[GeoNode-devel] GeoNode generic roles permissions migration

Paolo Corti pcorti at gmail.com
Fri Jun 5 03:42:52 PDT 2015


I am working on a procedure that should be able to migrate any GeoNode
instance from 2.0 to 2.4 (starting from this work that was done by the
NEPA geonode people:
https://github.com/DOE-NEPA/geonode_2.0_to_2.4_migration). I am almost
ready (I will soon send a PR with the code so that this could be
beneficial for others that need to do this migration), except that I
need to figure out how to proceed with permissions migration.

In GeoNode 2.0 for generic roles we have the following situtations:

1) anonymous - Read Only: every user can view/download
2) authenticated - Read Only: every authenticated user can view/download
3) authenticated - Read/Write: every authenticated user can view/download/edit

for 1) we can set the following two permissions in guardian ("anyone"
is a user):

* anyone can view
* anyone can download

for 2) and 3) we would need to add respectively two (can view, can
download) or six (can view, can download, can edit, can edit metadata,
can edit styles, can manage) record/s for each different GeoNode user.
If the combination of user and resource base is large (as in my case),
this will translate in a very large number of records loaded in the
guardian table.

Is it acceptable in your opinion if for the migration purpose I create
a group named 'authenticated' by code and assign all of the users to
it, and then proceed with the permission migration assigning the
permission for a resource just to the group in case of 2/3? Do you
think there is a better approach?

I was considering if it would make sense to have this 'authenticated'
group created by default in geonode. This would mean to add a signal
to assign every freshly created user by default to that group.


Paolo Corti
Geospatial software developer
web: http://www.paolocorti.net
twitter: @capooti
skype: capooti

More information about the geonode-devel mailing list