-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Layer download should be consistent with layer permissions #2085
Comments
How can we block the GeoServer WFS link? |
An option is to disable WFS, but this will disable also layer editing |
so disable WFS from GeoServer? Is there a way to only have WFS available with authentication and GeoNode can access it this way? |
This would require change in the java code base. The final solution would be to check the download authorization from the Still another approach could be to proxy the WFS requests from Django, and On Fri, Dec 18, 2015 at 11:59 AM, @tomgertin notifications@github.com
Paolo Corti |
Ok great. I would like to try the proxy approach with WFS requests from Django. I was able to change the GeoServer settings to be able to use the http headers to authenticate WFS services. Do you know what to change in Django to use these headers? |
This is what was done for styles authorization: You could do something like this, intercepting any call made to WFS On Mon, Dec 28, 2015 at 9:12 PM, @tomgertin notifications@github.com
Paolo Corti |
@afabiani this is one that I think you guys can look into. It comes up a lot. There is currently no way to disable the wfs but keep the wms working for a layer. Moving to 2.7 |
Roger, I will take a look at this. Best Regards, GeoServer Professional Services from the experts! Visit http://goo.gl/it488V for more information.Ing. Alessio Fabiani GeoSolutions S.A.S. http://www.geo-solutions.it AVVERTENZE AI SENSI DEL D.Lgs. 196/2003 Le informazioni contenute in questo messaggio di posta elettronica e/o The information in this message and/or attachments, is intended solely for On Sun, Aug 21, 2016 at 9:41 AM, Jeffrey Johnson notifications@github.com
|
This issue will be solved with the new A&A subsystem we are working on. GeoNode will expose a UserRoleService to GeoServer, wich can be used to configure Authorization on GeoServer side. See this document for the technical details: https://docs.google.com/document/d/1fEs6NsCVC3KcB8TCM_P7BmxKLrza2n9fxlySdQVShQ8/edit?usp=sharing Moreoever the plan would be to enable on GeoServer the GeoFence extension for advanced security which will enhance the granularity of security permissions. |
Dear all, I created a GNIP which will address this issue too: |
thanks @afabiani ! |
If a user/group does not have the download_resourcebase permission for a layer, GeoNode will correctly prevent to download it only by not showing the download button.
Unluckily an astute user will still be able to download the datasets if he can figure out the GeoServer WFS link.
The text was updated successfully, but these errors were encountered: