-
Notifications
You must be signed in to change notification settings - Fork 23
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Share plugin - Permalink] Add a permalink functionality #583
Comments
wrt rights, two aspects:
@MaelREBOUX @jusabatier - do you agree with that ? poke @fphg :) |
That specific point is not possible according to the MS model (a resource created by an user is visible by default to the user himself and the admins, proper permission rules need otherwise to be set for groups the user belongs to). We can try to foresee a possible solution to propose for this. |
this particular default behaviour was also discussed in #274. A platform admin might want maps/contexts to be visible by anyone by default... |
Yes I agree, it is the aim of the permalink, and one of the distinction I see with Share plugin. By default a permalink must be public (visible by everyone). |
I'm sorry but I think we are not understanding each other on this point. Let me better explain the meaning of my comment above:
ok, it should be possible but we have to check.
ok
Is that specific point that is not possible according to the current MS model as I've explained above. If not public, a resource is visible only to the user who created it or the admins otherwise a specific permission need to be configured for groups Therefore, if your main goal is to make the user able to decide if a permalink must public or not, it is not a problem. |
So I think it's OK. @landryb ? |
@catmorales I will provide a most complete feedback later today as as result of our check as promised yesterday in the call so that you can better evaluate ,the overall implementation we are proposing. |
@catmorales @landryb and all. We have checked again the task according to our yesterday's exchanges. I'm going to summarize below the overall task and what is possible to do within our evaluation.
It is off course included. As I've already explained, the permalink support can allow to generate a new resource as the other ones DB side in a dedicated category named PERMALINK. The permalink has its own ID, as usual, to be used as a query param in the URL to load it. The same logic will be applied to contexts and maps created from a context.
This will be handled as usual. No effort on our side since protected layers that are not visible to a certain user are already marked in TOC.
Yes, we will update the share plugin most probably for this but it is more a matter of design. As promised yesterday, we have spent a few more time today to evaluate the additional points you mentioned in the call and then reported in comments above by @landryb.
In theory it is technically possible but it is not recommended because this behavior is prone to security issues. This part was not included in our proposal indeed and this would require a dedicated evaluation and estimate:
As I wrote above it should be evaluated separately but, at a first glance, it seems to be something that changes too much the MS model and security policies to finally land in the MS core.
This is possible according to the model and we can include it in our task without changing our estimate.
This is not possible with the current MS model as I've explained above. The only solution we can foresee without changing too much our estimate is the possibility to have a dedicated role in geOrchestra to which all users belong (maybe it already exists?) and use it for the purpose by configuration in the same way of the "everyone" setting (point above).
Well, I've checked it of course but let me know if I've missed something on the above for which we should reconsider again our evaluation. I've effectively explained what we can do in MS to provide this functionality. Let me know if it covers well what you need. |
We're perfectly aware of the fact that a database can be "stuffed" with data if an anonymous user can create permalinks, but that's also what made mfapp/georchestra popular for some platforms. Hence the choice should be left to the platform admin to enable that or not (defaulting to false).
well, if there's a global toggle for the backend in /etc/georchestra, then the REST backend can be "secured" if the feature is kept disabled. Anyway, you've made it clear that it wasn't included in the current estimate, so be it. It's a pity :) |
Problem with permalink generated from an old context #656 |
Description
'Permalink shares current user session (custom layers in the TOC, custom background layers, all user customizations) and not only the initial map of the Context. It should be public by default.
If some layers in it are protected by a geoserver rule, the layer will be ommited from the permalink, the functionnality should advice the user of it.
Permalink is necessary to complete the "share" plugin. His behaviour should be similar as Mapfishapp's permalink.
The Mapstore2 "share " plugin shares only the original context not the current context customized by user.
Now, to share the current session customized by himself, the user must:
For those which are not using the Save plugin (as Rennes Metropole), there is no alternative to share maps.
Other useful information
Eg in mapfishapp:
https://portail-test.sig.rennesmetropole.fr/mapfishapp/map/e0b1f5e9e8e14fb3d2b00446f61a7cac
Note
Related MS issue geosolutions-it/MapStore2#9250
The text was updated successfully, but these errors were encountered: