Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Hide a layer from the public #548

Closed
TNick opened this issue Apr 13, 2024 · 6 comments
Closed

Hide a layer from the public #548

TNick opened this issue Apr 13, 2024 · 6 comments

Comments

@TNick
Copy link

TNick commented Apr 13, 2024

The end purpose is to hide a layer from the map from public but make it available to the users.

I was expecting that

  • changing permissions_default_allow in tenantConfig.json to false
  • adding a permission to public to view a map resource

would result in showing the theme without any layers.

It is not clear to me if and how a layer can be restricted to registered users.
@TNick
Copy link
Author

TNick commented Apr 15, 2024
edited
Loading

On the other hand setting permissions_default_allow in tenantConfig.json to true and adding a permission to a layer for users role prevents the layers with a ConfigDB ID larger than that layer to disappear from the results of the identify tool.

What a mess.

@danceb
Copy link

danceb commented Apr 16, 2024
edited
Loading

The way to achive this, should be very simple:

  • set permissions_default_allow to true
  • create a user group, where all users are part of
  • create a role for restricting the permissions and associate it to the group
  • configure the respective layer to be accessible for just this role

The map itself should be visible for everyone and the layer only for users, which are logged in.

@manisandro
Copy link
Member

Regarding permissions_default_allow: false: you would need to permit the entire hierarchy to the desired layer, including the root WMS layer name. So i.e. for the qwc_demo theme, to permit only the edit_points layer, you'd need to:

  • Permit the qwc_demo map
  • Permit the qwc_demo root layer
  • Permit the edit_demo group layer
  • Permit the edit_points layer

The reason for this is that the permission structure allows you to permit/restrict also layer groups. Note that permissions_default_allow: false is uncommon and it is much simpler to work with permissions_default_allow: true.

Regarding the featureinfo permissions, I believe there was indeed a bug when used with permissions_default_allow: false, I've fixed it in qwc-config-generator v2024.04.16.

@manisandro manisandro mentioned this issue Apr 16, 2024
Open
@TNick
Copy link
Author

TNick commented Apr 16, 2024

@danceb Is there something special about the user groups or we can simply associate the user with the role?

This should work?

  • set permissions_default_allow to true
  • create a user
  • create a role for restricting the permissions and make the user part of it
  • configure the respective layer to be accessible for just this role

@TNick
Copy link
Author

TNick commented Apr 16, 2024

image

With this setting and this tenant config

image

The result is this

image

@TNick
Copy link
Author

TNick commented Apr 16, 2024

I can confirm that, when using the code checked today out from the GitHub repositories to build the docker images, the layer can be made available only to registered users.

I have not revisited the original problem with permissions_default_allow set to false.

@TNick TNick closed this as completed Apr 16, 2024
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@manisandro @TNick @danceb