[GeoNetwork-devel] Group list service security configuration

Hi

The configuration for group list page is like this (2.10.X branch, a similar one in develop branch):

<sec:intercept-url pattern="/[a-zA-Z0-9_\-]+/[a-z]{2,3}/group.list!?.*" access="**hasRole('Editor')**"/>

Is there any reason to allow Editors to access this page? All the services to update the groups are restricted to Administrators, also the group management is not displayed in the administration page to Editors (but can access directly changing the url).

Possibly is required Editor permission for some reason, but I can’t find it. If someone can clarify would be appreciated.

Thanks and regards,
Jose García

···

GeoCat Bridge for ArcGIS allows instant publishing of data and metadata on GeoServer and GeoNetwork. Visit http://geocat.net for details.


Jose García
GeoCat bv
Veenderweg 13
6721 WD Bennekom
The Netherlands
http://GeoCat.net

On Fri, Mar 13, 2015 at 11:43 AM, Jose Garcia <jose.garcia@anonymised.com>
wrote:

Hi

The configuration for group list page is like this (2.10.X branch, a
similar one in develop branch):

<sec:intercept-url pattern="/[a-zA-Z0-9_\-]+/[a-z]{2,3}/group.list!?.*" access="*hasRole('Editor')*"/>

Is there any reason to allow Editors to access this page? All the services
to update the groups are restricted to Administrators, also the group
management is not displayed in the administration page to Editors (but can
access directly changing the url).

Possibly is required Editor permission for some reason, but I can't find
it. If someone can clarify would be appreciated.

Hi,

Random idea: if you create a new metadata, you need a list of groups to
select in which group you want the metadata to be created. The difference
with the admin user is that while the admin user sees the whole list of
groups, the editor only sees the groups he's part of.

Thanks and regards,
Jose García

--

*GeoCat Bridge for ArcGIS allows instant publishing of data and metadata
on GeoServer and GeoNetwork. Visit http://geocat.net
<http://geocat.net/&gt; for details. _________________________Jose
GarcíaGeoCat bvVeenderweg 136721 WD BennekomThe
Netherlandshttp://GeoCat.net/>*

------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website,
sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for
all
things parallel software development, from weekly thought leadership blogs
to
news, videos, case studies, tutorials and more. Take a look and join the
conversation now. http://goparallel.sourceforge.net/
_______________________________________________
GeoNetwork-devel mailing list
GeoNetwork-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geonetwork-devel
GeoNetwork OpenSource is maintained at
http://sourceforge.net/projects/geonetwork

Hi Maria

Not sure if that service is used for that (should be use the class org.fao.geonet.guiservices.groups.GetMine for that).

I think group.list is only used in the Admin UI to display the groups maintenance.

But will take another look to be really sure.

Regards,
Jose García

···

On Fri, Mar 13, 2015 at 11:48 AM, María Arias de Reyna <delawen@anonymised.com> wrote:

On Fri, Mar 13, 2015 at 11:43 AM, Jose Garcia <jose.garcia@anonymised.com> wrote:

Hi

The configuration for group list page is like this (2.10.X branch, a similar one in develop branch):

<sec:intercept-url pattern="/[a-zA-Z0-9_\-]+/[a-z]{2,3}/group.list!?.*" access="**hasRole('Editor')**"/>

Is there any reason to allow Editors to access this page? All the services to update the groups are restricted to Administrators, also the group management is not displayed in the administration page to Editors (but can access directly changing the url).

Possibly is required Editor permission for some reason, but I can’t find it. If someone can clarify would be appreciated.

Hi,

Random idea: if you create a new metadata, you need a list of groups to select in which group you want the metadata to be created. The difference with the admin user is that while the admin user sees the whole list of groups, the editor only sees the groups he’s part of.

Thanks and regards,
Jose García

GeoCat Bridge for ArcGIS allows instant publishing of data and metadata on GeoServer and GeoNetwork. Visit http://geocat.net for details.


Jose García
GeoCat bv
Veenderweg 13
6721 WD Bennekom
The Netherlands
http://GeoCat.net


Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the
conversation now. http://goparallel.sourceforge.net/


GeoNetwork-devel mailing list
GeoNetwork-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geonetwork-devel
GeoNetwork OpenSource is maintained at http://sourceforge.net/projects/geonetwork

GeoCat Bridge for ArcGIS allows instant publishing of data and metadata on GeoServer and GeoNetwork. Visit http://geocat.net for details.


Jose García
GeoCat bv
Veenderweg 13
6721 WD Bennekom
The Netherlands
http://GeoCat.net