[GeoNode-users] Problem with GeoFence permissions

Daniel Victoria daniel.victoria at gmail.com
Wed Mar 7 06:22:12 PST 2018 

I've seem that the geonode/security/models.py in the master branch is quite
different from what I got installed using the apt-sources. The file from
the 2.6.x branch also differs from what I've got. Can I pull the
security/models.py from the 2.6.x branch into my APT installation? Or do I
risk messing things up even more?



On Wed, Mar 7, 2018 at 10:55 AM Alessio Fabiani <
alessio.fabiani at geo-solutions.it> wrote:

> Uhm that's strange, from what I see on the code it should be the same that
> updating permissions from the gui.
>
> print 'Synchronizing permissions for layer %s/%s: %s' % (count,
> layers_count, layer.alternate)
> perm_spec = json.loads(_perms_info_json(layer))
> layer.set_permissions(perm_spec)
>
>
> it's possible that the old geofence methods have some bugs. There were a
> lot or fixes since 2.6.3 version there also.
>
>
>
> Regards,
>
> Alessio Fabiani
>
> ==
> GeoServer Professional Services from the experts! Visit
> http://goo.gl/it488V for more information.
> ==
>
> Ing. Alessio Fabiani
>
> @alfa7691
> Founder/Technical Lead
>
>
> GeoSolutions S.A.S.
> Via di Montramito 3/A
> <https://maps.google.com/?q=Via+di+Montramito+3/A+55054+%C2%A0Massarosa&entry=gmail&source=g>
> 55054  Massarosa
> <https://maps.google.com/?q=Via+di+Montramito+3/A+55054+%C2%A0Massarosa&entry=gmail&source=g>
> (LU)
> Italy
> phone: +39 0584 962313 <+39%200584%20962313>
> fax:     +39 0584 1660272 <+39%200584%20166%200272>
> mob:   +39 331 6233686 <+39%20331%20623%203686>
>
> http://www.geo-solutions.it
> http://twitter.com/geosolutions_it
>
> -------------------------------------------------------
>
> AVVERTENZE AI SENSI DEL D.Lgs. 196/2003
>
> Le informazioni contenute in questo messaggio di posta elettronica e/o
> nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il
> loro utilizzo è consentito esclusivamente al destinatario del messaggio,
> per le finalità indicate nel messaggio stesso. Qualora riceviate questo
> messaggio senza esserne il destinatario, Vi preghiamo cortesemente di
> darcene notizia via e-mail e di procedere alla distruzione del messaggio
> stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso,
> divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od
> utilizzarlo per finalità diverse, costituisce comportamento contrario ai
> principi dettati dal D.Lgs. 196/2003.
>
> The information in this message and/or attachments, is intended solely for
> the attention and use of the named addressee(s) and may be confidential or
> proprietary in nature or covered by the provisions of privacy act
> (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection
> Code).Any use not in accord with its purpose, any disclosure, reproduction,
> copying, distribution, or either dissemination, either whole or partial, is
> strictly forbidden except previous formal approval of the named
> addressee(s). If you are not the intended recipient, please contact
> immediately the sender by telephone, fax or e-mail and delete the
> information in this message that has been received in error. The sender
> does not give any warranty or accept liability as the content, accuracy or
> completeness of sent messages and accepts no responsibility  for changes
> made after they were sent or for other risks which arise as a result of
> e-mail transmission, viruses, etc.
>
> 2018-03-07 13:54 GMT+01:00 Daniel Victoria <daniel.victoria at gmail.com>:
>
>> Thanks Alessio,
>>
>> I had substituted "layer.alternate" to "layer.name" and sync_geofence
>> worked with no complains.  I also added a 5 second timeout between each
>> layer processing to try to bypass the problem mentioned by Paolo when
>> adding several rules to GeoFence.
>>
>> However, each time I run sync_geofence I still get a different set of
>> data access rules in GeoFence. And I haven't figured out a pattern of which
>> layers are or not included in the rules.
