[GeoNode-users] Editing layer metadata via the geonode backend
Paolo Corti
pcorti at gmail.com
Tue Nov 27 09:56:01 PST 2018
Hi Sam
1. I don't think you can POST to the API as looking at CommonMetaApi
in geonode.api.resourcebase_api I see just 'GET' in allowed_methods
2. I can provide you some help with this, but looking at 1. would you
be still interested?
3. I would create a django management command for this purpose -
provided that you can access to the server to run the command. Another
approach is by using SQL
best
Paolo
On Tue, Nov 27, 2018 at 9:26 AM Sam Franklin <mr.samfranklin at gmail.com> wrote:
>
> Hi List
>
> I want to edit the metadata of layers on geonode programmatically e.g. abstracts and ratings fields. One example is that I want to bulk update data abstracts for many uploaded layers.
>
> I'm not sure of the best approach, so I tried using an HTTP POST request to the genode api, e.g. localhost/api/<some-endpoint>
> I couldn't see a way to do this via the manage.py commandline application.
> I didn't try a SQL insert/update approach, as thought the API route would be cleaner.
>
> I attempted to construct a POST request (using POSTMAN).
>
> Using a postman GET request and adding a valid sessionid cookie, I'm able to query a given layer (e.g. id=39) and get a JSON response of all the metadata using URL (get) https://localhost/api/layers/?id=39. This demonstrates that I can perform GET requests to the "layers" endpoint from outside the browser.
>
> When I manually edited a layer rating via the geonode UI, I intercepted this output from the apache access log.
> "POST /ratings/54/39/rate/ HTTP/1.1" 200 609 "https://localhost/layers/geonode:mylayer" <user-agent>
>
> However, for a POST request (and adding a referer header) using URL https://localhost/ratings/54/39/rate/?rating=4, I receive a 403 forbidden error which relates to the CSRF verification, see below pasted as plain text body of the django response.
>
> So this is obviously an authentication issue.
>
> However, taking a step back, my queries are:
> 1. Are POST requests to the API possible at all from curl or postman or some other client?
> 2. Is there any documentation on geonode API i.e. obtaining a CSRF token via the API?
> 3. Is there a better approach to achieving editing metadata from the backend?
>
> Thanks in advance for any pointers.
> Sam
>
> #### POST request error
> Forbidden (403)
> CSRF verification failed. Request aborted.
> Help
> Reason given for failure:
> CSRF token missing or incorrect.
>
> In general, this can occur when there is a genuine Cross Site Request Forgery, or when Django's CSRF mechanism has not been used correctly. For POST forms, you need to ensure:
> Your browser is accepting cookies.
> The view function passes a request to the template's render method.
> In the template, there is a {% csrf_token %} template tag inside each POST form that targets an internal URL.
> If you are not using CsrfViewMiddleware, then you must use csrf_protect on any views that use the csrf_token template tag, as well as those that accept the POST data.
> You're seeing the help section of this page because you have DEBUG = True in your Django settings file. Change that to False, and only the initial error message will be displayed.
> You can customize this page using the CSRF_FAILURE_VIEW setting.
> ####
>
> _______________________________________________
> geonode-users mailing list
> geonode-users at lists.osgeo.org
> https://lists.osgeo.org/mailman/listinfo/geonode-users
--
Paolo Corti
Geospatial software developer
web: http://www.paolocorti.net
twitter: @capooti
skype: capooti
More information about the geonode-users
mailing list