[GeoNode-devel] Question about GeoNdoe Layer "view" and "download" permissions
Simone Dalmasso
simone.dalmasso at gmail.com
Thu Oct 20 04:29:39 PDT 2016
Ciao Alessio,
I think it could make sense to enforce such constraint also adding other
permissions like edit_metadata etc. It would require some work on the ui so
that the user is aware of what's going on.
2016-10-20 13:07 GMT+02:00 Alessio Fabiani <alessio.fabiani at geo-solutions.it
>:
> Dear all,
> while working on this GNIP (GNIP: GeoServer A&A Improvements)
>
> https://github.com/GeoNode/geonode/issues/2374
>
> (which by the way has been updated allowing GeoNode and GeoServer to rely
> on OAuth2 Protocol and GeoFence)
>
> we are facing an "issue" trying to set layers' access rules accordingly to
> GeoNode permissions.
>
> Long story short, currently GeoNode allows a user to setup two different
> kind of Layer access permissions:
>
> 1. View permissions (the Layer can be visualized on map and is listed on
> the GeoNode layers list)
>
> 2. Download permissions (the Layer can be downloaded in several formats,
> JPEG, PNG, PDF etc...)
>
> While this is correctly handled on GeoNode side, I guess there are some
> discrepancies on how this can be handled on the backend (GeoServer in this
> case).
>
> The thing is, if you can download a layer on the backend you necessarily
> have also permissions to see it. Unless view and download use different
> protocols (which is not the case) to download a layer a user must have
> permissions to access it.
>
> That means that even if in GeoNode we remove view permissions to a layer
> but we leave download ones, the Layer won't be listed in GeoNode but it
> will be always accessible from GeoServer.
>
> I'm going to ask here, is it correct to maintain this logic? Should be
> instead put more controls on GeoNode and make view permissions take
> precedence on download ones (if you cannot view it you cannot download it
> either)?
>
> Thoughts?
>
> Best Regards,
> Alessio Fabiani.
>
> ==
> GeoServer Professional Services from the experts!
> Visit http://goo.gl/it488V for more information.
> ==
>
> Ing. Alessio Fabiani
> @alfa7691
> Founder/Technical Lead
>
> GeoSolutions S.A.S.
> Via di Montramito 3/A
> 55054 Massarosa (LU)
> Italy
> phone: +39 0584 962313
> fax: +39 0584 1660272
> mob: +39 331 6233686
>
> http://www.geo-solutions.it
> http://twitter.com/geosolutions_it
>
> -------------------------------------------------------
>
> *AVVERTENZE AI SENSI DEL D.Lgs. 196/2003*
>
> Le informazioni contenute in questo messaggio di posta elettronica e/o
> nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il
> loro utilizzo è consentito esclusivamente al destinatario del messaggio,
> per le finalità indicate nel messaggio stesso. Qualora riceviate questo
> messaggio senza esserne il destinatario, Vi preghiamo cortesemente di
> darcene notizia via e-mail e di procedere alla distruzione del messaggio
> stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso,
> divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od
> utilizzarlo per finalità diverse, costituisce comportamento contrario ai
> principi dettati dal D.Lgs. 196/2003.
>
>
>
> The information in this message and/or attachments, is intended solely for
> the attention and use of the named addressee(s) and may be confidential or
> proprietary in nature or covered by the provisions of privacy act
> (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection
> Code).Any use not in accord with its purpose, any disclosure, reproduction,
> copying, distribution, or either dissemination, either whole or partial, is
> strictly forbidden except previous formal approval of the named
> addressee(s). If you are not the intended recipient, please contact
> immediately the sender by telephone, fax or e-mail and delete the
> information in this message that has been received in error. The sender
> does not give any warranty or accept liability as the content, accuracy or
> completeness of sent messages and accepts no responsibility for changes
> made after they were sent or for other risks which arise as a result of
> e-mail transmission, viruses, etc.
>
> ---------------------------------------------------------------------
>
> _______________________________________________
> geonode-devel mailing list
> geonode-devel at lists.osgeo.org
> http://lists.osgeo.org/mailman/listinfo/geonode-devel
>
>
--
Simone
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/geonode-devel/attachments/20161020/5846a2af/attachment-0001.html>
More information about the geonode-devel
mailing list