[GeoNode-devel] Deny upload for a group of users

Paolo Corti pcorti at gmail.com
Wed Dec 12 15:08:51 PST 2018 

Hello Emídio

you are right, I am not sure why this is happening but I don't think
is the expected behaviour from Django model permissions system, as far
as I remember. If a user or a group of user has not the permission to
create an instance of that model, Django should raise an error
automatically.

I am wondering if not using  the default value for
AUTHENTICATION_BACKENDS [1] for a Django project, but a combination of
different backends, including OAuth2, [2] change the things.

best
Paolo

[1]
AUTHENTICATION_BACKENDS = ['django.contrib.auth.backends.ModelBackend']

[2]
AUTHENTICATION_BACKENDS = (
    'oauth2_provider.backends.OAuth2Backend',
    'django.contrib.auth.backends.ModelBackend',
    'guardian.backends.ObjectPermissionBackend',
    'allauth.account.auth_backends.AuthenticationBackend',
)

On Wed, Dec 12, 2018 at 7:44 AM Emídio Fernandes <ebueno at spacesur.com> wrote:
>
> Grazie mille Paolo, i have tried to create groups as you said, but users from the group without permission to add/change/edit/delete layer still can upload  of data. Another thing i observed, after remove  the anonymous group its came appears again.
> Thanks
>
> El mar., 11 dic. 2018 a las 19:07, Paolo Corti (<pcorti at gmail.com>) escribió:
>>
>> You should be able to accomplish this without forking GeoNode using
>> Django groups and customizing your templates. For example create 2
>> groups, one named "uploaders" and the other "not-uploaders". Make sure
>> the first group has the can add/change/edit/delete layer permissions
>> while the second not.
>> In your custom project templates hide links to the layer
>> administrative pages (layer upload, layer change metadata) when a user
>> belongs to the not-uploader group. As a last thing, add a signal in
>> your custom project to add each user to the not-uploader group when
>> she/he registers.
>> Hope this helps
>> Paolo
>>
>> On Mon, Dec 10, 2018 at 2:58 PM Emídio Fernandes <ebueno at spacesur.com> wrote:
>> >
>> > hello everyone!!, i would like to know if it's possible deny a certain group of users to upload any data(vectorial, raster and document) to Geonode. Something like a viewer user
>> >
>> > tanks
>> > _______________________________________________
>> > geonode-devel mailing list
>> > geonode-devel at lists.osgeo.org
>> > https://lists.osgeo.org/mailman/listinfo/geonode-devel
>>
>>
>>
>> --
>> Paolo Corti
>> Geospatial software developer
>> web: http://www.paolocorti.net
>> twitter: @capooti
>> skype: capooti
>
>
>
> --
>
>
> Emídio Bueno
>
> Geospatial Product Manager
>
>
> +54 (11) 4342-2976/84
>
> www.spacesur.com



-- 
Paolo Corti
Geospatial software developer
web: http://www.paolocorti.net
twitter: @capooti
skype: capooti

More information about the geonode-devel mailing list