
access to the data and metadata at the same time.
As suggested by Ariel you may consider to add a new django guardian
permission at the resource base model, like it has been done here [1]
and then have your GeoNode instance behaved according to it in views,
templates and javascript.
I don't think there is an easy way to avoid forking GeoNode and
customize the beahviour in your GeoNode project, though it may be not
impossible and this would keep your instance easily updateable with
mainstream code.
Even better, as Ariel suggested, you may though fork it and send a PR
as it could be useful for others as well.
regards
p

[1] https://github.com/GeoNode/geonode/blob/master/geonode/base/models.py#L648


On Tue, Jun 9, 2015 at 4:01 PM, Ariel Nunez <ingenieroariel at gmail.com> wrote:
> Hugo,
>
> Based on what I understand, the best path forward is to have a view_metadata
> permission that you use to enforce the behavior you want. Assigning a new
> meaning to the existing permission may be problematic for other users with
> different needs (for example where metadata is sensitive information).
>
> The place where we want to get to, is to allow uploaders to restrict any
> actions they want, but give the end user buttons to request permissions (to
> view if they cannot view, to download if they can only view, to edit if the
> can only download) to encourage a conversation between uploaders and users
> and provide a workflow to allow access to information when it is needed.
>
> The changes you make would be good candidates for inclusion in the main
> version of GeoNode so others can benefit in the future. Hopefully others
> (Paolo?) can chime in with more specific feedback.
>
> Best,
> Ariel.
>
> On Tue, Jun 9, 2015 at 7:56 AM, FERRARI Hugo <ferrari_hugo at yahoo.fr> wrote:
>>
>> Hello everyone,
>> I have installed a complete geonode instance on a developpement server.
>> I want  to change thebehaviorofthesoftware  to make it fit the need of the
>> institution I work for.
>> So i'm looking for some advices because  I didn't manage to code it yet.
>>
>> My aim to separate metada access from the data access.
>> That  is to make all the layers uploaded in geoserver VISIBLE for all
>> users (logged or not) but only in the layer-list page , not on the
>> layer-detail page .
>> If you click on any specific layer in the layer-list (or document-list
>> because i want the same behavior for both), you get the layer detail so you
>> what will see is:
>>
>> - In the case you have the view_resourcebase permission (who can see it
>> ?), you will see the current template corresponding to layer_detail.html:
>> both access to datas and metadatas.
>> - In the other case if you don't have the view_resourcebase permission,
>> you 'll only have access to metadatas's ressource (that means a template
>> similar to layer_detail.html but Instead of the geoexplorer frame you sould
>> have a "permission denied" message, but the possibility to retrieve
>> metadata).
>>
>> It's quite simple to make all the layers visible in the layer list,
>> whoever is logged in (you just have to modify SKIP_PERMS_FILTERS in
>> settings.py AND read_list function in module api/authorisation.py).
>> but the actual behavior is to catch a 403 http error when trying to view
>> the layer detail.
>> Modifying the 403.html template does not seems to be the good way to
>> process.
>> I don't think it is necessary to modify geonode's database model because
>> the view_ressource permission  is enough, considering that  viewing the
>> ressource is equivalent to having access to the data (even if you can't
>> download it). There's no need to add a new kind of permissions, as far as I
>> can guess.
>> What is prefered is not throwing a 403 error but just the
