[GeoNode-users] Restrict the add_layer auth to some user

Simone Dalmasso simone.dalmasso at gmail.com
Tue Jun 16 12:31:33 PDT 2015


Yes, and you could make use of this field
https://github.com/GeoNode/geonode/blob/master/geonode/base/models.py#L330 that
could be true only if the metadata are filled correctly (either by admin
check or an automatic advanced sanity check on the layer/metadata form).

2015-06-16 20:29 GMT+02:00 Daniel Victoria <daniel.victoria at gmail.com>:

> Many thanks Simone, we will take a look at those settings here. This might
> solve our dilemma of how can we guarantee that the producer filled the
> metadata correctly before displaying the data to the general public. We
> hope to establish a metadata curation process in our repository. Any other
> thoughts or methods as how to accomplish this? Or is the group solution a
> good one?
>
> On Tue, Jun 16, 2015 at 12:06 PM, Simone Dalmasso <
> simone.dalmasso at gmail.com> wrote:
>
>> To restrict the add_layers you have to do some development, while to
>> restrict the download to authenticated you have to:
>> - edit the default permissions settings
>> https://github.com/GeoNode/geonode/blob/master/geonode/settings.py#L413
>> - create a group (from the geonode interface and not from the admin)
>> called "authenticated", add users to it and grant the layers download
>> permissions to that group from the edit layer permissions or in bulk from
>> the layer list page "set permissions"
>>
>> 2015-06-16 17:00 GMT+02:00 Daniel Victoria <daniel.victoria at gmail.com>:
>>
>>> Hi Simone,
>>>
>>> Could you elaborate more on how (and were) to set group permissions so
>>> that members can add layers but with no public permissions by default (only
>>> registered users can see data)?
>>>
>>> Thanks
>>> Daniel
>>>
>>> On Tue, Jun 16, 2015 at 11:48 AM, Simone Dalmasso <
>>> simone.dalmasso at gmail.com> wrote:
>>>
>>>> Yes, the permissions on GeoNode can be granted by users or by groups
>>>> but the system will automatically resolve the group permissions for the
>>>> users that belongs to them.
>>>> Actually the suggested way is to use group (GroupProfile), not public
>>>> but managed to grant permissions
>>>>
>>>> 2015-06-16 16:45 GMT+02:00 Daniel Victoria <daniel.victoria at gmail.com>:
>>>>
>>>>> On the same topic of restricting permissions, can it be done for
>>>>> entire groups? For our use case we though of having a two step process:
>>>>> 1) A producer group that can add data but it won't be public available;
>>>>> 2) A metadata validation group would then come in and validate the
>>>>> metadata (is everything filled correctly?) and make the layers/maps public.
>>>>>
>>>>> On Tue, Jun 16, 2015 at 11:13 AM, FERRARI Hugo <ferrari_hugo at yahoo.fr>
>>>>> wrote:
>>>>>
>>>>>> Hello world,
>>>>>> in Geonode there are permissions on resources and we can modify them.
>>>>>> But is there any way to restrict actions for some users ?
>>>>>> I want only few users to be allowed to add new layers in geonode but
>>>>>> apparently the only existing criteria to permit is authentication.
>>>>>> I'm sure i'm not the first to ask this question.
>>>>>> In auth_permission postgres table we can see that the "add_layer"
>>>>>> permision already exists but it is not affected to users.
>>>>>>
>>>>>> Thanks for your advices
>>>>>> Hugo FERRARI
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> Le 09/06/2015 18:50, geonode-users-request at lists.osgeo.org a écrit :
>>>>>>
>>>>>>> Send geonode-users mailing list submissions to
>>>>>>>         geonode-users at lists.osgeo.org
>>>>>>>
>>>>>>> To subscribe or unsubscribe via the World Wide Web, visit
>>>>>>>
>>>>>>> http://lists.osgeo.org/cgi-bin/mailman/listinfo/geonode-users
>>>>>>> or, via email, send a message with subject or body 'help' to
>>>>>>>         geonode-users-request at lists.osgeo.org
>>>>>>>
>>>>>>> You can reach the person managing the list at
>>>>>>>         geonode-users-owner at lists.osgeo.org
>>>>>>>
>>>>>>> When replying, please edit your Subject line so it is more specific
>>>>>>> than "Re: Contents of geonode-users digest..."
>>>>>>>
>>>>>>>
>>>>>>> Today's Topics:
>>>>>>>
>>>>>>>     1. developpement: Modifying permission behavior and data
>>>>>>>        visibility in Geonode (FERRARI Hugo)
>>>>>>>     2. Re: developpement: Modifying permission behavior and data
>>>>>>>        visibility in Geonode (Ariel Nunez)
>>>>>>>     3. Re: developpement: Modifying permission behavior and data
>>>>>>>        visibility in Geonode (Paolo Corti)
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> ----------------------------------------------------------------------
>>>>>>>
>>>>>>> Message: 1
>>>>>>> Date: Tue, 09 Jun 2015 16:56:18 +0400
>>>>>>> From: FERRARI Hugo <ferrari_hugo at yahoo.fr>
>>>>>>> To: geonode-users at lists.osgeo.org
>>>>>>> Subject: [GeoNode-users] developpement: Modifying permission behavior
>>>>>>>         and data visibility in Geonode
>>>>>>> Message-ID: <5576E272.6090606 at yahoo.fr>
>>>>>>> Content-Type: text/plain; charset=windows-1252; format=flowed
>>>>>>>
>>>>>>> Hello everyone,
>>>>>>> I have installed a complete geonode instance on a developpement
>>>>>>> server.
>>>>>>> I want  to change thebehaviorofthesoftware  to make it fit the need
>>>>>>> of
>>>>>>> the institution I work for.
>>>>>>> So i'm looking for some advices because  I didn't manage to code it
>>>>>>> yet.
>>>>>>>
>>>>>>> My aim to separate metada access from the data access.
>>>>>>> That  is to make all the layers uploaded in geoserver VISIBLE for all
>>>>>>> users (logged or not) but only in the layer-list page , not on the
>>>>>>> layer-detail page .
>>>>>>> If you click on any specific layer in the layer-list (or
>>>>>>> document-list
>>>>>>> because i want the same behavior for both), you get the layer detail
>>>>>>> so
>>>>>>> you what will see is:
>>>>>>>
>>>>>>> - In the case you have the view_resourcebase permission (who can see
>>>>>>> it
>>>>>>> ?), you will see the current template corresponding to
>>>>>>> layer_detail.html: both access to datas and metadatas.
>>>>>>> - In the other case if you don't have the view_resourcebase
>>>>>>> permission,
>>>>>>> you 'll only have access to metadatas's ressource (that means a
>>>>>>> template
>>>>>>> similar to layer_detail.html but Instead of the geoexplorer frame you
>>>>>>> sould have a "permission denied" message, but the possibility to
>>>>>>> retrieve metadata).
>>>>>>>
>>>>>>> It's quite simple to make all the layers visible in the layer list,
>>>>>>> whoever is logged in (you just have to modify SKIP_PERMS_FILTERS in
>>>>>>> settings.py AND read_list function in module api/authorisation.py).
>>>>>>> but the actual behavior is to catch a 403 http error when trying to
>>>>>>> view
>>>>>>> the layer detail.
>>>>>>> Modifying the 403.html template does not seems to be the good way to
>>>>>>> process.
>>>>>>> I don't think it is necessary to modify geonode's database model
>>>>>>> because
>>>>>>> the view_ressource permission  is enough, considering that  viewing
>>>>>>> the
>>>>>>> ressource is equivalent to having access to the data (even if you
>>>>>>> can't
>>>>>>> download it). There's no need to add a new kind of permissions, as
>>>>>>> far
>>>>>>> as I can guess.
>>>>>>> What is prefered is not throwing a 403 error but just the
>>>>>>> layer_detail.html template modified to get only metadatas.
>>>>>>>
>>>>>>> I hope the explanation was clear enough,
>>>>>>> Thanks for your advices
>>>>>>> Hugo FERRARI
>>>>>>>
>>>>>>> PS
>>>>>>> Does it correspond to the actual geonode developpement policy ?
>>>>>>> Datas and metada are strongly linked in this software.
>>>>>>> Could this functionnality be interresting for any other geonode
>>>>>>> users?
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Le 08/06/2015 23:00, geonode-users-request at lists.osgeo.org a ?crit :
>>>>>>>
>>>>>>>> Send geonode-users mailing list submissions to
>>>>>>>>         geonode-users at lists.osgeo.org
>>>>>>>>
>>>>>>>> To subscribe or unsubscribe via the World Wide Web, visit
>>>>>>>>
>>>>>>>> http://lists.osgeo.org/cgi-bin/mailman/listinfo/geonode-users
>>>>>>>> or, via email, send a message with subject or body 'help' to
>>>>>>>>         geonode-users-request at lists.osgeo.org
>>>>>>>>
>>>>>>>> You can reach the person managing the list at
>>>>>>>>         geonode-users-owner at lists.osgeo.org
>>>>>>>>
>>>>>>>> When replying, please edit your Subject line so it is more specific
>>>>>>>> than "Re: Contents of geonode-users digest..."
