[GeoNode-devel] Question about GeoNdoe Layer "view" and "download" permissions

Jeffrey Johnson ortelius at gmail.com
Mon Oct 24 09:19:59 PDT 2016 

+1 on this proposal. Feels like we should make a GNIP or put it in an
issue or something so we can refer back to this discussion in the
future when questions come up.

On Mon, Oct 24, 2016 at 9:16 AM, Alessio Fabiani
<alessio.fabiani at geo-solutions.it> wrote:
> Dear all,
> I did not hear anymore comments on this, but what about the following
> proposal?
>
> We can distinguish between "view services" and "download services". In OGC
> the "view services" are the ones related to mapping, like the WMS, while the
> "download services" are the raw ones, like WFS and WCS. This is also the
> mapping that INSPIRE does over OGC.
>
> What I propose is to:
>
> 1. If a user has "view" permissions he can access to maps and portryals,
> i.e. he can access to the WMS service.
>
> 2. If a user has "download" permissions he can access to raw services like
> WFS for vectorial data and WCS for raster data, i.e. he can download Layers
> as Shapefiles or GML2 or GeoTIFFs.
>
> The two permissions will be separated.
>
> Also the Download Page must be revised. It must have two TABS, one for
> WMS-like downloads (PNG, JPEG, GIF) and one for W*S-like ones (Shapefiles,
> GML2, GeoTIFF, ...).
>
> Hope what wrote is clear enough. Feel free to ask for details and or
> clarifications.
>
> Thoughts?
>
>
> Best Regards,
> Alessio Fabiani.
>
> ==
> GeoServer Professional Services from the experts!
> Visit http://goo.gl/it488V for more information.
> ==
>
> Ing. Alessio Fabiani
> @alfa7691
> Founder/Technical Lead
>
> GeoSolutions S.A.S.
> Via di Montramito 3/A
> 55054  Massarosa (LU)
> Italy
> phone: +39 0584 962313
> fax:     +39 0584 1660272
> mob:   +39 331 6233686
>
> http://www.geo-solutions.it
> http://twitter.com/geosolutions_it
>
> -------------------------------------------------------
>
> AVVERTENZE AI SENSI DEL D.Lgs. 196/2003
>
> Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i
> file/s allegato/i sono da considerarsi strettamente riservate. Il loro
> utilizzo è consentito esclusivamente al destinatario del messaggio, per le
> finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio
> senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia
> via e-mail e di procedere alla distruzione del messaggio stesso,
> cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo
> anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per
> finalità diverse, costituisce comportamento contrario ai principi dettati
> dal D.Lgs. 196/2003.
>
>
>
> The information in this message and/or attachments, is intended solely for
> the attention and use of the named addressee(s) and may be confidential or
> proprietary in nature or covered by the provisions of privacy act
> (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection
> Code).Any use not in accord with its purpose, any disclosure, reproduction,
> copying, distribution, or either dissemination, either whole or partial, is
> strictly forbidden except previous formal approval of the named
> addressee(s). If you are not the intended recipient, please contact
> immediately the sender by telephone, fax or e-mail and delete the
> information in this message that has been received in error. The sender does
> not give any warranty or accept liability as the content, accuracy or
> completeness of sent messages and accepts no responsibility  for changes
> made after they were sent or for other risks which arise as a result of
> e-mail transmission, viruses, etc.
>
> ---------------------------------------------------------------------
>
>
> On Thu, Oct 20, 2016 at 1:29 PM, Simone Dalmasso <simone.dalmasso at gmail.com>
> wrote:
>>
>> Ciao Alessio,
>>
>> I think it could make sense to enforce such constraint also adding other
>> permissions like edit_metadata etc. It would require some work on the ui so
>> that the user is aware of what's going on.
>>
>> 2016-10-20 13:07 GMT+02:00 Alessio Fabiani
>> <alessio.fabiani at geo-solutions.it>:
>>>
>>> Dear all,
>>> while working on this GNIP (GNIP: GeoServer A&A Improvements)
>>>
>>> https://github.com/GeoNode/geonode/issues/2374
>>>
