[GeoNode-users] Problem with GeoFence permissions
Alessio Fabiani
alessio.fabiani at geo-solutions.it
Wed Mar 7 06:25:28 PST 2018
The risk is very high.
Try to compare the one from 2.7.x branch with your one. Maybe they have
diverged less.
Regards,
Alessio Fabiani
==
GeoServer Professional Services from the experts! Visit http://goo.gl/it488V
for more information.
==
Ing. Alessio Fabiani
@alfa7691
Founder/Technical Lead
GeoSolutions S.A.S.
Via di Montramito 3/A
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 331 6233686
http://www.geo-solutions.it
http://twitter.com/geosolutions_it
-------------------------------------------------------
AVVERTENZE AI SENSI DEL D.Lgs. 196/2003
Le informazioni contenute in questo messaggio di posta elettronica e/o
nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il
loro utilizzo è consentito esclusivamente al destinatario del messaggio,
per le finalità indicate nel messaggio stesso. Qualora riceviate questo
messaggio senza esserne il destinatario, Vi preghiamo cortesemente di
darcene notizia via e-mail e di procedere alla distruzione del messaggio
stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso,
divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od
utilizzarlo per finalità diverse, costituisce comportamento contrario ai
principi dettati dal D.Lgs. 196/2003.
The information in this message and/or attachments, is intended solely for
the attention and use of the named addressee(s) and may be confidential or
proprietary in nature or covered by the provisions of privacy act
(Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection
Code).Any use not in accord with its purpose, any disclosure, reproduction,
copying, distribution, or either dissemination, either whole or partial, is
strictly forbidden except previous formal approval of the named
addressee(s). If you are not the intended recipient, please contact
immediately the sender by telephone, fax or e-mail and delete the
information in this message that has been received in error. The sender
does not give any warranty or accept liability as the content, accuracy or
completeness of sent messages and accepts no responsibility for changes
made after they were sent or for other risks which arise as a result of
e-mail transmission, viruses, etc.
2018-03-07 15:22 GMT+01:00 Daniel Victoria <daniel.victoria at gmail.com>:
> I've seem that the geonode/security/models.py in the master branch is
> quite different from what I got installed using the apt-sources. The file
> from the 2.6.x branch also differs from what I've got. Can I pull the
> security/models.py from the 2.6.x branch into my APT installation? Or do I
> risk messing things up even more?
>
>
>
> On Wed, Mar 7, 2018 at 10:55 AM Alessio Fabiani <alessio.fabiani at geo-
> solutions.it> wrote:
>
>> Uhm that's strange, from what I see on the code it should be the same
>> that updating permissions from the gui.
>>
>> print 'Synchronizing permissions for layer %s/%s: %s' % (count,
>> layers_count, layer.alternate)
>> perm_spec = json.loads(_perms_info_json(layer))
>> layer.set_permissions(perm_spec)
>>
>>
>> it's possible that the old geofence methods have some bugs. There were a
>> lot or fixes since 2.6.3 version there also.
>>
>>
>>
>> Regards,
>>
>> Alessio Fabiani
>>
>> ==
>> GeoServer Professional Services from the experts! Visit
>> http://goo.gl/it488V for more information.
>> ==
>>
>> Ing. Alessio Fabiani
>>
>> @alfa7691
>> Founder/Technical Lead
>>
>>
>> GeoSolutions S.A.S.
>> Via di Montramito 3/A
>> <https://maps.google.com/?q=Via+di+Montramito+3/A+55054+%C2%A0Massarosa&entry=gmail&source=g>
>> 55054 Massarosa
>> <https://maps.google.com/?q=Via+di+Montramito+3/A+55054+%C2%A0Massarosa&entry=gmail&source=g>
>> (LU)
>> Italy
>> phone: +39 0584 962313 <+39%200584%20962313>
>> fax: +39 0584 1660272 <+39%200584%20166%200272>
>> mob: +39 331 6233686 <+39%20331%20623%203686>
>>
>> http://www.geo-solutions.it
>> http://twitter.com/geosolutions_it
>>
>> -------------------------------------------------------
>>
>> AVVERTENZE AI SENSI DEL D.Lgs. 196/2003
>>
>> Le informazioni contenute in questo messaggio di posta elettronica e/o
>> nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il
>> loro utilizzo è consentito esclusivamente al destinatario del messaggio,
>> per le finalità indicate nel messaggio stesso. Qualora riceviate questo
>> messaggio senza esserne il destinatario, Vi preghiamo cortesemente di
>> darcene notizia via e-mail e di procedere alla distruzione del messaggio
>> stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso,
>> divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od
>> utilizzarlo per finalità diverse, costituisce comportamento contrario ai
>> principi dettati dal D.Lgs. 196/2003.
