# Managing permissions

This example requires the Pro-feature to be active

In [1]:
import geoengine as ge

## Initialize Geo Engine as Admin

In [2]:
admin_client = ge.create_client("http://localhost:3030/api", ("admin@localhost", "adminadmin"))

## Create layer

In [3]:
root_collection = admin_client.layer_collection()
root_of_layerdb = root_collection.items[1].load()
layer_id = root_of_layerdb.add_layer(
    name="ports clone",
    description="test description",
    workflow={
        "type": "Vector",
        "operator": {
            "type": "PointInPolygonFilter",
            "params": {},
            "sources": {
                "points": {
                    "type": "OgrSource",
                    "params": {
                        "data": "ne_10m_ports",
                        "attributeProjection": None,
                        "attributeFilters": None
                    }
                },
                "polygons": {
                    "type": "OgrSource",
                    "params": {
                        "data": "germany_outline",
                        "attributeProjection": None,
                        "attributeFilters": None
                    }
                }
            }
        }
    },
    symbology=None,
)

root_of_layerdb.reload()
root_of_layerdb

Layer Collection,Layer Collection,Unnamed: 2_level_0
Layer Collection,Layer Collection,Unnamed: 2_level_1
Layer Collection,Layer Collection,Unnamed: 2_level_2
Layer Collection,Layer Collection,Unnamed: 2_level_3
Layer,Layer.1,Unnamed: 2_level_4
name,Layers,
description,All available Geo Engine layers,
id,05102bb3-a855-4a37-8a8a-30026a91fef1,
provider id,ce5e84db-cbf9-48a2-9a32-d4b7cc56ea74,
items,Layer CollectionnameAn empty collectiondescriptionThere is nothing hereida29f77cc-51ce-466b-86ef-d0ab2170bc0aprovider idce5e84db-cbf9-48a2-9a32-d4b7cc56ea74,
items,Layer Collection,Layer Collection
items,name,An empty collection
items,description,There is nothing here
id,a29f77cc-51ce-466b-86ef-d0ab2170bc0a,
provider id,ce5e84db-cbf9-48a2-9a32-d4b7cc56ea74,

Layer Collection,Layer Collection.1
name,An empty collection
description,There is nothing here
id,a29f77cc-51ce-466b-86ef-d0ab2170bc0a
provider id,ce5e84db-cbf9-48a2-9a32-d4b7cc56ea74

Layer Collection,Layer Collection.1
name,A test collection
description,Some layers for testing and an empty subcollection
id,272bf675-2e27-4412-824c-287c1e6841ac
provider id,ce5e84db-cbf9-48a2-9a32-d4b7cc56ea74

Layer Collection,Layer Collection.1
name,Unsorted
description,Unsorted Layers
id,ffb2dd9e-f5ad-427c-b7f1-c9a0c7a0ae3f
provider id,ce5e84db-cbf9-48a2-9a32-d4b7cc56ea74

Layer,Layer.1
name,ports clone
description,test description
id,fa4f5b02-1ca3-4b8f-acc7-39941a2f9190
provider id,ce5e84db-cbf9-48a2-9a32-d4b7cc56ea74


## Login anonymously, the layer is not visible

In [4]:
anon_client = ge.create_client("http://localhost:3030/api")
root_collection = anon_client.layer_collection()
root_of_layerdb = root_collection.items[1].load()

root_of_layerdb

Layer Collection,Layer Collection,Unnamed: 2_level_0
Layer Collection,Layer Collection,Unnamed: 2_level_1
Layer Collection,Layer Collection,Unnamed: 2_level_2
Layer Collection,Layer Collection.1,Unnamed: 2_level_3
name,Layers,
description,All available Geo Engine layers,
id,05102bb3-a855-4a37-8a8a-30026a91fef1,
provider id,ce5e84db-cbf9-48a2-9a32-d4b7cc56ea74,
items,Layer CollectionnameAn empty collectiondescriptionThere is nothing hereida29f77cc-51ce-466b-86ef-d0ab2170bc0aprovider idce5e84db-cbf9-48a2-9a32-d4b7cc56ea74,
items,Layer Collection,Layer Collection
items,name,An empty collection
description,There is nothing here,
id,a29f77cc-51ce-466b-86ef-d0ab2170bc0a,
provider id,ce5e84db-cbf9-48a2-9a32-d4b7cc56ea74,

Layer Collection,Layer Collection.1
name,An empty collection
description,There is nothing here
id,a29f77cc-51ce-466b-86ef-d0ab2170bc0a
provider id,ce5e84db-cbf9-48a2-9a32-d4b7cc56ea74