>>
>> Cheers
>> Daniel
>>
>> On Wed, Mar 7, 2018 at 5:34 AM Alessio Fabiani <
>> alessio.fabiani at geo-solutions.it> wrote:
>>
>>> Dear all,
>>> "alternate" attribute has been introduced on GeoNode 2.7+ with the
>>> update of pycsw.
>>>
>>> In the older versions you must use "typename" instead.
>>>
>>>
>>> Regards,
>>>
>>> Alessio Fabiani
>>>
>>> ==
>>> GeoServer Professional Services from the experts! Visit
>>> http://goo.gl/it488V for more information.
>>> ==
>>>
>>> Ing. Alessio Fabiani
>>>
>>> @alfa7691
>>> Founder/Technical Lead
>>>
>>>
>>> GeoSolutions S.A.S.
>>> Via di Montramito 3/A
>>> <https://maps.google.com/?q=Via+di+Montramito+3/A+55054+%C2%A0Massarosa&entry=gmail&source=g>
>>> 55054  Massarosa
>>> <https://maps.google.com/?q=Via+di+Montramito+3/A+55054+%C2%A0Massarosa&entry=gmail&source=g>
>>> (LU)
>>> Italy
>>> phone: +39 0584 962313 <+39%200584%20962313>
>>> fax:     +39 0584 1660272 <+39%200584%20166%200272>
>>> mob:   +39 331 6233686 <+39%20331%20623%203686>
>>>
>>> http://www.geo-solutions.it
>>> http://twitter.com/geosolutions_it
>>>
>>> -------------------------------------------------------
>>>
>>> AVVERTENZE AI SENSI DEL D.Lgs. 196/2003
>>>
>>> Le informazioni contenute in questo messaggio di posta elettronica e/o
>>> nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il
>>> loro utilizzo è consentito esclusivamente al destinatario del messaggio,
>>> per le finalità indicate nel messaggio stesso. Qualora riceviate questo
>>> messaggio senza esserne il destinatario, Vi preghiamo cortesemente di
>>> darcene notizia via e-mail e di procedere alla distruzione del messaggio
>>> stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso,
>>> divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od
>>> utilizzarlo per finalità diverse, costituisce comportamento contrario ai
>>> principi dettati dal D.Lgs. 196/2003.
>>>
>>> The information in this message and/or attachments, is intended solely
>>> for the attention and use of the named addressee(s) and may be confidential
>>> or proprietary in nature or covered by the provisions of privacy act
>>> (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection
>>> Code).Any use not in accord with its purpose, any disclosure, reproduction,
>>> copying, distribution, or either dissemination, either whole or partial, is
>>> strictly forbidden except previous formal approval of the named
>>> addressee(s). If you are not the intended recipient, please contact
>>> immediately the sender by telephone, fax or e-mail and delete the
>>> information in this message that has been received in error. The sender
>>> does not give any warranty or accept liability as the content, accuracy or
>>> completeness of sent messages and accepts no responsibility  for changes
>>> made after they were sent or for other risks which arise as a result of
>>> e-mail transmission, viruses, etc.
>>>
>>> 2018-03-06 17:26 GMT+01:00 Daniel Victoria <daniel.victoria at gmail.com>:
>>>
>>>> Hi Paolo,
>>>>
>>>> I removed the try block. The error happens in the first print
>>>> statement, when it tries to print layer.alternate.
>>>> It says:
>>>> AttributeError: 'Layer' object has no attribute 'alternate'
>>>>
>>>> I then removed the layer.alternate from the print statement and the
>>>> sync_geofence command runs. But each time I run it, I get a different
>>>> number of geofence data rules.
>>>> I'll try to run the commands in a python interpreter and try to
>>>> identify what's going on.
>>>>
>>>> Cheers
>>>>
>>>>
>>>> On Tue, Mar 6, 2018 at 11:37 AM Paolo Corti <pcorti at gmail.com> wrote:
>>>>
>>>>> Daniel
>>>>> remove the try block, and paste here the error trace stack
>>>>> ps: to debug with the shell, you must use "django-admin shell" command
>>>>> (which is "geonode shell" if you are using the Ubuntu package, I
>>>>> believe)
>>>>> thanks
>>>>> Paolo
>>>>>
>>>>> On Tue, Mar 6, 2018 at 7:11 AM, Daniel Victoria
>>>>> <daniel.victoria at gmail.com> wrote:
>>>>> > Hi Paolo,
>>>>> >
>>>>> > There are 2 print statements in the except block. The first prints
>>>>> the error
>>>>> > and the second is the one that complains about the variable
>>>>> 'perm_spec'
>>>>> > referenced before assignment.
>>>>> >
>>>>> > If I comment out just the second print statement I the following
>>>>> message
>>>>> > printed to the screen, one for each layer registered in GeoServer
>>>>> >
>>>>> > ('Unexpected error:', <type 'exceptions.AttributeError'>)
>>>>> >
>>>>> > I tried to run the commands in a python interpreter to debug this.
>>>>> But I
>>>>> > could not get the environment set. When I import the
>>>>> geonode.layers.models
>>>>> > in the interpreter, it complains about django_settings_module.
>>>>> >
>>>>> > Cheers
>>>>> > Daniel
>>>>> >
>>>>> > On Mon, Mar 5, 2018 at 10:08 PM Paolo Corti <pcorti at gmail.com>
>>>>> wrote:
>>>>> >>
>>>>> >> Hi Daniel
>>>>> >> can you try to remove the line with the print statement and see what
>>>>> >> kind of error is raising?
>>>>> >>
>>>>> >> Paolo
>>>>> >>
>>>>> >> On Mon, Mar 5, 2018 at 12:26 PM, Daniel Victoria
>>>>> >> <daniel.victoria at gmail.com> wrote:
>>>>> >> > Hi Paolo,
>>>>> >> >
>>>>> >> > Thanks for the tip. However, I installed GeoNode from the APT
>>>>> repository
>>>>> >> > and
>>>>> >> > I have no idea how to upgrade GeoNode or change GeoFence store
>>>>> from H2
>>>>> >> > to
>>>>> >> > PostgreSQL.
>>>>> >> >
>>>>> >> > I also added time.sleep(5) in sync_geofence.py, right before the
>>>>> try
>>>>> >> > block
>>>>> >> > but I'm still getting an error: It fails with the message:
>>>>> >> >
>>>>> >> > ('Unexpected error:', <type 'exceptions.AttributeError'>)
>>>>> >> > Traceback (most recent call last):
>>>>> >> >   File "/usr/bin/django-admin", line 21, in <module>
>>>>> >> >     management.execute_from_command_line()
>>>>> >> >   File
>>>>> >> >
>>>>> "/usr/lib/python2.7/dist-packages/django/core/management/__init__.py",
>>>>> >> > line
>>>>> >> > 354, in execute_from_command_line
>>>>> >> >     utility.execute()
>>>>> >> >   File
>>>>> >> >
>>>>> "/usr/lib/python2.7/dist-packages/django/core/management/__init__.py",
>>>>> >> > line
>>>>> >> > 346, in execute
>>>>> >> >     self.fetch_command(subcommand).run_from_argv(self.argv)
>>>>> >> >   File
>>>>> >> > "/usr/lib/python2.7/dist-packages/django/core/management/base.py",
>>>>> >> > line 394, in run_from_argv
>>>>> >> >     self.execute(*args, **cmd_options)
>>>>> >> >   File
>>>>> >> > "/usr/lib/python2.7/dist-packages/django/core/management/base.py",
>>>>> >> > line 445, in execute
>>>>> >> >     output = self.handle(*args, **options)
>>>>> >> >   File
>>>>> >> >
>>>>> >> >
>>>>> "/usr/local/lib/python2.7/dist-packages/geonode/geoserver/management/commands/sync_geofence.py",
>>>>> >> > line 60, in handle
>>>>> >> >     print 'perm_spec is %s' % perm_spec
>>>>> >> > UnboundLocalError: local variable 'perm_spec' referenced before
>>>>> >> > assignment
>>>>> >> >
>>>>> >> > Any other tips on how to fix this permission mess-up?
>>>>> >> >
>>>>> >> > Thanks
>>>>> >> > Daniel
>>>>> >> >
>>>>> >> > On Mon, Mar 5, 2018 at 12:13 PM Paolo Corti <pcorti at gmail.com>
>>>>> wrote:
>>>>> >> >>
>>>>> >> >> Another option could be to run a time.sleep for some seconds
>>>>> after
>>>>> >> >> each layer iteration in sync_geofence command
>>>>> >> >> cheers
>>>>> >> >> Paolo
>>>>> >> >>
>>>>> >> >> On Mon, Mar 5, 2018 at 10:04 AM, Paolo Corti <pcorti at gmail.com>
>>>>> wrote:
>>>>> >> >> > Hi Daniel
>>>>> >> >> >
>>>>> >> >> > You seem to have hit this bug which I reported to GeoFence
>>>>> team in
>>>>> >> >> > the
>>>>> >> >> > past:
>>>>> >> >> > https://github.com/geoserver/geofence/issues/98
>>>>> >> >> >
>>>>> >> >> > I didn't notice this happening in latest GeoFence version, so
>>>>> >> >> > upgrading to latest GeoNode could be an option.
>>>>> >> >> > Or you could try to use PostgreSQL instead than H2 as a
>>>>> GeoFence
>>>>> >> >> > store
>>>>> >> >> >
>>>>> >> >> > hope this helps
>>>>> >> >> >
>>>>> >> >> > cheers
>>>>> >> >> > Paolo
>>>>> >> >> >
>>>>> >> >> > On Mon, Mar 5, 2018 at 9:19 AM, Daniel Victoria
>>>>> >> >> > <daniel.victoria at gmail.com> wrote:
>>>>> >> >> >> Update: Apparently, if I update the layer permissions in the
>>>>> web
>>>>> >> >> >> interface
>>>>> >> >> >> or if i run `geonode updatelayers -f <layer_name>`, the
>>>>> correct
>>>>> >> >> >> GeoFence
>>>>> >> >> >> permissions are created. Thus, doing so a layer at a time
>>>>> works. But
>>>>> >> >> >> several
>>>>> >> >> >> layers at once, no.
>>>>> >> >> >>
>>>>> >> >> >> What should I look for in the GeoServer log to try to figure
>>>>> out
>>>>> >> >> >> where
>>>>> >> >> >> the
>>>>> >> >> >> problem is occurring? I can attach the GeoServer log if that
>>>>> helps.
>>>>> >> >> >>
>>>>> >> >> >> Cheers
>>>>> >> >> >> Daniel
>>>>> >> >> >>
>>>>> >> >> >> On Mon, Mar 5, 2018 at 9:52 AM Daniel Victoria
>>>>> >> >> >> <daniel.victoria at gmail.com>
>>>>> >> >> >> wrote:
>>>>> >> >> >>>
>>>>> >> >> >>> Hi list,
>>>>> >> >> >>>
>>>>> >> >> >>> I have GeoNode 2.6.3, installed from apt, in a Ubuntu
>>>>> machine.
>>>>> >> >> >>> Right
>>>>> >> >> >>> now i
>>>>> >> >> >>> have 108 registered layers, some imported using the web
>>>>> interface,
>>>>> >> >> >>> some
>>>>> >> >> >>> using the `geonode importlayers` command.
>>>>> >> >> >>>
>>>>> >> >> >>> Last week I noticed that some of the layers I was importing
>>>>> using
>>>>> >> >> >>> the
>>>>> >> >> >>> management command had view permission problems. I realized
>>>>> that
>>>>> >> >> >>> the
>>>>> >> >> >>> cause
>>>>> >> >> >>> was that the GeoFence rules were not being created correctly.
>>>>> >> >> >>>
>>>>> >> >> >>> Looking at the messages on the list, I saw that there were
>>>>> some
>>>>> >> >> >>> discussions about this issue and that 1) there was a patch
>>>>> for
>>>>> >> >> >>> geoserver/helper.py [1] and 2) a new `sync_geofence`
>>>>> management
>>>>> >> >> >>> command.
>>>>> >> >> >>>
>>>>> >> >> >>> I applied the patch and downloaded the `sync_geofence`
>>>>> command.
>>>>> >> >> >>>
>>>>> >> >> >>> Now, every time I run `geonode updatelayers` I end up with a
>>>>> >> >> >>> different
>>>>> >> >> >>> set
>>>>> >> >> >>> of rules in GeoFence. Some times with 106 rules, some times
>>>>> with
>>>>> >> >> >>> 209
>>>>> >> >> >>> rules
>>>>> >> >> >>> etc. And I can't run `geonode sync_geofence` since I'm
>>>>> getting an
>>>>> >> >> >>> error:
>>>>> >> >> >>>
>>>>> >> >> >>> UnboundLocalError: local variable 'perm_spec' referenced
>>>>> before
>>>>> >> >> >>> assignment
>>>>> >> >> >>>
>>>>> >> >> >>> Any idea how to fix this issue so I don't have to manually
>>>>> create
>>>>> >> >> >>> the
>>>>> >> >> >>> GeoFence rules? And also, not have `geonode updatelayers`
>>>>> mess up
>>>>> >> >> >>> the
>>>>> >> >> >>> rules
>>>>> >> >> >>> already created?
>>>>> >> >> >>>
>>>>> >> >> >>> Cheers
>>>>> >> >> >>> Daniel
>>>>> >> >> >>>
>>>>> >> >> >>> [1] -
>>>>> >> >> >>>
>>>>> >> >> >>>
>>>>> >> >> >>>
>>>>> https://github.com/GeoNode/geonode/commit/94b3b6abfd1bc856be94eb58f5bf13
>>>>> >> >> >>
>>>>> >> >> >>
>>>>> >> >> >> _______________________________________________
>>>>> >> >> >> geonode-users mailing list
>>>>> >> >> >> geonode-users at lists.osgeo.org
>>>>> >> >> >> https://lists.osgeo.org/mailman/listinfo/geonode-users
>>>>> >> >> >>
>>>>> >> >> >
>>>>> >> >> >
>>>>> >> >> >
>>>>> >> >> > --
>>>>> >> >> > Paolo Corti
>>>>> >> >> > Geospatial software developer
>>>>> >> >> > web: http://www.paolocorti.net
>>>>> >> >> > twitter: @capooti
>>>>> >> >> > skype: capooti
>>>>> >> >>
>>>>> >> >>
>>>>> >> >>
>>>>> >> >> --
>>>>> >> >> Paolo Corti
>>>>> >> >> Geospatial software developer
>>>>> >> >> web: http://www.paolocorti.net
>>>>> >> >> twitter: @capooti
>>>>> >> >> skype: capooti
>>>>> >>
>>>>> >>
>>>>> >>
>>>>> >> --
>>>>> >> Paolo Corti
>>>>> >> Geospatial software developer
>>>>> >> web: http://www.paolocorti.net
>>>>> >> twitter: @capooti
>>>>> >> skype: capooti
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Paolo Corti
>>>>> Geospatial software developer
>>>>> web: http://www.paolocorti.net
>>>>> twitter: @capooti
>>>>> skype: capooti
>>>>>
>>>>
>>>> _______________________________________________
>>>> geonode-users mailing list
>>>> geonode-users at lists.osgeo.org
>>>> https://lists.osgeo.org/mailman/listinfo/geonode-users
>>>>
>>>>
>>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/geonode-users/attachments/20180307/a8b29d05/attachment-0001.html>

More information about the geonode-users mailing list