>>
>> The information in this message and/or attachments, is intended solely
>> for the attention and use of the named addressee(s) and may be confidential
>> or proprietary in nature or covered by the provisions of privacy act
>> (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection
>> Code).Any use not in accord with its purpose, any disclosure, reproduction,
>> copying, distribution, or either dissemination, either whole or partial, is
>> strictly forbidden except previous formal approval of the named
>> addressee(s). If you are not the intended recipient, please contact
>> immediately the sender by telephone, fax or e-mail and delete the
>> information in this message that has been received in error. The sender
>> does not give any warranty or accept liability as the content, accuracy or
>> completeness of sent messages and accepts no responsibility for changes
>> made after they were sent or for other risks which arise as a result of
>> e-mail transmission, viruses, etc.
>>
>> 2018-03-07 13:54 GMT+01:00 Daniel Victoria <daniel.victoria at gmail.com>:
>>
>>> Thanks Alessio,
>>>
>>> I had substituted "layer.alternate" to "layer.name" and sync_geofence
>>> worked with no complains. I also added a 5 second timeout between each
>>> layer processing to try to bypass the problem mentioned by Paolo when
>>> adding several rules to GeoFence.
>>>
>>> However, each time I run sync_geofence I still get a different set of
>>> data access rules in GeoFence. And I haven't figured out a pattern of which
>>> layers are or not included in the rules.
>>>
>>> Cheers
>>> Daniel
>>>
>>> On Wed, Mar 7, 2018 at 5:34 AM Alessio Fabiani <alessio.fabiani at geo-
>>> solutions.it> wrote:
>>>
>>>> Dear all,
>>>> "alternate" attribute has been introduced on GeoNode 2.7+ with the
>>>> update of pycsw.
>>>>
>>>> In the older versions you must use "typename" instead.
>>>>
>>>>
>>>> Regards,
>>>>
>>>> Alessio Fabiani
>>>>
>>>> ==
>>>> GeoServer Professional Services from the experts! Visit
>>>> http://goo.gl/it488V for more information.
>>>> ==
>>>>
>>>> Ing. Alessio Fabiani
>>>>
>>>> @alfa7691
>>>> Founder/Technical Lead
>>>>
>>>>
>>>> GeoSolutions S.A.S.
>>>> Via di Montramito 3/A
>>>> <https://maps.google.com/?q=Via+di+Montramito+3/A+55054+%C2%A0Massarosa&entry=gmail&source=g>
>>>> 55054 Massarosa
>>>> <https://maps.google.com/?q=Via+di+Montramito+3/A+55054+%C2%A0Massarosa&entry=gmail&source=g>
>>>> (LU)
>>>> Italy
>>>> phone: +39 0584 962313 <+39%200584%20962313>
>>>> fax: +39 0584 1660272 <+39%200584%20166%200272>
>>>> mob: +39 331 6233686 <+39%20331%20623%203686>
>>>>
>>>> http://www.geo-solutions.it
>>>> http://twitter.com/geosolutions_it
>>>>
>>>> -------------------------------------------------------
>>>>
>>>> AVVERTENZE AI SENSI DEL D.Lgs. 196/2003
>>>>
>>>> Le informazioni contenute in questo messaggio di posta elettronica e/o
>>>> nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il
>>>> loro utilizzo è consentito esclusivamente al destinatario del messaggio,
>>>> per le finalità indicate nel messaggio stesso. Qualora riceviate questo
>>>> messaggio senza esserne il destinatario, Vi preghiamo cortesemente di
>>>> darcene notizia via e-mail e di procedere alla distruzione del messaggio
>>>> stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso,
>>>> divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od
>>>> utilizzarlo per finalità diverse, costituisce comportamento contrario ai
>>>> principi dettati dal D.Lgs. 196/2003.
>>>>
>>>> The information in this message and/or attachments, is intended solely
>>>> for the attention and use of the named addressee(s) and may be confidential
>>>> or proprietary in nature or covered by the provisions of privacy act
>>>> (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection
>>>> Code).Any use not in accord with its purpose, any disclosure, reproduction,
>>>> copying, distribution, or either dissemination, either whole or partial, is
>>>> strictly forbidden except previous formal approval of the named
>>>> addressee(s). If you are not the intended recipient, please contact
>>>> immediately the sender by telephone, fax or e-mail and delete the
>>>> information in this message that has been received in error. The sender
>>>> does not give any warranty or accept liability as the content, accuracy or
>>>> completeness of sent messages and accepts no responsibility for changes
>>>> made after they were sent or for other risks which arise as a result of
>>>> e-mail transmission, viruses, etc.
