Hey all,

The mentioning of unmatched webui/rest functionality for URL checks in the
other thread reminded me I wanted to bring up this topic too.

Thing is, ResourceAccessManager (default, geofence, geoserver-acl) allows
defining if a user is a workspace administrator. If so, the webui will
allow him to administer them, limiting the listed catalog objects
accordingly.

But the matching functionality is not available through the REST API. It
would make sense, IMHO, that if a user has admin rights to a workspace, it
can administer it both through the webui and the rest api, allowing access
to the following paths:

/rest/workspaces/ (limiting the visibility to the adminable workspaces)
/rest/workspaces/<workspace>
/rest/workspaces/<workspace>/**
/rest/resource/workspaces/ (limiting the visibility to the adminable
workspaces)
/rest/resource/workspaces/<workspace>/**

This can be implemented with an additional, ResourceAcessManager-backed
AccessDecisionVoter in GeoServerSecurityInterceptorFilter, so that instead
of fully overriding the security/rest.properties config file, it'd
complement it.

Does this make sense?

*camptocamp*
INNOVATIVE SOLUTIONS
BY OPEN SOURCE EXPERTS

*Gabriel Roldán*
Geospatial Developer
_______________________________________________
Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel

Reply via email to