[GeoNode-users] GeoNodish way to restrict download

Paolo Corti pcorti at gmail.com
Tue Mar 3 03:56:34 PST 2015 

Dear Vivien

it looks like the "Request Download" button has always been there, but
you will need to add the Notification applications in the
INSTALLED_APPS in the main settings file. Currently (by a couple of
months) by default
Notification is not installed as it causes problems when running tests
I believe. Otherwise I would be +1 to enable it by default,
considering that there are several references to it in the vanilla
GeoNode (for example in the main user menu) and it could lead to
misunderstanding.

Remember to sync the database after enabling it. Later I will add a
check to disable the button if the notification application is not
activated.
So if you for example unckeck the "Anyone" option in the "Who can
download" section of the permissions, if accessing the layer with an
unprivileged users you should see that button. Note that anonymous
user will need to authenticate to see the "Request Download" button.
To use it, make sure to have the smtp server correctly configured,
otherwise it will fail.

One side (but important and unexpected!) thing that I have noticed is
that the notification application doesn't send the messages to the
GeoNode inbox (via the geonode-user-messages application), but only by
email. I guess we should integrate them, so please file a ticket and
when I will have some time I will make sure they integrate well.

cheers

p

On Tue, Mar 3, 2015 at 10:03 AM, Paolo Corti <pcorti at gmail.com> wrote:
> Hi Vivien
>
> I was pretty sure to have already added a "Request Download" feature,
> and here it is:
> https://github.com/GeoNode/geonode/commit/c44d5a9d6aca2ced02db2b644fa137e0d1f64170
>
> Not sure why now is not working anymore, I am looking into this.
> I am also experiencing some other regressions with permissions (I believe on
> the javascript side), I am having a look at it.
>
> cheers
> p
>
> On Mon, Mar 2, 2015 at 6:07 PM, Vivien Deparday
> <vivien.deparday at gmail.com> wrote:
>> +1, this has been a recurrent need/ask and I think that combined with a
>> button "Request Download" (like described in [1]) , it will still promote
>> data sharing and open data in the end, rather than having the data being not
>> visible at all.
>> We made a good step towards it with the fine grained permission implemented
>> in GeoNode 2.4 but the limitations of GeoServer prevented to implement it
>> fully within budget and timeframe. It would be great to have a GNIP to be
>> able to determine the scale of the effort and how to move it forward.
>>
>> Best,
>>
>> Vivien
>>
>> [1] https://github.com/GeoNode/geonode/issues/255
>>
>> On Wed, Feb 25, 2015 at 3:10 PM, Stephen Mather <stephen at smathermather.com>
>> wrote:
>>>
>>> Thanks Ariel,
>>>
>>> I look forward to following.
>>>
>>> Best,
>>> Steve
>>>
>>>
>>>
>>> On Wed, Feb 25, 2015 at 11:57 AM, Ariel Nunez <ingenieroariel at gmail.com>
>>> wrote:
>>>>
>>>> Moving to GeoFence to replace the current auth system is something that
>>>> can move at it's own pace. We discussed this option during the past code
>>>> sprint (a full recap is due, will get to that soon and post here) and there
>>>> was interest from the group.
>>>>
>>>> I would say the next step is to draft a GNIP, vote on it and use that as
>>>> a tool for organizations to either implement it or contract it out.
>>>>
>>>> -a
>>>>
>>>> On Wed, Feb 25, 2015 at 11:30 AM, Stephen Mather
>>>> <stephen at smathermather.com> wrote:
>>>>>
>>>>> Sounds like this is going some very interesting places. Integration of
>>>>> GeoFence would be epic. Is this something that would be implemented faster
>>>>> with funding, or something which has other dependencies or competing
>>>>> priorities?
>>>>>
>>>>> Regarding disabling WFS, the consequences of that (which we have
>>>>> observed so far) is editing styles breaks, but otherwise this is an
>>>>> acceptable compromise if we run a dedicated server for these datasets. I
>>>>> think GetFeatureInfo still works. As I understand it, while it is
>>>>> technically a WFS style request, it is implemented and controlled on the WMS
>>>>> side of the house.
>>>>>
>>>>> Thanks,
>>>>> Best,
>>>>> Steve
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> On Wed, Feb 25, 2015 at 3:52 AM, Paolo Corti <pcorti at gmail.com> wrote:
>>>>>>
>>>>>> Hi
>>>>>>
>>>>>> I was sure to have filed a ticket but cannot find it anymore,
>>>>>> therefore I will add it later.
>>>>>>
>>>>>> The fact here is that GeoNode will correctly prevent the user to
>>>>>> download a layer if he has not the permission to download it only by
>>>>>> not showing the download button.
>>>>>> Unluckily an astute user will still be able to download the datasets if
>>>>>> he can figure out the GeoServer WFS link.
>>>>>> This was not possible to fix also in the GeoServer side because of the
>>>>>> way the GeoServer security plugin is actually conceived.
>>>>>> One possible solutions would be to proxy any WFS request and make the
>>>>>> permissions check, as we did for the REST API call modifying styles,
>>>>>> but would need to be implemented. Some months ago I created a branch
>>>>>> with a very row and prototypal implementation of this:
>>>>>>
>>>>>> https://github.com/capooti/geonode/commit/b4b232293d748fbe33ae436962dc8c9f1c289d50
>>>>>>
>>>>>> If to have this discrepancy is a big concern, you could consider to
>>>>>> disable the GeoServer WFS. Unluckily the WFS services will be disabled
>>>>>> for all of the layers, making impossible the download for all of the
>>>>>> layers, but also some other features like editing (and maybe identify?
>>>>>> I cannot remember if it relies on WMS or WFS GetFeatureInfo). So it
>>>>>> depends on situation if this could be considered acceptable.
>>>>>>
>>>>>> During the sprint we have been talking with Alessio Fabiani to figure
>>>>>> out a way to integrate GeoFence in GeoNode (for GeoNode 2.4++ only).
>>>>>> Using GeoFence we will have a wider set of permissions, including
>>>>>> effectively disable download for a specific layer, restrict a layer on
>>>>>> a specific extent, disabling some of the layer attributes for a
>>>>>> specific user/group.
>>>>>> This sounds very exciting but we will have all to bear until the time
>>>>>> this stuff is implemented.
>>>>>>
>>>>>> Please consider also this similar issue, related to metadata editing:
>>>>>> https://github.com/GeoNode/geonode/issues/1726
>>>>>> If I understand correctly here, this can be critical for GeoNetwork,
>>>>>> while for pycsw only if enabling transactions that by default are
>>>>>> disabled
>>>>>>
>>>>>> p
>>>>>>
>>>>>> On Tue, Feb 24, 2015 at 6:11 AM, Erick Omwandho Opiyo
>>>>>> <e.omwandho at gmail.com> wrote:
>>>>>> > Check under topic for layers - setting layers permission.
>>>>>> >
>>>>>> > On Tue, Feb 24, 2015 at 8:10 AM, Erick Omwandho Opiyo
>>>>>> > <e.omwandho at gmail.com>
>>>>>> > wrote:
>>>>>> >>
>>>>>> >> Hi Steve,
>>>>>> >>
>>>>>> >> I think the issue has been implemented in the newer version of
>>>>>> >> Geonode
>>>>>> >> version 2.4b18. When you upload a new layer you have the option for
>>>>>> >> only
>>>>>> >> viewing or download check documentation at
>>>>>> >>
>>>>>> >> https://geonode.readthedocs.org/en/master/reference/security.html?highlight=security.
>>>>>> >>
>>>>>> >> Erick
>>>>>> >>
>>>>>> >>
>>>>>> >>
>>>>>> >> On Tue, Feb 24, 2015 at 2:32 AM, Stephen Mather
>>>>>> >> <stephen at smathermather.com> wrote:
>>>>>> >>>
>>>>>> >>> Hi All,
>>>>>> >>>
>>>>>> >>> What's the best way to allow for viewing, clicking for more info,
>>>>>> >>> but not
>>>>>> >>> allow download of raw data (csv, shapefile, geojson, etc.)?
>>>>>> >>>
>>>>>> >>> Thanks,
>>>>>> >>> Best,
>>>>>> >>> Steve
>>>>>> >>>
>>>>>> >>> _______________________________________________
>>>>>> >>> geonode-users mailing list
>>>>>> >>> geonode-users at lists.osgeo.org
>>>>>> >>> http://lists.osgeo.org/cgi-bin/mailman/listinfo/geonode-users
>>>>>> >>>
>>>>>> >>
>>>>>> >>
>>>>>> >>
>>>>>> >> --
>>>>>> >> Kind Regards,
>>>>>> >>
>>>>>> >> Erick Omwandho Opiyo
>>>>>> >>
>>>>>> >> Cell:               0724590982
>>>>>> >> Blog:              http://eomwandho.wordpress.com
>>>>>> >
>>>>>> >
>>>>>> >
>>>>>> >
>>>>>> > --
>>>>>> > Kind Regards,
>>>>>> >
>>>>>> > Erick Omwandho Opiyo
>>>>>> >
>>>>>> > Cell:               0724590982
>>>>>> > Blog:              http://eomwandho.wordpress.com
>>>>>> >
>>>>>> > _______________________________________________
>>>>>> > geonode-users mailing list
>>>>>> > geonode-users at lists.osgeo.org
>>>>>> > http://lists.osgeo.org/cgi-bin/mailman/listinfo/geonode-users
>>>>>> >
>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Paolo Corti
>>>>>> Geospatial software developer
>>>>>> web: http://www.paolocorti.net
>>>>>> twitter: @capooti
>>>>>> skype: capooti
>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> geonode-users mailing list
>>>>> geonode-users at lists.osgeo.org
>>>>> http://lists.osgeo.org/cgi-bin/mailman/listinfo/geonode-users
>>>>>
>>>>
>>>
>>>
>>> _______________________________________________
>>> geonode-users mailing list
>>> geonode-users at lists.osgeo.org
>>> http://lists.osgeo.org/cgi-bin/mailman/listinfo/geonode-users
>>>
>>
>>
>> _______________________________________________
>> geonode-users mailing list
>> geonode-users at lists.osgeo.org
>> http://lists.osgeo.org/cgi-bin/mailman/listinfo/geonode-users
>>
>
>
>
> --
> Paolo Corti
> Geospatial software developer
> web: http://www.paolocorti.net
> twitter: @capooti
> skype: capooti



-- 
Paolo Corti
Geospatial software developer
web: http://www.paolocorti.net
twitter: @capooti
skype: capooti

More information about the geonode-users mailing list