>>>>
>>>> 2018-03-06 17:26 GMT+01:00 Daniel Victoria <daniel.victoria at gmail.com>:
>>>>
>>>>> Hi Paolo,
>>>>>
>>>>> I removed the try block. The error happens in the first print
>>>>> statement, when it tries to print layer.alternate.
>>>>> It says:
>>>>> AttributeError: 'Layer' object has no attribute 'alternate'
>>>>>
>>>>> I then removed the layer.alternate from the print statement and the
>>>>> sync_geofence command runs. But each time I run it, I get a different
>>>>> number of geofence data rules.
>>>>> I'll try to run the commands in a python interpreter and try to
>>>>> identify what's going on.
>>>>>
>>>>> Cheers
>>>>>
>>>>>
>>>>> On Tue, Mar 6, 2018 at 11:37 AM Paolo Corti <pcorti at gmail.com> wrote:
>>>>>
>>>>>> Daniel
>>>>>> remove the try block, and paste here the error trace stack
>>>>>> ps: to debug with the shell, you must use "django-admin shell" command
>>>>>> (which is "geonode shell" if you are using the Ubuntu package, I
>>>>>> believe)
>>>>>> thanks
>>>>>> Paolo
>>>>>>
>>>>>> On Tue, Mar 6, 2018 at 7:11 AM, Daniel Victoria
>>>>>> <daniel.victoria at gmail.com> wrote:
>>>>>> > Hi Paolo,
>>>>>> >
>>>>>> > There are 2 print statements in the except block. The first prints
>>>>>> the error
>>>>>> > and the second is the one that complains about the variable
>>>>>> 'perm_spec'
>>>>>> > referenced before assignment.
>>>>>> >
>>>>>> > If I comment out just the second print statement I the following
>>>>>> message
>>>>>> > printed to the screen, one for each layer registered in GeoServer
>>>>>> >
>>>>>> > ('Unexpected error:', <type 'exceptions.AttributeError'>)
>>>>>> >
>>>>>> > I tried to run the commands in a python interpreter to debug this.
>>>>>> But I
>>>>>> > could not get the environment set. When I import the
>>>>>> geonode.layers.models
>>>>>> > in the interpreter, it complains about django_settings_module.
>>>>>> >
>>>>>> > Cheers
>>>>>> > Daniel
>>>>>> >
>>>>>> > On Mon, Mar 5, 2018 at 10:08 PM Paolo Corti <pcorti at gmail.com>
>>>>>> wrote:
>>>>>> >>
>>>>>> >> Hi Daniel
>>>>>> >> can you try to remove the line with the print statement and see
>>>>>> what
>>>>>> >> kind of error is raising?
>>>>>> >>
>>>>>> >> Paolo
>>>>>> >>
>>>>>> >> On Mon, Mar 5, 2018 at 12:26 PM, Daniel Victoria
>>>>>> >> <daniel.victoria at gmail.com> wrote:
>>>>>> >> > Hi Paolo,
>>>>>> >> >
>>>>>> >> > Thanks for the tip. However, I installed GeoNode from the APT
>>>>>> repository
>>>>>> >> > and
>>>>>> >> > I have no idea how to upgrade GeoNode or change GeoFence store
>>>>>> from H2
>>>>>> >> > to
>>>>>> >> > PostgreSQL.