>> layer_detail.html template modified to get only metadatas.
>>
>> I hope the explanation was clear enough,
>> Thanks for your advices
>> Hugo FERRARI
>>
>> PS
>> Does it correspond to the actual geonode developpement policy ?
>> Datas and metada are strongly linked in this software.
>> Could this functionnality be interresting for any other geonode users?
>>
>>
>>
>> Le 08/06/2015 23:00, geonode-users-request at lists.osgeo.org a écrit :
>>>
>>> Send geonode-users mailing list submissions to
>>>         geonode-users at lists.osgeo.org
>>>
>>> To subscribe or unsubscribe via the World Wide Web, visit
>>>         http://lists.osgeo.org/cgi-bin/mailman/listinfo/geonode-users
>>> or, via email, send a message with subject or body 'help' to
>>>         geonode-users-request at lists.osgeo.org
>>>
>>> You can reach the person managing the list at
>>>         geonode-users-owner at lists.osgeo.org
>>>
>>> When replying, please edit your Subject line so it is more specific
>>> than "Re: Contents of geonode-users digest..."
>>>
>>>
>>> Today's Topics:
>>>
>>>     1. Re: osgeo module install problem (Simone Dalmasso)
>>>     2. Problems to Translate Geonode - Transifex -      Portuguese
>>>        (Brazil) (Davi Custodio)
>>>     3. Re: Problems to Translate Geonode - Transifex - Portuguese
>>>        (Brazil) (Julien Collaer)
>>>
>>>
>>> ----------------------------------------------------------------------
>>>
>>> Message: 1
>>> Date: Sun, 7 Jun 2015 21:40:13 +0200
>>> From: Simone Dalmasso <simone.dalmasso at gmail.com>
>>> To: Vicente <deluca.vicente at gmail.com>
>>> Cc: geonode-users <geonode-users at lists.osgeo.org>
>>> Subject: Re: [GeoNode-users] osgeo module install problem
>>> Message-ID:
>>>
>>> <CAAHAC+cU9GgbBUe-ocH4GJZ1PaXEZDrY5W=ZCsTzSUSx5ymVvA at mail.gmail.com>
>>> Content-Type: text/plain; charset="utf-8"
>>>
>>> Hi, you are missing the gdal python bindings, a "pip install gdal" should
>>> fix it.
>>>
>>> Hope it helps, ciao
>>>
>>> 2015-06-07 17:59 GMT+02:00 Vicente <deluca.vicente at gmail.com>:
>>>
>>>> Good afternoon,
>>>> If I run the following line from my command line, the answer is
>>>> successful
>>>>
>>>> $ sudo apt-get -y install libgdal1h libgdal-dev python-gdal
>>>>
>>>> But if I run from the session virtualenv, the answer is No module named
>>>> osgeo.
>>>>
>>>> I have just added the following session variables in my .bashrc:
>>>> export VIRTUALENVWRAPPER_PYTHON = / usr / bin / python
>>>> export WORKON_HOME = ~ / .venvs
>>>> source /usr/local/bin/virtualenvwrapper.sh
>>>> export PIP_DOWNLOAD_CACHE = $ HOME / .pip-downloads
>>>>
>>>> Both session with virtualenv or outside, the python to run is the same,
>>>> Python 2.7.6 (default, Mar 22 2014, 22:59:56)
>>>>
>>>> The result is that I can not run because there is paver start the osgeo
>>>> module from within the session obviously.
>>>>
>>>> Thanks!
>>>>
>>>> --
>>>>
>>>> [image: MANTA] <http://www.estudiomanta.com/>
>>>>
>>>>
>>>>
>>>> Vicente Deluca
>>>>
>>>> *+54 11 6091 4579 <%2B54%2011%206091%204579>*
>>>>
>>>>
>>>> _______________________________________________
>>>> geonode-users mailing list
>>>> geonode-users at lists.osgeo.org
>>>> http://lists.osgeo.org/cgi-bin/mailman/listinfo/geonode-users
>>>>
>>>>
>>>
>>
>> _______________________________________________
>> geonode-users mailing list
>> geonode-users at lists.osgeo.org
>> http://lists.osgeo.org/cgi-bin/mailman/listinfo/geonode-users
>
>
>
> _______________________________________________
> geonode-users mailing list
> geonode-users at lists.osgeo.org
> http://lists.osgeo.org/cgi-bin/mailman/listinfo/geonode-users
>



-- 
Paolo Corti
Geospatial software developer
web: http://www.paolocorti.net
twitter: @capooti
skype: capooti

More information about the geonode-users mailing list