>>>>>>>>
>>>>>>>>
>>>>>>>> Today's Topics:
>>>>>>>>
>>>>>>>>      1. Re: osgeo module install problem (Simone Dalmasso)
>>>>>>>>      2. Problems to Translate Geonode - Transifex -     Portuguese
>>>>>>>>         (Brazil) (Davi Custodio)
>>>>>>>>      3. Re: Problems to Translate Geonode - Transifex - Portuguese
>>>>>>>>         (Brazil) (Julien Collaer)
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> ----------------------------------------------------------------------
>>>>>>>>
>>>>>>>> Message: 1
>>>>>>>> Date: Sun, 7 Jun 2015 21:40:13 +0200
>>>>>>>> From: Simone Dalmasso <simone.dalmasso at gmail.com>
>>>>>>>> To: Vicente <deluca.vicente at gmail.com>
>>>>>>>> Cc: geonode-users <geonode-users at lists.osgeo.org>
>>>>>>>> Subject: Re: [GeoNode-users] osgeo module install problem
>>>>>>>> Message-ID:
>>>>>>>>         <CAAHAC+cU9GgbBUe-ocH4GJZ1PaXEZDrY5W=
>>>>>>>> ZCsTzSUSx5ymVvA at mail.gmail.com>
>>>>>>>> Content-Type: text/plain; charset="utf-8"
>>>>>>>>
>>>>>>>> Hi, you are missing the gdal python bindings, a "pip install gdal"
>>>>>>>> should
>>>>>>>> fix it.
>>>>>>>>
>>>>>>>> Hope it helps, ciao
>>>>>>>>
>>>>>>>> 2015-06-07 17:59 GMT+02:00 Vicente <deluca.vicente at gmail.com>:
>>>>>>>>
>>>>>>>>  Good afternoon,
>>>>>>>>> If I run the following line from my command line, the answer is
>>>>>>>>> successful
>>>>>>>>>
>>>>>>>>> $ sudo apt-get -y install libgdal1h libgdal-dev python-gdal
>>>>>>>>>
>>>>>>>>> But if I run from the session virtualenv, the answer is No module
>>>>>>>>> named
>>>>>>>>> osgeo.
>>>>>>>>>
>>>>>>>>> I have just added the following session variables in my .bashrc:
>>>>>>>>> export VIRTUALENVWRAPPER_PYTHON = / usr / bin / python
>>>>>>>>> export WORKON_HOME = ~ / .venvs
>>>>>>>>> source /usr/local/bin/virtualenvwrapper.sh
>>>>>>>>> export PIP_DOWNLOAD_CACHE = $ HOME / .pip-downloads
>>>>>>>>>
>>>>>>>>> Both session with virtualenv or outside, the python to run is the
>>>>>>>>> same,
>>>>>>>>> Python 2.7.6 (default, Mar 22 2014, 22:59:56)
>>>>>>>>>
>>>>>>>>> The result is that I can not run because there is paver start the
>>>>>>>>> osgeo
>>>>>>>>> module from within the session obviously.
>>>>>>>>>
>>>>>>>>> Thanks!
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>>
>>>>>>>>> [image: MANTA] <http://www.estudiomanta.com/>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Vicente Deluca
>>>>>>>>>
>>>>>>>>> *+54 11 6091 4579 <%2B54%2011%206091%204579>*
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> _______________________________________________
>>>>>>>>> geonode-users mailing list
>>>>>>>>> geonode-users at lists.osgeo.org
>>>>>>>>> http://lists.osgeo.org/cgi-bin/mailman/listinfo/geonode-users
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>
>>>>>>> ------------------------------
>>>>>>>
>>>>>>> Message: 2
>>>>>>> Date: Tue, 9 Jun 2015 09:01:34 -0500
>>>>>>> From: Ariel Nunez <ingenieroariel at gmail.com>
>>>>>>> To: FERRARI Hugo <ferrari_hugo at yahoo.fr>
>>>>>>> Cc: "geonode-users at lists.osgeo.org" <geonode-users at lists.osgeo.org>
>>>>>>> Subject: Re: [GeoNode-users] developpement: Modifying permission
>>>>>>>         behavior and data visibility in Geonode
>>>>>>> Message-ID:
>>>>>>>         <
>>>>>>> CALh6R-QDnFhFPgQdejPp0Kuh5NABLExo7ONaQWjhyb2hk3chEw at mail.gmail.com>
>>>>>>> Content-Type: text/plain; charset="utf-8"
>>>>>>>
>>>>>>> Hugo,
>>>>>>>
>>>>>>> Based on what I understand, the best path forward is to have a
>>>>>>> view_metadata permission that you use to enforce the behavior you
>>>>>>> want.
