[GeoNode-devel] Question about GeoNdoe Layer "view" and "download" permissions

Simone Dalmasso simone.dalmasso at gmail.com
Thu Oct 20 04:29:39 PDT 2016

Ciao Alessio,

I think it could make sense to enforce such constraint also adding other
permissions like edit_metadata etc. It would require some work on the ui so
that the user is aware of what's going on.

2016-10-20 13:07 GMT+02:00 Alessio Fabiani <alessio.fabiani at geo-solutions.it

> Dear all,
> while working on this GNIP (GNIP: GeoServer A&A Improvements)
> https://github.com/GeoNode/geonode/issues/2374
> (which by the way has been updated allowing GeoNode and GeoServer to rely
> on OAuth2 Protocol and GeoFence)
> we are facing an "issue" trying to set layers' access rules accordingly to
> GeoNode permissions.
> Long story short, currently GeoNode allows a user to setup two different
> kind of Layer access permissions:
> 1. View permissions (the Layer can be visualized on map and is listed on
> the GeoNode layers list)
> 2. Download permissions (the Layer can be downloaded in several formats,
> JPEG, PNG, PDF etc...)
> While this is correctly handled on GeoNode side, I guess there are some
> discrepancies on how this can be handled on the backend (GeoServer in this
> case).
> The thing is, if you can download a layer on the backend you necessarily
> have also permissions to see it. Unless view and download use different
> protocols (which is not the case) to download a layer a user must have
> permissions to access it.
> That means that even if in GeoNode we remove view permissions to a layer
> but we leave download ones, the Layer won't be listed in GeoNode but it
> will be always accessible from GeoServer.
> I'm going to ask here, is it correct to maintain this logic? Should be
> instead put more controls on GeoNode and make view permissions take
> precedence on download ones (if you cannot view it you cannot download it
> either)?
> Thoughts?
> Best Regards,
> Alessio Fabiani.
> ==
> GeoServer Professional Services from the experts!
> Visit http://goo.gl/it488V for more information.
> ==
> Ing. Alessio Fabiani
> @alfa7691
> Founder/Technical Lead
> GeoSolutions S.A.S.
> Via di Montramito 3/A
> 55054  Massarosa (LU)
> Italy
> phone: +39 0584 962313
> fax:     +39 0584 1660272
> mob:   +39 331 6233686
> http://www.geo-solutions.it
> http://twitter.com/geosolutions_it
> -------------------------------------------------------
> Le informazioni contenute in questo messaggio di posta elettronica e/o
> nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il
> loro utilizzo è consentito esclusivamente al destinatario del messaggio,
> per le finalità indicate nel messaggio stesso. Qualora riceviate questo
> messaggio senza esserne il destinatario, Vi preghiamo cortesemente di
> darcene notizia via e-mail e di procedere alla distruzione del messaggio
> stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso,
> divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od
> utilizzarlo per finalità diverse, costituisce comportamento contrario ai
> principi dettati dal D.Lgs. 196/2003.
> The information in this message and/or attachments, is intended solely for
> the attention and use of the named addressee(s) and may be confidential or
> proprietary in nature or covered by the provisions of privacy act
> (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection
> Code).Any use not in accord with its purpose, any disclosure, reproduction,
> copying, distribution, or either dissemination, either whole or partial, is
> strictly forbidden except previous formal approval of the named
> addressee(s). If you are not the intended recipient, please contact
> immediately the sender by telephone, fax or e-mail and delete the
> information in this message that has been received in error. The sender
> does not give any warranty or accept liability as the content, accuracy or
> completeness of sent messages and accepts no responsibility  for changes
> made after they were sent or for other risks which arise as a result of
> e-mail transmission, viruses, etc.
> ---------------------------------------------------------------------
> _______________________________________________
> geonode-devel mailing list
> geonode-devel at lists.osgeo.org
> http://lists.osgeo.org/mailman/listinfo/geonode-devel

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/geonode-devel/attachments/20161020/5846a2af/attachment-0001.html>

More information about the geonode-devel mailing list