[GeoNetwork-devel] Restricting download options

Hi Devs,

I can see from config-security-mappings.xml that it’s possible to restrict functions to users with particular roles (eg administrators, editors etc). Is it also possible to restrict functions to users in particular groups, eg is there a hasGroup option as there is a hasRole option?

Also I’m trying to understand where the formats for download are defined (eg zip. pdf, csv). Are they defined at schema level or across the whole catalog, and is it possible to a) define the fields that are shown in the export in each case, and b) restrict formats to specific roles or groups?

As an example, could I say that Editors from GroupA can export their metadata as ZIP but registered users from GroupB can only export as PDF? Plus that the PDF should contain a limited subset of the metadata fields?

Thanks

Jo

···

Jo Cook
t:+44 7930 524 155/twitter:@archaeogeek
Please note that currently I do not work on Friday afternoons. For urgent responses at that time, please visit support.astuntechnology.com or phone our office on 01372 744009

Hi,

This file is the spring security mappings, so if Spring supported that...
https://docs.spring.io/spring-security/site/docs/3.0.x/reference/el-access.html

But it looks like the built-in expressions don't care about groups.
Probably because that's not "basic" authentication. I have no doubt we
can extend the expressions to include that, but it will need some
development. Like this:
https://www.baeldung.com/spring-security-create-new-custom-security-expression
On Tue, Nov 20, 2018 at 6:22 PM Jo Cook <jocook@anonymised.com> wrote:

Hi Devs,

I can see from config-security-mappings.xml that it's possible to restrict functions to users with particular roles (eg administrators, editors etc). Is it also possible to restrict functions to users in particular groups, eg is there a hasGroup option as there is a hasRole option?

Also I'm trying to understand where the formats for download are defined (eg zip. pdf, csv). Are they defined at schema level or across the whole catalog, and is it possible to a) define the fields that are shown in the export in each case, and b) restrict formats to specific roles or groups?

As an example, could I say that Editors from GroupA can export their metadata as ZIP but registered users from GroupB can only export as PDF? Plus that the PDF should contain a limited subset of the metadata fields?

Thanks

Jo

--
Jo Cook
t:+44 7930 524 155/twitter:@archaeogeek
Please note that currently I do not work on Friday afternoons. For urgent responses at that time, please visit support.astuntechnology.com or phone our office on 01372 744009

--
Sign up to our mailing list for updates on news, products, conferences, events and training

Astun Technology Ltd, The Coach House, 17 West Street, Epsom, Surrey, KT18 7RL, UK
t:+44 1372 744 009 w: astuntechnology.com twitter:@astuntech

iShare - enterprise geographic intelligence platform
GeoServer, PostGIS and QGIS training
Helpdesk and customer portal

Company registration no. 5410695. Registered in England and Wales. Registered office: 120 Manor Green Road, Epsom, Surrey, KT19 8LN VAT no. 864201149.
_______________________________________________
GeoNetwork-devel mailing list
GeoNetwork-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geonetwork-devel
GeoNetwork OpenSource is maintained at http://sourceforge.net/projects/geonetwork

--
Kind regards,
María Arias de Reyna Domínguez

GeoCat bv
T: +31 (0)318 416664

Hi Jo

See feedback inline.

Regards,
Jose García

Hi Devs,

I can see from config-security-mappings.xml that it’s possible to restrict functions to users with particular roles (eg administrators, editors etc). Is it also possible to restrict functions to users in particular groups, eg is there a hasGroup option as there is a hasRole option?

Afaik, no, unless extending the integration with Spring Security to deal with GeoNetwork groups. But need some investigation.

Also I’m trying to understand where the formats for download are defined (eg zip. pdf, csv). Are they defined at schema level or across the whole catalog, and is it possible to a) define the fields that are shown in the export in each case, and b) restrict formats to specific roles or groups?

For csv see https://github.com/geonetwork/core-geonetwork/blob/master/schemas/iso19139/src/main/plugin/iso19139/layout/tpl-csv.xsl

For pdf is used this formatter with output=pdf, it’s the same as the full view formatter: https://github.com/geonetwork/core-geonetwork/tree/master/schemas/iso19139/src/main/plugin/iso19139/formatter/xsl-view. An option could be to create a new formatter for pdf with a restricted set of fields.

For ZIP, it’s used the mef.export service. I don’t see any option to apply a xslt process to the export, but can be a nice addition.

As an example, could I say that Editors from GroupA can export their metadata as ZIP but registered users from GroupB can only export as PDF? Plus that the PDF should contain a limited subset of the metadata fields?

Afaik any user allowed to a metadata can export it to any of the supported formats.

This is the html code that display the options: https://github.com/geonetwork/core-geonetwork/blob/master/web-ui/src/main/resources/catalog/views/default/directives/partials/mdactionmenu.html#L97-L144

With some developments I guess can be possible to extend as in the UI, should be available the info about the metadata and user groups/profile.

···

Vriendelijke groeten / Kind regards,

Jose García


Veenderweg 13
6721 WD Bennekom
The Netherlands
T: +31 (0)318 416664

Please consider the environment before printing this email.