>>>>>> >> >
>>>>>> >> > I also added time.sleep(5) in sync_geofence.py, right before the
>>>>>> try
>>>>>> >> > block
>>>>>> >> > but I'm still getting an error: It fails with the message:
>>>>>> >> >
>>>>>> >> > ('Unexpected error:', <type 'exceptions.AttributeError'>)
>>>>>> >> > Traceback (most recent call last):
>>>>>> >> > File "/usr/bin/django-admin", line 21, in <module>
>>>>>> >> > management.execute_from_command_line()
>>>>>> >> > File
>>>>>> >> > "/usr/lib/python2.7/dist-packages/django/core/
>>>>>> management/__init__.py",
>>>>>> >> > line
>>>>>> >> > 354, in execute_from_command_line
>>>>>> >> > utility.execute()
>>>>>> >> > File
>>>>>> >> > "/usr/lib/python2.7/dist-packages/django/core/
>>>>>> management/__init__.py",
>>>>>> >> > line
>>>>>> >> > 346, in execute
>>>>>> >> > self.fetch_command(subcommand).run_from_argv(self.argv)
>>>>>> >> > File
>>>>>> >> > "/usr/lib/python2.7/dist-packages/django/core/
>>>>>> management/base.py",
>>>>>> >> > line 394, in run_from_argv
>>>>>> >> > self.execute(*args, **cmd_options)
>>>>>> >> > File
>>>>>> >> > "/usr/lib/python2.7/dist-packages/django/core/
>>>>>> management/base.py",
>>>>>> >> > line 445, in execute
>>>>>> >> > output = self.handle(*args, **options)
>>>>>> >> > File
>>>>>> >> >
>>>>>> >> > "/usr/local/lib/python2.7/dist-packages/geonode/
>>>>>> geoserver/management/commands/sync_geofence.py",
>>>>>> >> > line 60, in handle
>>>>>> >> > print 'perm_spec is %s' % perm_spec
>>>>>> >> > UnboundLocalError: local variable 'perm_spec' referenced before
>>>>>> >> > assignment
>>>>>> >> >
>>>>>> >> > Any other tips on how to fix this permission mess-up?
>>>>>> >> >
>>>>>> >> > Thanks
>>>>>> >> > Daniel
>>>>>> >> >
>>>>>> >> > On Mon, Mar 5, 2018 at 12:13 PM Paolo Corti <pcorti at gmail.com>
>>>>>> wrote:
>>>>>> >> >>
>>>>>> >> >> Another option could be to run a time.sleep for some seconds
>>>>>> after
>>>>>> >> >> each layer iteration in sync_geofence command
>>>>>> >> >> cheers
>>>>>> >> >> Paolo
>>>>>> >> >>
>>>>>> >> >> On Mon, Mar 5, 2018 at 10:04 AM, Paolo Corti <pcorti at gmail.com>
>>>>>> wrote:
>>>>>> >> >> > Hi Daniel
>>>>>> >> >> >
>>>>>> >> >> > You seem to have hit this bug which I reported to GeoFence
>>>>>> team in
>>>>>> >> >> > the
>>>>>> >> >> > past:
>>>>>> >> >> > https://github.com/geoserver/geofence/issues/98
>>>>>> >> >> >
>>>>>> >> >> > I didn't notice this happening in latest GeoFence version, so
>>>>>> >> >> > upgrading to latest GeoNode could be an option.
>>>>>> >> >> > Or you could try to use PostgreSQL instead than H2 as a
>>>>>> GeoFence
>>>>>> >> >> > store
>>>>>> >> >> >
>>>>>> >> >> > hope this helps
>>>>>> >> >> >
>>>>>> >> >> > cheers
>>>>>> >> >> > Paolo
>>>>>> >> >> >
>>>>>> >> >> > On Mon, Mar 5, 2018 at 9:19 AM, Daniel Victoria
>>>>>> >> >> > <daniel.victoria at gmail.com> wrote:
>>>>>> >> >> >> Update: Apparently, if I update the layer permissions in the
>>>>>> web
>>>>>> >> >> >> interface
>>>>>> >> >> >> or if i run `geonode updatelayers -f <layer_name>`, the
>>>>>> correct
>>>>>> >> >> >> GeoFence
>>>>>> >> >> >> permissions are created. Thus, doing so a layer at a time
>>>>>> works. But
>>>>>> >> >> >> several
>>>>>> >> >> >> layers at once, no.
>>>>>> >> >> >>
>>>>>> >> >> >> What should I look for in the GeoServer log to try to figure
>>>>>> out
>>>>>> >> >> >> where
>>>>>> >> >> >> the
>>>>>> >> >> >> problem is occurring? I can attach the GeoServer log if that
>>>>>> helps.
>>>>>> >> >> >>
>>>>>> >> >> >> Cheers
>>>>>> >> >> >> Daniel
>>>>>> >> >> >>
>>>>>> >> >> >> On Mon, Mar 5, 2018 at 9:52 AM Daniel Victoria
>>>>>> >> >> >> <daniel.victoria at gmail.com>
>>>>>> >> >> >> wrote:
>>>>>> >> >> >>>
>>>>>> >> >> >>> Hi list,
>>>>>> >> >> >>>
>>>>>> >> >> >>> I have GeoNode 2.6.3, installed from apt, in a Ubuntu
>>>>>> machine.
>>>>>> >> >> >>> Right
>>>>>> >> >> >>> now i
>>>>>> >> >> >>> have 108 registered layers, some imported using the web
>>>>>> interface,
>>>>>> >> >> >>> some
>>>>>> >> >> >>> using the `geonode importlayers` command.