Layer Collection,Layer Collection.1
name,A test collection
description,Some layers for testing and an empty subcollection
id,272bf675-2e27-4412-824c-287c1e6841ac
provider id,ce5e84db-cbf9-48a2-9a32-d4b7cc56ea74

Layer Collection,Layer Collection.1
name,Unsorted
description,Unsorted Layers
id,ffb2dd9e-f5ad-427c-b7f1-c9a0c7a0ae3f
provider id,ce5e84db-cbf9-48a2-9a32-d4b7cc56ea74


## Share layer with all anonymous users

In [5]:
resource = ge.Resource.from_layer_id(layer_id)
admin_client.add_permission(ge.ANONYMOUS_USER_ROLE_ID, resource, ge.Permission.READ)


{"roleId": "fd8e87bf-515c-4f36-8da6-1a53702ff102", "resource": {"type": "layer", "id": "fa4f5b02-1ca3-4b8f-acc7-39941a2f9190"}, "permission": "Read"}


## Layer is now visible for anonymous users

In [6]:
root_collection = anon_client.layer_collection()
root_of_layerdb = root_collection.items[1].load()

root_of_layerdb

Layer Collection,Layer Collection,Unnamed: 2_level_0
Layer Collection,Layer Collection,Unnamed: 2_level_1
Layer Collection,Layer Collection,Unnamed: 2_level_2
Layer Collection,Layer Collection,Unnamed: 2_level_3
Layer,Layer.1,Unnamed: 2_level_4
name,Layers,
description,All available Geo Engine layers,
id,05102bb3-a855-4a37-8a8a-30026a91fef1,
provider id,ce5e84db-cbf9-48a2-9a32-d4b7cc56ea74,
items,Layer CollectionnameAn empty collectiondescriptionThere is nothing hereida29f77cc-51ce-466b-86ef-d0ab2170bc0aprovider idce5e84db-cbf9-48a2-9a32-d4b7cc56ea74,
items,Layer Collection,Layer Collection
items,name,An empty collection
items,description,There is nothing here
id,a29f77cc-51ce-466b-86ef-d0ab2170bc0a,
provider id,ce5e84db-cbf9-48a2-9a32-d4b7cc56ea74,

Layer Collection,Layer Collection.1
name,An empty collection
description,There is nothing here
id,a29f77cc-51ce-466b-86ef-d0ab2170bc0a
provider id,ce5e84db-cbf9-48a2-9a32-d4b7cc56ea74

Layer Collection,Layer Collection.1
name,A test collection
description,Some layers for testing and an empty subcollection
id,272bf675-2e27-4412-824c-287c1e6841ac
provider id,ce5e84db-cbf9-48a2-9a32-d4b7cc56ea74

Layer Collection,Layer Collection.1
name,Unsorted
description,Unsorted Layers
id,ffb2dd9e-f5ad-427c-b7f1-c9a0c7a0ae3f
provider id,ce5e84db-cbf9-48a2-9a32-d4b7cc56ea74

Layer,Layer.1
name,ports clone
description,test description
id,fa4f5b02-1ca3-4b8f-acc7-39941a2f9190
provider id,ce5e84db-cbf9-48a2-9a32-d4b7cc56ea74


## Create a user and a role

In [7]:
import requests as re
email = "foo@example.com"
password = "secret12345"

# register a user
response = re.post("http://localhost:3030/api/user", json={"email": email, "password": password, "realName": "Foo Bar"})
user_id = ge.UserId.from_response(response.json())

role_id = admin_client.add_role("Test Role")


{'id': '942a2ea0-b447-4a83-8552-000cbe57070e'}


## Create a layer and share it with new role

In [9]:
root_collection = admin_client.layer_collection()
root_of_layerdb = root_collection.items[1].load()
layer_id = root_of_layerdb.add_layer(
    name="ports clone for new role",
    description="test description",
    workflow={
        "type": "Vector",
        "operator": {
            "type": "PointInPolygonFilter",
            "params": {},
            "sources": {
                "points": {
                    "type": "OgrSource",
                    "params": {
                        "data": "ne_10m_ports",
                        "attributeProjection": None,
                        "attributeFilters": None
                    }
                },
                "polygons": {
                    "type": "OgrSource",
                    "params": {
                        "data": "germany_outline",
                        "attributeProjection": None,
                        "attributeFilters": None
                    }
                }
            }
        }
    },
    symbology=None,
)

resource = ge.Resource.from_layer_id(layer_id)
admin_client.add_permission(role_id, resource, ge.Permission.READ)


