On Wed, Dec 28, 2016 at 7:50 PM, Jody Garnett <[email protected]>
wrote:
| I would like to include the above table in your proposal page as it helps
me understand what the different layer groups types mean.
Err... ok, it needs fixing but I can amend the proposal to include a
corrected version of it. I'm surprised in that the first four rows are
things everybody should have known
already.
>> Because one can access unadvertised layers directly, and the layer name
>> can be inferred by other means, e.g., by performing
>>
> a GetFeaturInfo on the group.
>>
>
> Oh, so they are still accessable individual using GetMap?
>
A non advertised layer is still requestable directly. That's the point of
novelty of the opaque container, you can ask for the group, but there
is no way to take it apart in its constituents, even if the client is
custom made and can in theory ask for the layers
directly.
>
>>>
>>> * Q: Are the access restrictions any different between “Named tree”
>> and ‘Opaque container”? - Ben cannot see a difference - Jody cannot see why
>> it matters (since the layers are not published here)*
>>
>> A named tree that allows access show the layers and allows direct access
>> to them. If it's denied by security, the
>> layers have the same destiny, unless contained in other visible groups.
>>
>> A opaque container is the "only" conduit to access the layers it
>> contains, layer cannot be accessed directly by name in GetMap
>> unless they are also contained in other visible groups.
>>
>
> So this question is mostly a variation on the above; if they are not
> accessible at all then security settings do not matter.
>
> So here is the clarification/confirmation: When accessed by "other
> visible group" they are under the security restrictions of that other
> group; the security restrictions from the "opaque container" do not have
> any affect.
>
Correct.
>
> basemap (opaque container) with restriction "basemap/*' for "operations"
> - roads
> - orthophoto
> infrastructure (named tree) with restrictions to "maintenance"
> - roads
>
> Someone from the public:
> - can see a capabilities document with "basemap" listed
> - they can draw basemap, but operations like GetFeatureInfo fail to return
> anything useful (since they have security restrictions preventing access to
> roads and orthophotos)
>
Nope, if the basemap is restricted to operations the public will not see
it. From your layout above, the public won't see anything.
>
> Someone from operations:
> - can see a capabilities document with "basemap listed" (but no further
> detail)
> - can use GetFeatureInfo to see some details about roads and orthophoto
> since they have security access to roads and orthophotos
>
Correct
>
> Someone from infrastructure:
> - can see basemap (just like a member of public) and can see
> infrastructure and its contents
>
- they can draw basemap, but operations like GetFeatureInfo will only
> respond to roads (not orthophoto) since that is the only layer they have
> security permission to see
>
No and no, see above, only someone from operations can see basemap.
> - they can draw infrastructure since it is a named tree
>
They can draw it since they have access to it _and_ it's a named tree.
> - they can draw and interact with roads (since they can access it via
> infrastructure)
>
Correct.
Let me make an example closer to the intended usage.
basemap (opaque container) with no restrictions
- roads
- orthophoto
referenceTree (named tree) restricted to "logged in user"
- roads
- orthophoto
Someone from the public can only see basemap, cannot many any request
directly asking roads and orthophoto, when a GetFeatureInfo is run against
basemap they will get information as usual since the access went through
the group.
Someone from the "logged in user" group can do anything on all layers,
since they are all visible to them.
Regards
Andrea
--
==
GeoServer Professional Services from the experts! Visit
http://goo.gl/it488V for more information.
==
Ing. Andrea Aime
@geowolf
Technical Lead
GeoSolutions S.A.S.
Via di Montramito 3/A
55054 Massarosa (LU)
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 339 8844549
http://www.geo-solutions.it
http://twitter.com/geosolutions_it
*AVVERTENZE AI SENSI DEL D.Lgs. 196/2003*
Le informazioni contenute in questo messaggio di posta elettronica e/o
nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il
loro utilizzo è consentito esclusivamente al destinatario del messaggio,
per le finalità indicate nel messaggio stesso. Qualora riceviate questo
messaggio senza esserne il destinatario, Vi preghiamo cortesemente di
darcene notizia via e-mail e di procedere alla distruzione del messaggio
stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso,
divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od
utilizzarlo per finalità diverse, costituisce comportamento contrario ai
principi dettati dal D.Lgs. 196/2003.
The information in this message and/or attachments, is intended solely for
the attention and use of the named addressee(s) and may be confidential or
proprietary in nature or covered by the provisions of privacy act
(Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection
Code).Any use not in accord with its purpose, any disclosure, reproduction,
copying, distribution, or either dissemination, either whole or partial, is
strictly forbidden except previous formal approval of the named
addressee(s). If you are not the intended recipient, please contact
immediately the sender by telephone, fax or e-mail and delete the
information in this message that has been received in error. The sender
does not give any warranty or accept liability as the content, accuracy or
completeness of sent messages and accepts no responsibility for changes
made after they were sent or for other risks which arise as a result of
e-mail transmission, viruses, etc.
-------------------------------------------------------
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Geoserver-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/geoserver-devel
