Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #2056 from sbrunner/qgis-server-security
[Feature] Add an interface in QGIS Server for access control plugins
- Loading branch information
Showing
72 changed files
with
5,773 additions
and
192 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,3 @@ | ||
printf "[qgis_test]\nhost=localhost\ndbname=qgis_test\nuser=postgres" > ~/.pg_service.conf | ||
psql -c 'CREATE DATABASE qgis_test;' -U postgres | ||
psql -f $TRAVIS_BUILD_DIR/tests/testdata/provider/testdata.sql -U postgres -d qgis_test | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,2 +1 @@ | ||
xvfb-run ctest -V -E 'qgis_openstreetmaptest|qgis_wcsprovidertest' -S ./qgis-test-travis.ctest --output-on-failure | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
/** | ||
* Interface used by class that will filter the features of a layer. | ||
* The only method `filterFeatures` fill the `QgsFeatureRequest` to get only the | ||
* wanted features. | ||
**/ | ||
class QgsFeatureFilterProvider | ||
{ | ||
%TypeHeaderCode | ||
#include <qgsfeaturefilterprovider.h> | ||
%End | ||
|
||
public: | ||
/** Add some filter to the feature request to don't have the unauthorized (unauthorised) features | ||
* @param layer the layer to filter | ||
* @param featureRequest the feature request to update | ||
* @note not available in Python bindings | ||
*/ | ||
virtual void filterFeatures( const QgsVectorLayer* layer, QgsFeatureRequest& featureRequest ) const = 0; | ||
|
||
/** Create a clone of the feature filter provider | ||
* @return a new clone | ||
*/ | ||
virtual QgsFeatureFilterProvider* clone() const = 0; | ||
}; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,33 @@ | ||
/*************************************************************************** | ||
qgsaccesscontrol.sip | ||
-------------------- | ||
Access control helper for Qgis Server plugins | ||
|
||
begin : 2015-05-19 | ||
copyright : (C) 2015 by Stéphane Brunner | ||
email : stephane dot brunner at camptocamp dot org | ||
***************************************************************************/ | ||
|
||
/*************************************************************************** | ||
* * | ||
* This program is free software; you can redistribute it and/or modify * | ||
* it under the terms of the GNU General Public License as published by * | ||
* the Free Software Foundation; either version 2 of the License, or * | ||
* (at your option) any later version. * | ||
* * | ||
***************************************************************************/ | ||
|
||
/** | ||
* \class QgsAccessControl | ||
* \brief Class defining access control helper for QGIS Server. | ||
*/ | ||
class QgsAccessControl : QgsFeatureFilterProvider | ||
This comment has been minimized.
Sorry, something went wrong. |
||
{ | ||
%TypeHeaderCode | ||
#include "qgsaccesscontrol.h" | ||
#include "qgsaccesscontrolfilter.h" | ||
|
||
#include <QMultiMap> | ||
%End | ||
|
||
}; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,77 @@ | ||
/*************************************************************************** | ||
qgsaccesscontrolfilter.sip | ||
-------------------------- | ||
Access control interface for Qgis Server plugins | ||
|
||
begin : 2015-05-19 | ||
copyright : (C) 2015 by Stéphane Brunner | ||
email : stephane dot brunner at camptocamp dot org | ||
***************************************************************************/ | ||
|
||
/*************************************************************************** | ||
* * | ||
* This program is free software; you can redistribute it and/or modify * | ||
* it under the terms of the GNU General Public License as published by * | ||
* the Free Software Foundation; either version 2 of the License, or * | ||
* (at your option) any later version. * | ||
* * | ||
***************************************************************************/ | ||
|
||
/** | ||
* \class QgsAccessControlFilter | ||
* \brief Class defining access control interface for QGIS Server. | ||
* | ||
* Security can define any (or none) of the following method: | ||
* * layerFilterExpression() | ||
* * layerFilterSubsetString() | ||
* * layerPermissions() | ||
* * authorizedLayerAttributes() | ||
* * allowToEdit() | ||
* * cacheKey() | ||
*/ | ||
|
||
class QgsAccessControlFilter | ||
{ | ||
%TypeHeaderCode | ||
#include "qgsaccesscontrolfilter.h" | ||
#include "qgsserverinterface.h" | ||
#include "qgsfeature.h" | ||
#include "qgsmaplayer.h" | ||
%End | ||
|
||
public: | ||
/** Constructor | ||
* QgsServerInterface passed to plugins constructors | ||
* and must be passed to QgsAccessControlPlugin instances. | ||
*/ | ||
QgsAccessControlFilter( const QgsServerInterface* serverInterface ); | ||
/** Destructor */ | ||
virtual ~QgsAccessControlFilter(); | ||
|
||
/** Describe the layer permission */ | ||
struct LayerPermissions | ||
{ | ||
bool canRead; | ||
bool canUpdate; | ||
bool canInsert; | ||
bool canDelete; | ||
}; | ||
|
||
/** Return the QgsServerInterface instance*/ | ||
const QgsServerInterface* serverInterface() const; | ||
/** Return an additional expression filter */ | ||
virtual const QString layerFilterExpression( const QgsVectorLayer* layer /Transfer/ ) const; | ||
/** Return an additional the subset string (typically SQL) filter. | ||
Faster than the layerFilterExpression but not supported on all the type of layer */ | ||
virtual const QString layerFilterSubsetString( const QgsVectorLayer* layer /Transfer/ ) const; | ||
/** Return the layer permissions */ | ||
virtual const LayerPermissions layerPermissions( const QgsMapLayer* layer /Transfer/ ) const; | ||
/** Return the authorized layer attributes */ | ||
virtual const QStringList* authorizedLayerAttributes( const QgsVectorLayer* layer /Transfer/, const QStringList& attributes ) const; | ||
/** Are we authorize to modify the following geometry */ | ||
virtual bool allowToEdit( const QgsVectorLayer* layer /Transfer/, const QgsFeature& feature /Transfer/ ) const; | ||
/** Cache key to used to create the capabilities cache, "" for no cache, shouldn't any contains "-", default to "" */ | ||
virtual const QString cacheKey() const; | ||
}; | ||
|
||
typedef QMultiMap<int, QgsAccessControlFilter*> QgsAccessControlFilterMap; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,55 @@ | ||
/*************************************************************************** | ||
qgsfeaturefilterprovider.h | ||
-------------------------- | ||
begin : 22-05-2015 | ||
copyright : (C) 2008 by Stéphane Brunner | ||
email : stephane dot brunner at camptocamp dot com | ||
***************************************************************************/ | ||
|
||
/*************************************************************************** | ||
* * | ||
* This program is free software; you can redistribute it and/or modify * | ||
* it under the terms of the GNU General Public License as published by * | ||
* the Free Software Foundation; either version 2 of the License, or * | ||
* (at your option) any later version. * | ||
* * | ||
***************************************************************************/ | ||
|
||
#ifndef QGSFEATUREFILTERPROVIDER_H | ||
#define QGSFEATUREFILTERPROVIDER_H | ||
|
||
#include <QtGlobal> | ||
|
||
class QString; | ||
class QgsVectorLayer; | ||
class QgsFeatureRequest; | ||
|
||
|
||
/** \ingroup core | ||
* Interface used by class that will filter the features of a layer. | ||
* The only method `filterFeatures` fill the `QgsFeatureRequest` to get only the | ||
* wanted features. | ||
**/ | ||
class CORE_EXPORT QgsFeatureFilterProvider | ||
{ | ||
public: | ||
|
||
/** Constructor */ | ||
QgsFeatureFilterProvider() {}; | ||
|
||
/** Destructor */ | ||
virtual ~QgsFeatureFilterProvider() {}; | ||
|
||
/** Add some filter to the feature request to don't have the unauthorized (unauthorised) features | ||
* @param layer the layer to filter | ||
* @param featureRequest the feature request to update | ||
*/ | ||
virtual void filterFeatures( const QgsVectorLayer* layer, QgsFeatureRequest& featureRequest ) const = 0; | ||
|
||
/** Create a clone of the feature filter provider | ||
* @return a new clone | ||
*/ | ||
virtual QgsFeatureFilterProvider* clone() const = 0; | ||
}; | ||
|
||
#endif |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Are no members exposed to python on purpose?