>>> (which by the way has been updated allowing GeoNode and GeoServer to rely
>>> on OAuth2 Protocol and GeoFence)
>>>
>>> we are facing an "issue" trying to set layers' access rules accordingly
>>> to GeoNode permissions.
>>>
>>> Long story short, currently GeoNode allows a user to setup two different
>>> kind of Layer access permissions:
>>>
>>> 1. View permissions (the Layer can be visualized on map and is listed on
>>> the GeoNode layers list)
>>>
>>> 2. Download permissions (the Layer can be downloaded in several formats,
>>> JPEG, PNG, PDF etc...)
>>>
>>> While this is correctly handled on GeoNode side, I guess there are some
>>> discrepancies on how this can be handled on the backend (GeoServer in this
>>> case).
>>>
>>> The thing is, if you can download a layer on the backend you necessarily
>>> have also permissions to see it. Unless view and download use different
>>> protocols (which is not the case) to download a layer a user must have
>>> permissions to access it.
>>>
>>> That means that even if in GeoNode we remove view permissions to a layer
>>> but we leave download ones, the Layer won't be listed in GeoNode but it will
>>> be always accessible from GeoServer.
>>>
>>> I'm going to ask here, is it correct to maintain this logic? Should be
>>> instead put more controls on GeoNode and make view permissions take
>>> precedence on download ones (if you cannot view it you cannot download it
>>> either)?
>>>
>>> Thoughts?
>>>
>>> Best Regards,
>>> Alessio Fabiani.
>>>
>>> ==
>>> GeoServer Professional Services from the experts!
>>> Visit http://goo.gl/it488V for more information.
>>> ==
>>>
>>> Ing. Alessio Fabiani
>>> @alfa7691
>>> Founder/Technical Lead
>>>
>>> GeoSolutions S.A.S.
>>> Via di Montramito 3/A
>>> 55054  Massarosa (LU)
>>> Italy
>>> phone: +39 0584 962313
>>> fax:     +39 0584 1660272
>>> mob:   +39 331 6233686
>>>
>>> http://www.geo-solutions.it
>>> http://twitter.com/geosolutions_it
>>>
>>> -------------------------------------------------------
>>>
>>> AVVERTENZE AI SENSI DEL D.Lgs. 196/2003
>>>
>>> Le informazioni contenute in questo messaggio di posta elettronica e/o
>>> nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro
>>> utilizzo è consentito esclusivamente al destinatario del messaggio, per le
>>> finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio
>>> senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia
>>> via e-mail e di procedere alla distruzione del messaggio stesso,
>>> cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo
>>> anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per
>>> finalità diverse, costituisce comportamento contrario ai principi dettati
>>> dal D.Lgs. 196/2003.
>>>
>>>
>>>
>>> The information in this message and/or attachments, is intended solely
>>> for the attention and use of the named addressee(s) and may be confidential
>>> or proprietary in nature or covered by the provisions of privacy act
>>> (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection
>>> Code).Any use not in accord with its purpose, any disclosure, reproduction,
>>> copying, distribution, or either dissemination, either whole or partial, is
>>> strictly forbidden except previous formal approval of the named
>>> addressee(s). If you are not the intended recipient, please contact
>>> immediately the sender by telephone, fax or e-mail and delete the
>>> information in this message that has been received in error. The sender does
>>> not give any warranty or accept liability as the content, accuracy or
>>> completeness of sent messages and accepts no responsibility  for changes
>>> made after they were sent or for other risks which arise as a result of
>>> e-mail transmission, viruses, etc.
>>>
>>> ---------------------------------------------------------------------
>>>
>>>
>>> _______________________________________________
>>> geonode-devel mailing list
>>> geonode-devel at lists.osgeo.org
>>> http://lists.osgeo.org/mailman/listinfo/geonode-devel
>>>
>>
>>
>>
>> --
>> Simone
>
>
>
> _______________________________________________
> geonode-devel mailing list
> geonode-devel at lists.osgeo.org
> http://lists.osgeo.org/mailman/listinfo/geonode-devel
>

More information about the geonode-devel mailing list