>>>>>>> Assigning a new meaning to the existing permission may be
>>>>>>> problematic for
>>>>>>> other users with different needs (for example where metadata is
>>>>>>> sensitive
>>>>>>> information).
>>>>>>>
>>>>>>> The place where we want to get to, is to allow uploaders to restrict
>>>>>>> any
>>>>>>> actions they want, but give the end user buttons to request
>>>>>>> permissions (to
>>>>>>> view if they cannot view, to download if they can only view, to edit
>>>>>>> if the
>>>>>>> can only download) to encourage a conversation between uploaders and
>>>>>>> users
>>>>>>> and provide a workflow to allow access to information when it is
>>>>>>> needed.
>>>>>>>
>>>>>>> The changes you make would be good candidates for inclusion in the
>>>>>>> main
>>>>>>> version of GeoNode so others can benefit in the future. Hopefully
>>>>>>> others
>>>>>>> (Paolo?) can chime in with more specific feedback.
>>>>>>>
>>>>>>> Best,
>>>>>>> Ariel.
>>>>>>>
>>>>>>> On Tue, Jun 9, 2015 at 7:56 AM, FERRARI Hugo <ferrari_hugo at yahoo.fr>
>>>>>>> wrote:
>>>>>>>
>>>>>>>  Hello everyone,
>>>>>>>> I have installed a complete geonode instance on a developpement
>>>>>>>> server.
>>>>>>>> I want  to change thebehaviorofthesoftware  to make it fit the need
>>>>>>>> of the
>>>>>>>> institution I work for.
>>>>>>>> So i'm looking for some advices because  I didn't manage to code it
>>>>>>>> yet.
>>>>>>>>
>>>>>>>> My aim to separate metada access from the data access.
>>>>>>>> That  is to make all the layers uploaded in geoserver VISIBLE for
>>>>>>>> all
>>>>>>>> users (logged or not) but only in the layer-list page , not on the
>>>>>>>> layer-detail page .
>>>>>>>> If you click on any specific layer in the layer-list (or
>>>>>>>> document-list
>>>>>>>> because i want the same behavior for both), you get the layer
>>>>>>>> detail so you
>>>>>>>> what will see is:
>>>>>>>>
>>>>>>>> - In the case you have the view_resourcebase permission (who can
>>>>>>>> see it
>>>>>>>> ?), you will see the current template corresponding to
>>>>>>>> layer_detail.html:
>>>>>>>> both access to datas and metadatas.
>>>>>>>> - In the other case if you don't have the view_resourcebase
>>>>>>>> permission,
>>>>>>>> you 'll only have access to metadatas's ressource (that means a
>>>>>>>> template
>>>>>>>> similar to layer_detail.html but Instead of the geoexplorer frame
>>>>>>>> you sould
>>>>>>>> have a "permission denied" message, but the possibility to retrieve
>>>>>>>> metadata).
>>>>>>>>
>>>>>>>> It's quite simple to make all the layers visible in the layer list,
>>>>>>>> whoever is logged in (you just have to modify SKIP_PERMS_FILTERS in
>>>>>>>> settings.py AND read_list function in module api/authorisation.py).
>>>>>>>> but the actual behavior is to catch a 403 http error when trying to
>>>>>>>> view
>>>>>>>> the layer detail.
>>>>>>>> Modifying the 403.html template does not seems to be the good way to
>>>>>>>> process.
>>>>>>>> I don't think it is necessary to modify geonode's database model
>>>>>>>> because
>>>>>>>> the view_ressource permission  is enough, considering that  viewing
>>>>>>>> the
>>>>>>>> ressource is equivalent to having access to the data (even if you
>>>>>>>> can't
>>>>>>>> download it). There's no need to add a new kind of permissions, as
>>>>>>>> far as I
>>>>>>>> can guess.
>>>>>>>> What is prefered is not throwing a 403 error but just the
>>>>>>>> layer_detail.html template modified to get only metadatas.
>>>>>>>>
>>>>>>>> I hope the explanation was clear enough,
>>>>>>>> Thanks for your advices
>>>>>>>> Hugo FERRARI
>>>>>>>>
>>>>>>>> PS
>>>>>>>> Does it correspond to the actual geonode developpement policy ?
>>>>>>>> Datas and metada are strongly linked in this software.
>>>>>>>> Could this functionnality be interresting for any other geonode
>>>>>>>> users?
