[GeoNode-users] GeoNodish way to restrict download

Paolo Corti pcorti at gmail.com
Tue Mar 3 01:03:31 PST 2015 

Hi Vivien

I was pretty sure to have already added a "Request Download" feature,
and here it is:
https://github.com/GeoNode/geonode/commit/c44d5a9d6aca2ced02db2b644fa137e0d1f64170

Not sure why now is not working anymore, I am looking into this.
I am also experiencing some other regressions with permissions (I believe on
the javascript side), I am having a look at it.

cheers
p

On Mon, Mar 2, 2015 at 6:07 PM, Vivien Deparday
<vivien.deparday at gmail.com> wrote:
> +1, this has been a recurrent need/ask and I think that combined with a
> button "Request Download" (like described in [1]) , it will still promote
> data sharing and open data in the end, rather than having the data being not
> visible at all.
> We made a good step towards it with the fine grained permission implemented
> in GeoNode 2.4 but the limitations of GeoServer prevented to implement it
> fully within budget and timeframe. It would be great to have a GNIP to be
> able to determine the scale of the effort and how to move it forward.
>
> Best,
>
> Vivien
>
> [1] https://github.com/GeoNode/geonode/issues/255
>
> On Wed, Feb 25, 2015 at 3:10 PM, Stephen Mather <stephen at smathermather.com>
> wrote:
>>
>> Thanks Ariel,
>>
>> I look forward to following.
>>
>> Best,
>> Steve
>>
>>
>>
>> On Wed, Feb 25, 2015 at 11:57 AM, Ariel Nunez <ingenieroariel at gmail.com>
>> wrote:
>>>
>>> Moving to GeoFence to replace the current auth system is something that
>>> can move at it's own pace. We discussed this option during the past code
>>> sprint (a full recap is due, will get to that soon and post here) and there
>>> was interest from the group.
>>>
>>> I would say the next step is to draft a GNIP, vote on it and use that as
>>> a tool for organizations to either implement it or contract it out.
>>>
>>> -a
>>>
>>> On Wed, Feb 25, 2015 at 11:30 AM, Stephen Mather
>>> <stephen at smathermather.com> wrote:
>>>>
>>>> Sounds like this is going some very interesting places. Integration of
>>>> GeoFence would be epic. Is this something that would be implemented faster
>>>> with funding, or something which has other dependencies or competing
>>>> priorities?
>>>>
>>>> Regarding disabling WFS, the consequences of that (which we have
>>>> observed so far) is editing styles breaks, but otherwise this is an
>>>> acceptable compromise if we run a dedicated server for these datasets. I
>>>> think GetFeatureInfo still works. As I understand it, while it is
>>>> technically a WFS style request, it is implemented and controlled on the WMS
>>>> side of the house.
>>>>
>>>> Thanks,
>>>> Best,
>>>> Steve
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> On Wed, Feb 25, 2015 at 3:52 AM, Paolo Corti <pcorti at gmail.com> wrote:
>>>>>
>>>>> Hi
>>>>>
>>>>> I was sure to have filed a ticket but cannot find it anymore,
>>>>> therefore I will add it later.
>>>>>
>>>>> The fact here is that GeoNode will correctly prevent the user to
>>>>> download a layer if he has not the permission to download it only by
>>>>> not showing the download button.
>>>>> Unluckily an astute user will still be able to download the datasets if
>>>>> he can figure out the GeoServer WFS link.
>>>>> This was not possible to fix also in the GeoServer side because of the
>>>>> way the GeoServer security plugin is actually conceived.
>>>>> One possible solutions would be to proxy any WFS request and make the
>>>>> permissions check, as we did for the REST API call modifying styles,
>>>>> but would need to be implemented. Some months ago I created a branch
>>>>> with a very row and prototypal implementation of this:
>>>>>
>>>>> https://github.com/capooti/geonode/commit/b4b232293d748fbe33ae436962dc8c9f1c289d50
>>>>>
>>>>> If to have this discrepancy is a big concern, you could consider to
>>>>> disable the GeoServer WFS. Unluckily the WFS services will be disabled