>>>>>> >> >> >>>
>>>>>> >> >> >>> Last week I noticed that some of the layers I was importing
>>>>>> using
>>>>>> >> >> >>> the
>>>>>> >> >> >>> management command had view permission problems. I realized
>>>>>> that
>>>>>> >> >> >>> the
>>>>>> >> >> >>> cause
>>>>>> >> >> >>> was that the GeoFence rules were not being created
>>>>>> correctly.
>>>>>> >> >> >>>
>>>>>> >> >> >>> Looking at the messages on the list, I saw that there were
>>>>>> some
>>>>>> >> >> >>> discussions about this issue and that 1) there was a patch
>>>>>> for
>>>>>> >> >> >>> geoserver/helper.py [1] and 2) a new `sync_geofence`
>>>>>> management
>>>>>> >> >> >>> command.
>>>>>> >> >> >>>
>>>>>> >> >> >>> I applied the patch and downloaded the `sync_geofence`
>>>>>> command.
>>>>>> >> >> >>>
>>>>>> >> >> >>> Now, every time I run `geonode updatelayers` I end up with a
>>>>>> >> >> >>> different
>>>>>> >> >> >>> set
>>>>>> >> >> >>> of rules in GeoFence. Some times with 106 rules, some times
>>>>>> with
>>>>>> >> >> >>> 209
>>>>>> >> >> >>> rules
>>>>>> >> >> >>> etc. And I can't run `geonode sync_geofence` since I'm
>>>>>> getting an
>>>>>> >> >> >>> error:
>>>>>> >> >> >>>
>>>>>> >> >> >>> UnboundLocalError: local variable 'perm_spec' referenced
>>>>>> before
>>>>>> >> >> >>> assignment
>>>>>> >> >> >>>
>>>>>> >> >> >>> Any idea how to fix this issue so I don't have to manually
>>>>>> create
>>>>>> >> >> >>> the
>>>>>> >> >> >>> GeoFence rules? And also, not have `geonode updatelayers`
>>>>>> mess up
>>>>>> >> >> >>> the
>>>>>> >> >> >>> rules
>>>>>> >> >> >>> already created?
>>>>>> >> >> >>>
>>>>>> >> >> >>> Cheers
>>>>>> >> >> >>> Daniel
>>>>>> >> >> >>>
>>>>>> >> >> >>> [1] -
>>>>>> >> >> >>>
>>>>>> >> >> >>>
>>>>>> >> >> >>> https://github.com/GeoNode/geonode/commit/
>>>>>> 94b3b6abfd1bc856be94eb58f5bf13
>>>>>> >> >> >>
>>>>>> >> >> >>
>>>>>> >> >> >> _______________________________________________
>>>>>> >> >> >> geonode-users mailing list
>>>>>> >> >> >> geonode-users at lists.osgeo.org
>>>>>> >> >> >> https://lists.osgeo.org/mailman/listinfo/geonode-users
>>>>>> >> >> >>
>>>>>> >> >> >
>>>>>> >> >> >
>>>>>> >> >> >
>>>>>> >> >> > --
>>>>>> >> >> > Paolo Corti
>>>>>> >> >> > Geospatial software developer
>>>>>> >> >> > web: http://www.paolocorti.net
>>>>>> >> >> > twitter: @capooti
>>>>>> >> >> > skype: capooti
>>>>>> >> >>
>>>>>> >> >>
>>>>>> >> >>
>>>>>> >> >> --
>>>>>> >> >> Paolo Corti
>>>>>> >> >> Geospatial software developer
>>>>>> >> >> web: http://www.paolocorti.net
>>>>>> >> >> twitter: @capooti
>>>>>> >> >> skype: capooti
>>>>>> >>
>>>>>> >>
>>>>>> >>
>>>>>> >> --
>>>>>> >> Paolo Corti
>>>>>> >> Geospatial software developer
>>>>>> >> web: http://www.paolocorti.net
>>>>>> >> twitter: @capooti
>>>>>> >> skype: capooti
>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Paolo Corti
>>>>>> Geospatial software developer
>>>>>> web: http://www.paolocorti.net
>>>>>> twitter: @capooti
>>>>>> skype: capooti
>>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> geonode-users mailing list
>>>>> geonode-users at lists.osgeo.org
>>>>> https://lists.osgeo.org/mailman/listinfo/geonode-users
>>>>>
>>>>>
>>>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/geonode-users/attachments/20180307/fcf03590/attachment-0001.html>
More information about the geonode-users
mailing list