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> Le 08/06/2015 23:00, geonode-users-request at lists.osgeo.org a ?crit
>>>>>>>> :
>>>>>>>>
>>>>>>>>  Send geonode-users mailing list submissions to
>>>>>>>>>          geonode-users at lists.osgeo.org
>>>>>>>>>
>>>>>>>>> To subscribe or unsubscribe via the World Wide Web, visit
>>>>>>>>>
>>>>>>>>> http://lists.osgeo.org/cgi-bin/mailman/listinfo/geonode-users
>>>>>>>>> or, via email, send a message with subject or body 'help' to
>>>>>>>>>          geonode-users-request at lists.osgeo.org
>>>>>>>>>
>>>>>>>>> You can reach the person managing the list at
>>>>>>>>>          geonode-users-owner at lists.osgeo.org
>>>>>>>>>
>>>>>>>>> When replying, please edit your Subject line so it is more specific
>>>>>>>>> than "Re: Contents of geonode-users digest..."
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Today's Topics:
>>>>>>>>>
>>>>>>>>>      1. Re: osgeo module install problem (Simone Dalmasso)
>>>>>>>>>      2. Problems to Translate Geonode - Transifex -      Portuguese
>>>>>>>>>         (Brazil) (Davi Custodio)
>>>>>>>>>      3. Re: Problems to Translate Geonode - Transifex - Portuguese
>>>>>>>>>         (Brazil) (Julien Collaer)
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> ----------------------------------------------------------------------
>>>>>>>>>
>>>>>>>>> Message: 1
>>>>>>>>> Date: Sun, 7 Jun 2015 21:40:13 +0200
>>>>>>>>> From: Simone Dalmasso <simone.dalmasso at gmail.com>
>>>>>>>>> To: Vicente <deluca.vicente at gmail.com>
>>>>>>>>> Cc: geonode-users <geonode-users at lists.osgeo.org>
>>>>>>>>> Subject: Re: [GeoNode-users] osgeo module install problem
>>>>>>>>> Message-ID:
>>>>>>>>>          <CAAHAC+cU9GgbBUe-ocH4GJZ1PaXEZDrY5W=
>>>>>>>>> ZCsTzSUSx5ymVvA at mail.gmail.com>
>>>>>>>>> Content-Type: text/plain; charset="utf-8"
>>>>>>>>>
>>>>>>>>> Hi, you are missing the gdal python bindings, a "pip install gdal"
>>>>>>>>> should
>>>>>>>>> fix it.
>>>>>>>>>
>>>>>>>>> Hope it helps, ciao
>>>>>>>>>
>>>>>>>>> 2015-06-07 17:59 GMT+02:00 Vicente <deluca.vicente at gmail.com>:
>>>>>>>>>
>>>>>>>>>   Good afternoon,
>>>>>>>>>
>>>>>>>>>> If I run the following line from my command line, the answer is
>>>>>>>>>> successful
>>>>>>>>>>
>>>>>>>>>> $ sudo apt-get -y install libgdal1h libgdal-dev python-gdal
>>>>>>>>>>
>>>>>>>>>> But if I run from the session virtualenv, the answer is No module
>>>>>>>>>> named
>>>>>>>>>> osgeo.
>>>>>>>>>>
>>>>>>>>>> I have just added the following session variables in my .bashrc:
>>>>>>>>>> export VIRTUALENVWRAPPER_PYTHON = / usr / bin / python
>>>>>>>>>> export WORKON_HOME = ~ / .venvs
>>>>>>>>>> source /usr/local/bin/virtualenvwrapper.sh
>>>>>>>>>> export PIP_DOWNLOAD_CACHE = $ HOME / .pip-downloads
>>>>>>>>>>
>>>>>>>>>> Both session with virtualenv or outside, the python to run is the
>>>>>>>>>> same,
>>>>>>>>>> Python 2.7.6 (default, Mar 22 2014, 22:59:56)
>>>>>>>>>>
>>>>>>>>>> The result is that I can not run because there is paver start the
>>>>>>>>>> osgeo
>>>>>>>>>> module from within the session obviously.
>>>>>>>>>>
>>>>>>>>>> Thanks!
>>>>>>>>>>
>>>>>>>>>> --
>>>>>>>>>>
>>>>>>>>>> [image: MANTA] <http://www.estudiomanta.com/>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Vicente Deluca
>>>>>>>>>>
>>>>>>>>>> *+54 11 6091 4579 <%2B54%2011%206091%204579>*
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> _______________________________________________
>>>>>>>>>> geonode-users mailing list
>>>>>>>>>> geonode-users at lists.osgeo.org
>>>>>>>>>> http://lists.osgeo.org/cgi-bin/mailman/listinfo/geonode-users
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>  _______________________________________________
>>>>>>>> geonode-users mailing list
>>>>>>>> geonode-users at lists.osgeo.org
>>>>>>>> http://lists.osgeo.org/cgi-bin/mailman/listinfo/geonode-users
>>>>>>>>
>>>>>>>>  -------------- next part --------------
>>>>>>> An HTML attachment was scrubbed...
