[GeoNode-users] Security issue: allowed to download view-only shapefiles if i create a map with selected layer
vlasvlasvlas at gmail.com
Tue May 5 08:55:47 PDT 2015
i'm having some user-groups security issue...
i installed geonode 2.4 (ubuntu 14)
i have 1 all-allow private group with 1 all-allow user ,
and 1 all-deny group with 1 all-deny user.
I have this issue:
1- using the all-allow user, i upload a shapefile, and i set public view
only (all other permissions just for his own user)
2- logging as the all-deny user, i do see the uploaded layer, thats correct
because i chose that "everyone can see this layer, but they cannot download
3- using the same all-deny user, i create a map using the can-view
4- Then click on my created map and choose "download map" and choose
"download data layer", then i click on "start map download".. and yes..
there's the problem, being a "you cannot download" user, i just downloaded
the "view only" layer by creating a map with it.
how can this be resolved?
if you need screenshots i can make them!
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the geonode-users