>>>>> for all of the layers, making impossible the download for all of the
>>>>> layers, but also some other features like editing (and maybe identify?
>>>>> I cannot remember if it relies on WMS or WFS GetFeatureInfo). So it
>>>>> depends on situation if this could be considered acceptable.
>>>>>
>>>>> During the sprint we have been talking with Alessio Fabiani to figure
>>>>> out a way to integrate GeoFence in GeoNode (for GeoNode 2.4++ only).
>>>>> Using GeoFence we will have a wider set of permissions, including
>>>>> effectively disable download for a specific layer, restrict a layer on
>>>>> a specific extent, disabling some of the layer attributes for a
>>>>> specific user/group.
>>>>> This sounds very exciting but we will have all to bear until the time
>>>>> this stuff is implemented.
>>>>>
>>>>> Please consider also this similar issue, related to metadata editing:
>>>>> https://github.com/GeoNode/geonode/issues/1726
>>>>> If I understand correctly here, this can be critical for GeoNetwork,
>>>>> while for pycsw only if enabling transactions that by default are
>>>>> disabled
>>>>>
>>>>> p
>>>>>
>>>>> On Tue, Feb 24, 2015 at 6:11 AM, Erick Omwandho Opiyo
>>>>> <e.omwandho at gmail.com> wrote:
>>>>> > Check under topic for layers - setting layers permission.
>>>>> >
>>>>> > On Tue, Feb 24, 2015 at 8:10 AM, Erick Omwandho Opiyo
>>>>> > <e.omwandho at gmail.com>
>>>>> > wrote:
>>>>> >>
>>>>> >> Hi Steve,
>>>>> >>
>>>>> >> I think the issue has been implemented in the newer version of
>>>>> >> Geonode
>>>>> >> version 2.4b18. When you upload a new layer you have the option for
>>>>> >> only
>>>>> >> viewing or download check documentation at
>>>>> >>
>>>>> >> https://geonode.readthedocs.org/en/master/reference/security.html?highlight=security.
>>>>> >>
>>>>> >> Erick
>>>>> >>
>>>>> >>
>>>>> >>
>>>>> >> On Tue, Feb 24, 2015 at 2:32 AM, Stephen Mather
>>>>> >> <stephen at smathermather.com> wrote:
>>>>> >>>
>>>>> >>> Hi All,
>>>>> >>>
>>>>> >>> What's the best way to allow for viewing, clicking for more info,
>>>>> >>> but not
>>>>> >>> allow download of raw data (csv, shapefile, geojson, etc.)?
>>>>> >>>
>>>>> >>> Thanks,
>>>>> >>> Best,
>>>>> >>> Steve
>>>>> >>>
>>>>> >>> _______________________________________________
>>>>> >>> geonode-users mailing list
>>>>> >>> geonode-users at lists.osgeo.org
>>>>> >>> http://lists.osgeo.org/cgi-bin/mailman/listinfo/geonode-users
>>>>> >>>
>>>>> >>
>>>>> >>
>>>>> >>
>>>>> >> --
>>>>> >> Kind Regards,
>>>>> >>
>>>>> >> Erick Omwandho Opiyo
>>>>> >>
>>>>> >> Cell:               0724590982
>>>>> >> Blog:              http://eomwandho.wordpress.com
>>>>> >
>>>>> >
>>>>> >
>>>>> >
>>>>> > --
>>>>> > Kind Regards,
>>>>> >
>>>>> > Erick Omwandho Opiyo
>>>>> >
>>>>> > Cell:               0724590982
>>>>> > Blog:              http://eomwandho.wordpress.com
>>>>> >
>>>>> > _______________________________________________
>>>>> > geonode-users mailing list
>>>>> > geonode-users at lists.osgeo.org
>>>>> > http://lists.osgeo.org/cgi-bin/mailman/listinfo/geonode-users
>>>>> >
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Paolo Corti
>>>>> Geospatial software developer
>>>>> web: http://www.paolocorti.net
>>>>> twitter: @capooti
>>>>> skype: capooti
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> geonode-users mailing list
>>>> geonode-users at lists.osgeo.org
>>>> http://lists.osgeo.org/cgi-bin/mailman/listinfo/geonode-users
>>>>
>>>
>>
>>
>> _______________________________________________
>> geonode-users mailing list
>> geonode-users at lists.osgeo.org
>> http://lists.osgeo.org/cgi-bin/mailman/listinfo/geonode-users
>>
>
>
> _______________________________________________
> geonode-users mailing list
> geonode-users at lists.osgeo.org
> http://lists.osgeo.org/cgi-bin/mailman/listinfo/geonode-users
>



-- 
Paolo Corti
Geospatial software developer
web: http://www.paolocorti.net
twitter: @capooti
skype: capooti

More information about the geonode-users mailing list