{"roleId": "3080f1a7-a8e3-4ee6-a348-749c219a74d1", "resource": {"type": "layer", "id": "d4b1fe4c-0d13-46a7-8b89-12c00a3e15c8"}, "permission": "Read"}


## Login as new user, the layer is not visible

In [10]:
new_user_client = ge.create_client("http://localhost:3030/api", (email, password))

root_collection = new_user_client.layer_collection() 
root_of_layerdb = root_collection.items[1].load()

root_of_layerdb

Layer Collection,Layer Collection,Unnamed: 2_level_0
Layer Collection,Layer Collection,Unnamed: 2_level_1
Layer Collection,Layer Collection,Unnamed: 2_level_2
Layer Collection,Layer Collection.1,Unnamed: 2_level_3
name,Layers,
description,All available Geo Engine layers,
id,05102bb3-a855-4a37-8a8a-30026a91fef1,
provider id,ce5e84db-cbf9-48a2-9a32-d4b7cc56ea74,
items,Layer CollectionnameAn empty collectiondescriptionThere is nothing hereida29f77cc-51ce-466b-86ef-d0ab2170bc0aprovider idce5e84db-cbf9-48a2-9a32-d4b7cc56ea74,
items,Layer Collection,Layer Collection
items,name,An empty collection
description,There is nothing here,
id,a29f77cc-51ce-466b-86ef-d0ab2170bc0a,
provider id,ce5e84db-cbf9-48a2-9a32-d4b7cc56ea74,

Layer Collection,Layer Collection.1
name,An empty collection
description,There is nothing here
id,a29f77cc-51ce-466b-86ef-d0ab2170bc0a
provider id,ce5e84db-cbf9-48a2-9a32-d4b7cc56ea74

Layer Collection,Layer Collection.1
name,A test collection
description,Some layers for testing and an empty subcollection
id,272bf675-2e27-4412-824c-287c1e6841ac
provider id,ce5e84db-cbf9-48a2-9a32-d4b7cc56ea74

Layer Collection,Layer Collection.1
name,Unsorted
description,Unsorted Layers
id,ffb2dd9e-f5ad-427c-b7f1-c9a0c7a0ae3f
provider id,ce5e84db-cbf9-48a2-9a32-d4b7cc56ea74


## Assign role to user, layer is now visible

In [11]:
admin_client.assign_role(role_id, user_id)

root_collection = new_user_client.layer_collection()
root_of_layerdb = root_collection.items[1].load()

root_of_layerdb

Layer Collection,Layer Collection,Unnamed: 2_level_0
Layer Collection,Layer Collection,Unnamed: 2_level_1
Layer Collection,Layer Collection,Unnamed: 2_level_2
Layer Collection,Layer Collection,Unnamed: 2_level_3
Layer,Layer.1,Unnamed: 2_level_4
name,Layers,
description,All available Geo Engine layers,
id,05102bb3-a855-4a37-8a8a-30026a91fef1,
provider id,ce5e84db-cbf9-48a2-9a32-d4b7cc56ea74,
items,Layer CollectionnameAn empty collectiondescriptionThere is nothing hereida29f77cc-51ce-466b-86ef-d0ab2170bc0aprovider idce5e84db-cbf9-48a2-9a32-d4b7cc56ea74,
items,Layer Collection,Layer Collection
items,name,An empty collection
items,description,There is nothing here
id,a29f77cc-51ce-466b-86ef-d0ab2170bc0a,
provider id,ce5e84db-cbf9-48a2-9a32-d4b7cc56ea74,

Layer Collection,Layer Collection.1
name,An empty collection
description,There is nothing here
id,a29f77cc-51ce-466b-86ef-d0ab2170bc0a
provider id,ce5e84db-cbf9-48a2-9a32-d4b7cc56ea74

Layer Collection,Layer Collection.1
name,A test collection
description,Some layers for testing and an empty subcollection
id,272bf675-2e27-4412-824c-287c1e6841ac
provider id,ce5e84db-cbf9-48a2-9a32-d4b7cc56ea74

Layer Collection,Layer Collection.1
name,Unsorted
description,Unsorted Layers
id,ffb2dd9e-f5ad-427c-b7f1-c9a0c7a0ae3f
provider id,ce5e84db-cbf9-48a2-9a32-d4b7cc56ea74

Layer,Layer.1
name,ports clone for new role
description,test description
id,d4b1fe4c-0d13-46a7-8b89-12c00a3e15c8
provider id,ce5e84db-cbf9-48a2-9a32-d4b7cc56ea74