>>>>>>> URL: <
>>>>>>> http://lists.osgeo.org/pipermail/geonode-users/attachments/20150609/4dbe42d3/attachment-0001.html
>>>>>>> >
>>>>>>>
>>>>>>> ------------------------------
>>>>>>>
>>>>>>> Message: 3
>>>>>>> Date: Tue, 9 Jun 2015 16:50:01 +0200
>>>>>>> From: Paolo Corti <pcorti at gmail.com>
>>>>>>> To: Ariel Nunez <ingenieroariel at gmail.com>
>>>>>>> Cc: FERRARI Hugo <ferrari_hugo at yahoo.fr>,
>>>>>>>         "geonode-users at lists.osgeo.org" <
>>>>>>> geonode-users at lists.osgeo.org>
>>>>>>> Subject: Re: [GeoNode-users] developpement: Modifying permission
>>>>>>>         behavior and data visibility in Geonode
>>>>>>> Message-ID:
>>>>>>>         <
>>>>>>> CAHXrU-JBaUUQUBz7BjsNuTkmOpOSLB7rxAaXEt3Qsn1TmKmvqw at mail.gmail.com>
>>>>>>> Content-Type: text/plain; charset=UTF-8
>>>>>>>
>>>>>>> Yes, Ariel is totally right.
>>>>>>> Currently we don't have a specific permission for viewing metadata.
>>>>>>> This is implicit with the view_resourcebase permission that gives
>>>>>>> access to the data and metadata at the same time.
>>>>>>> As suggested by Ariel you may consider to add a new django guardian
>>>>>>> permission at the resource base model, like it has been done here [1]
>>>>>>> and then have your GeoNode instance behaved according to it in views,
>>>>>>> templates and javascript.
>>>>>>> I don't think there is an easy way to avoid forking GeoNode and
>>>>>>> customize the beahviour in your GeoNode project, though it may be not
>>>>>>> impossible and this would keep your instance easily updateable with
>>>>>>> mainstream code.
>>>>>>> Even better, as Ariel suggested, you may though fork it and send a PR
>>>>>>> as it could be useful for others as well.
>>>>>>> regards
>>>>>>> p
>>>>>>>
>>>>>>> [1]
>>>>>>> https://github.com/GeoNode/geonode/blob/master/geonode/base/models.py#L648
>>>>>>>
>>>>>>>
>>>>>>> On Tue, Jun 9, 2015 at 4:01 PM, Ariel Nunez <
>>>>>>> ingenieroariel at gmail.com> wrote:
>>>>>>>
>>>>>>>> Hugo,
>>>>>>>>
>>>>>>>> Based on what I understand, the best path forward is to have a
>>>>>>>> view_metadata
>>>>>>>> permission that you use to enforce the behavior you want. Assigning
>>>>>>>> a new
>>>>>>>> meaning to the existing permission may be problematic for other
>>>>>>>> users with
>>>>>>>> different needs (for example where metadata is sensitive
>>>>>>>> information).
>>>>>>>>
>>>>>>>> The place where we want to get to, is to allow uploaders to
>>>>>>>> restrict any
>>>>>>>> actions they want, but give the end user buttons to request
>>>>>>>> permissions (to
>>>>>>>> view if they cannot view, to download if they can only view, to
>>>>>>>> edit if the
>>>>>>>> can only download) to encourage a conversation between uploaders
>>>>>>>> and users
>>>>>>>> and provide a workflow to allow access to information when it is
>>>>>>>> needed.
>>>>>>>>
>>>>>>>> The changes you make would be good candidates for inclusion in the
>>>>>>>> main
>>>>>>>> version of GeoNode so others can benefit in the future. Hopefully
>>>>>>>> others
>>>>>>>> (Paolo?) can chime in with more specific feedback.
>>>>>>>>
>>>>>>>> Best,
>>>>>>>> Ariel.
>>>>>>>>
>>>>>>>> On Tue, Jun 9, 2015 at 7:56 AM, FERRARI Hugo <ferrari_hugo at yahoo.fr>
>>>>>>>> wrote:
>>>>>>>>
>>>>>>>>> Hello everyone,
>>>>>>>>> I have installed a complete geonode instance on a developpement
>>>>>>>>> server.
>>>>>>>>> I want  to change thebehaviorofthesoftware  to make it fit the
>>>>>>>>> need of the
>>>>>>>>> institution I work for.
>>>>>>>>> So i'm looking for some advices because  I didn't manage to code
>>>>>>>>> it yet.
>>>>>>>>>
>>>>>>>>> My aim to separate metada access from the data access.
>>>>>>>>> That  is to make all the layers uploaded in geoserver VISIBLE for
>>>>>>>>> all
>>>>>>>>> users (logged or not) but only in the layer-list page , not on the
>>>>>>>>> layer-detail page .
>>>>>>>>> If you click on any specific layer in the layer-list (or
>>>>>>>>> document-list
>>>>>>>>> because i want the same behavior for both), you get the layer
>>>>>>>>> detail so you
>>>>>>>>> what will see is:
>>>>>>>>>
>>>>>>>>> - In the case you have the view_resourcebase permission (who can
>>>>>>>>> see it
>>>>>>>>> ?), you will see the current template corresponding to
>>>>>>>>> layer_detail.html:
>>>>>>>>> both access to datas and metadatas.
>>>>>>>>> - In the other case if you don't have the view_resourcebase
>>>>>>>>> permission,
>>>>>>>>> you 'll only have access to metadatas's ressource (that means a
>>>>>>>>> template
>>>>>>>>> similar to layer_detail.html but Instead of the geoexplorer frame
>>>>>>>>> you sould
>>>>>>>>> have a "permission denied" message, but the possibility to retrieve
>>>>>>>>> metadata).
>>>>>>>>>
>>>>>>>>> It's quite simple to make all the layers visible in the layer list,
>>>>>>>>> whoever is logged in (you just have to modify SKIP_PERMS_FILTERS in
>>>>>>>>> settings.py AND read_list function in module api/authorisation.py).
>>>>>>>>> but the actual behavior is to catch a 403 http error when trying
>>>>>>>>> to view
>>>>>>>>> the layer detail.
>>>>>>>>> Modifying the 403.html template does not seems to be the good way
>>>>>>>>> to
>>>>>>>>> process.
>>>>>>>>> I don't think it is necessary to modify geonode's database model
>>>>>>>>> because
>>>>>>>>> the view_ressource permission  is enough, considering that
>>>>>>>>> viewing the
>>>>>>>>> ressource is equivalent to having access to the data (even if you
>>>>>>>>> can't
>>>>>>>>> download it). There's no need to add a new kind of permissions, as
>>>>>>>>> far as I
>>>>>>>>> can guess.
>>>>>>>>> What is prefered is not throwing a 403 error but just the
>>>>>>>>> layer_detail.html template modified to get only metadatas.
>>>>>>>>>
>>>>>>>>> I hope the explanation was clear enough,
>>>>>>>>> Thanks for your advices
>>>>>>>>> Hugo FERRARI
>>>>>>>>>
>>>>>>>>> PS
>>>>>>>>> Does it correspond to the actual geonode developpement policy ?
>>>>>>>>> Datas and metada are strongly linked in this software.
>>>>>>>>> Could this functionnality be interresting for any other geonode
>>>>>>>>> users?
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Le 08/06/2015 23:00, geonode-users-request at lists.osgeo.org a
>>>>>>>>> ?crit :
>>>>>>>>>
>>>>>>>>>> Send geonode-users mailing list submissions to
>>>>>>>>>>          geonode-users at lists.osgeo.org
>>>>>>>>>>
>>>>>>>>>> To subscribe or unsubscribe via the World Wide Web, visit
>>>>>>>>>>
>>>>>>>>>> http://lists.osgeo.org/cgi-bin/mailman/listinfo/geonode-users
>>>>>>>>>> or, via email, send a message with subject or body 'help' to
>>>>>>>>>>          geonode-users-request at lists.osgeo.org
>>>>>>>>>>
>>>>>>>>>> You can reach the person managing the list at
>>>>>>>>>>          geonode-users-owner at lists.osgeo.org
>>>>>>>>>>
>>>>>>>>>> When replying, please edit your Subject line so it is more
>>>>>>>>>> specific
>>>>>>>>>> than "Re: Contents of geonode-users digest..."
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Today's Topics:
>>>>>>>>>>
>>>>>>>>>>      1. Re: osgeo module install problem (Simone Dalmasso)
>>>>>>>>>>      2. Problems to Translate Geonode - Transifex -
>>>>>>>>>> Portuguese
>>>>>>>>>>         (Brazil) (Davi Custodio)
>>>>>>>>>>      3. Re: Problems to Translate Geonode - Transifex - Portuguese
>>>>>>>>>>         (Brazil) (Julien Collaer)
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> ----------------------------------------------------------------------
>>>>>>>>>>
>>>>>>>>>> Message: 1
>>>>>>>>>> Date: Sun, 7 Jun 2015 21:40:13 +0200
>>>>>>>>>> From: Simone Dalmasso <simone.dalmasso at gmail.com>
>>>>>>>>>> To: Vicente <deluca.vicente at gmail.com>
>>>>>>>>>> Cc: geonode-users <geonode-users at lists.osgeo.org>
>>>>>>>>>> Subject: Re: [GeoNode-users] osgeo module install problem
>>>>>>>>>> Message-ID:
>>>>>>>>>>
>>>>>>>>>> <CAAHAC+cU9GgbBUe-ocH4GJZ1PaXEZDrY5W=
>>>>>>>>>> ZCsTzSUSx5ymVvA at mail.gmail.com>
>>>>>>>>>> Content-Type: text/plain; charset="utf-8"
>>>>>>>>>>
>>>>>>>>>> Hi, you are missing the gdal python bindings, a "pip install
>>>>>>>>>> gdal" should
>>>>>>>>>> fix it.
>>>>>>>>>>
>>>>>>>>>> Hope it helps, ciao
>>>>>>>>>>
>>>>>>>>>> 2015-06-07 17:59 GMT+02:00 Vicente <deluca.vicente at gmail.com>:
>>>>>>>>>>
>>>>>>>>>>  Good afternoon,
>>>>>>>>>>> If I run the following line from my command line, the answer is
>>>>>>>>>>> successful
>>>>>>>>>>>
>>>>>>>>>>> $ sudo apt-get -y install libgdal1h libgdal-dev python-gdal
>>>>>>>>>>>
>>>>>>>>>>> But if I run from the session virtualenv, the answer is No
>>>>>>>>>>> module named
>>>>>>>>>>> osgeo.
>>>>>>>>>>>
>>>>>>>>>>> I have just added the following session variables in my .bashrc:
>>>>>>>>>>> export VIRTUALENVWRAPPER_PYTHON = / usr / bin / python
>>>>>>>>>>> export WORKON_HOME = ~ / .venvs
>>>>>>>>>>> source /usr/local/bin/virtualenvwrapper.sh
>>>>>>>>>>> export PIP_DOWNLOAD_CACHE = $ HOME / .pip-downloads
>>>>>>>>>>>
>>>>>>>>>>> Both session with virtualenv or outside, the python to run is
>>>>>>>>>>> the same,
>>>>>>>>>>> Python 2.7.6 (default, Mar 22 2014, 22:59:56)
>>>>>>>>>>>
>>>>>>>>>>> The result is that I can not run because there is paver start
>>>>>>>>>>> the osgeo
>>>>>>>>>>> module from within the session obviously.
>>>>>>>>>>>
>>>>>>>>>>> Thanks!
>>>>>>>>>>>
>>>>>>>>>>> --
>>>>>>>>>>>
>>>>>>>>>>> [image: MANTA] <http://www.estudiomanta.com/>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> Vicente Deluca
>>>>>>>>>>>
>>>>>>>>>>> *+54 11 6091 4579 <%2B54%2011%206091%204579>*
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> _______________________________________________
>>>>>>>>>>> geonode-users mailing list
>>>>>>>>>>> geonode-users at lists.osgeo.org
>>>>>>>>>>> http://lists.osgeo.org/cgi-bin/mailman/listinfo/geonode-users
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>  _______________________________________________
>>>>>>>>> geonode-users mailing list
>>>>>>>>> geonode-users at lists.osgeo.org
>>>>>>>>> http://lists.osgeo.org/cgi-bin/mailman/listinfo/geonode-users
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> geonode-users mailing list
>>>>>>>> geonode-users at lists.osgeo.org
>>>>>>>> http://lists.osgeo.org/cgi-bin/mailman/listinfo/geonode-users
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>> _______________________________________________
>>>>>> geonode-users mailing list
>>>>>> geonode-users at lists.osgeo.org
>>>>>> http://lists.osgeo.org/cgi-bin/mailman/listinfo/geonode-users
>>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> geonode-users mailing list
>>>>> geonode-users at lists.osgeo.org
>>>>> http://lists.osgeo.org/cgi-bin/mailman/listinfo/geonode-users
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> Simone
>>>>
>>>
>>>
>>
>>
>> --
>> Simone
>>
>
>


-- 
Simone
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/geonode-users/attachments/20150616/8418e07f/attachment-0001.html>


More information about the geonode-users mailing list