[GeoNode-users] Editing layer metadata via the geonode backend

Sam Franklin mr.samfranklin at gmail.com
Tue Nov 27 06:25:42 PST 2018


Hi List

I want to edit the metadata of layers on geonode programmatically e.g.
abstracts and ratings fields. One example is that I want to bulk update
data abstracts for many uploaded layers.

I'm not sure of the best approach, so I tried using an HTTP POST request to
the genode api, e.g. localhost/api/<some-endpoint>
I couldn't see a way to do this via the manage.py commandline application.
I didn't try a SQL insert/update approach, as thought the API route would
be cleaner.

I attempted to construct a POST request (using POSTMAN).

Using a postman GET request and adding a valid sessionid cookie, I'm able
to query a given layer (e.g. id=39) and get a JSON response of all the
metadata using URL (get) https://localhost/api/layers/?id=39. This
demonstrates that I can perform GET requests to the "layers" endpoint from
outside the browser.

When I manually edited a layer rating via the geonode UI, I intercepted
this output from the apache access log.
"POST /ratings/54/39/rate/ HTTP/1.1" 200 609 "
https://localhost/layers/geonode:mylayer" <user-agent>

However, for a POST request (and adding a referer header) using URL
https://localhost/ratings/54/39/rate/?rating=4, I receive a 403 forbidden
error which relates to the CSRF verification, see below pasted as plain
text body of the django response.

So this is obviously an authentication issue.

However, taking a step back, my queries are:
1. Are POST requests to the API possible at all from curl or postman or
some other client?
2. Is there any documentation on geonode API i.e. obtaining a CSRF token
via the API?
3. Is there a better approach to achieving editing metadata from the
backend?

Thanks in advance for any pointers.
Sam

*#### POST request error*
Forbidden (403)
CSRF verification failed. Request aborted.
Help
Reason given for failure:
    CSRF token missing or incorrect.

In general, this can occur when there is a genuine Cross Site Request
Forgery, or when Django's CSRF mechanism has not been used correctly. For
POST forms, you need to ensure:
Your browser is accepting cookies.
The view function passes a request to the template's render method.
In the template, there is a {% csrf_token %} template tag inside each POST
form that targets an internal URL.
If you are not using CsrfViewMiddleware, then you must use csrf_protect on
any views that use the csrf_token template tag, as well as those that
accept the POST data.
You're seeing the help section of this page because you have DEBUG = True
in your Django settings file. Change that to False, and only the initial
error message will be displayed.
You can customize this page using the CSRF_FAILURE_VIEW setting.
*#### *
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/geonode-users/attachments/20181127/49ac9bcb/attachment.html>


More information about the geonode-users mailing list