Hey all, The mentioning of unmatched webui/rest functionality for URL checks in the other thread reminded me I wanted to bring up this topic too.
Thing is, ResourceAccessManager (default, geofence, geoserver-acl) allows defining if a user is a workspace administrator. If so, the webui will allow him to administer them, limiting the listed catalog objects accordingly. But the matching functionality is not available through the REST API. It would make sense, IMHO, that if a user has admin rights to a workspace, it can administer it both through the webui and the rest api, allowing access to the following paths: /rest/workspaces/ (limiting the visibility to the adminable workspaces) /rest/workspaces/<workspace> /rest/workspaces/<workspace>/** /rest/resource/workspaces/ (limiting the visibility to the adminable workspaces) /rest/resource/workspaces/<workspace>/** This can be implemented with an additional, ResourceAcessManager-backed AccessDecisionVoter in GeoServerSecurityInterceptorFilter, so that instead of fully overriding the security/rest.properties config file, it'd complement it. Does this make sense? *camptocamp* INNOVATIVE SOLUTIONS BY OPEN SOURCE EXPERTS *Gabriel Roldán* Geospatial Developer
_______________________________________________ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel