Hey Emanuele, thanks for looking into this. Thinking about your analysis I still can't see why you couldn't set up the exact same rule set, maybe there's something not clear in my explanation. Updated the graphics to represent restrictions with notes to avoid confusion. Maybe LayerRule should extend AllowRule directly and be a sibling of LimitRule. That'd be a better approximation to the current model where class hierarchy only enforces the semantics. Then I guess given the case it'd boil down to whether the merge process respects the current algorithm.
In any case I don't want to borrow more time from you for this, thanks again for looking into it. I might bother again when/if I decide to move forward, but for the time being there's enough on my plate, I just didn't want to lose that train of thought. Cheers, Gabriel *camptocamp* INNOVATIVE SOLUTIONS BY OPEN SOURCE EXPERTS *Gabriel Roldan* Geospatial Developer On Thu, Mar 30, 2023 at 7:48 AM Emanuele Tajariol < emanuele.tajar...@geosolutionsgroup.com> wrote: > Hi Gabriel, > > I guess that with your model you are losing some flexibility wrt GeoFence: > Fact is, the LIMIT and ALLOW rules may have different matching scopes, > Just one example: let's say, you have a layer L1 that needs to be limited > to area A1 for everyone except for group G1 > In GeoFence you'll create these rules with a high priority, such as for > instance > > - Rule 10: Layer L1, Grant: LIMIT, Area A1 > - Rule >10: Group G1, Layer L1, Grant: ALLOW, Area whole world > .. then you can have other rules totally limiting the access to layer L1 > or whatever > > With your semantic change, you'll have to repeat Rule 10 for each > group/user in your rulebase. > This means that, for each group you create, you *need to remember* that > layer L1 requires area limitation (and then create the related rule). > > Cheers, > Emanuele > > > > > On Wed, Mar 29, 2023 at 9:25 PM Gabriel Roldan < > gabriel.rol...@camptocamp.com> wrote: > >> Hey there, >> >> In relation to how GeoFence/ACL need to define and evaluate data access >> rules, there's something that's been itching on my neck. I tried to >> summarize here: >> https://github.com/camptocamp/geoserver-acl/issues/1 >> >> It'd be great if you guys can give it a read and spot some fundamental >> thing I might be missing? >> >> TIA! >> Gabe >> >> *camptocamp* >> INNOVATIVE SOLUTIONS >> BY OPEN SOURCE EXPERTS >> >> *Gabriel Roldan* >> Geospatial Developer >> >> _______________________________________________ >> Geoserver-devel mailing list >> Geoserver-devel@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/geoserver-devel >> > > > -- > Regards, > Emanuele Tajariol > == > GeoServer Professional Services from the experts! > Visit http://bit.ly/gs-services-us for more information. > == > > Ing. Emanuele Tajariol > Technical Lead > > GeoSolutions Group > mobile: +39 347 7895230 > office: +39 0584 962313 > fax: +39 0584 1660272 > > https://www.geosolutionsgroup.com/ > http://twitter.com/geosolutions_it > ------------------------------------------------------- > > Con riferimento alla normativa sul trattamento dei dati personali (Reg. UE > 2016/679 - Regolamento generale sulla protezione dei dati “GDPR”), si > precisa che ogni circostanza inerente alla presente email (il suo > contenuto, gli eventuali allegati, etc.) è un dato la cui conoscenza è > riservata al/i solo/i destinatario/i indicati dallo scrivente. Se il > messaggio Le è giunto per errore, è tenuta/o a cancellarlo, ogni altra > operazione è illecita. Le sarei comunque grato se potesse darmene notizia. > > This email is intended only for the person or entity to which it is > addressed and may contain information that is privileged, confidential or > otherwise protected from disclosure. We remind that - as provided by > European Regulation 2016/679 “GDPR” - copying, dissemination or use of this > e-mail or the information herein by anyone other than the intended > recipient is prohibited. If you have received this email by mistake, please > notify us immediately by telephone or e-mail. > >
_______________________________________________ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel
