The plugin define the following methods:
* layerFilterExpression
Return an additional filter, used in
WMS/GetMap, WMS/GetFeatureInfo, WFS/GetFeature to filter the features
* layerFilterSubsetString
Return an additional the subset string (typically SQL) filter.
Faster than the layerFilterExpression but not supported on all the
type of layer
* layerPermissions
Change the rights on the layer per user (known by the plugin)
Concern rights: publish, insert, update, delete.
Mostly used in WFS/Transaction, and the publish in all requests.
* authorizedLayerAttributes
Be able to show some attributes only for a subset of user
Used in: WMS/GetFeatureInfo, WFS/GetFeature
* allowToEdit
Be able to don't allow to edit a particular feature, in our case base
on the Geometry
Used in: WFS/Transaction
* cacheKey
Cache key to used to create the capabilities cache, "" for no cache,
shouldn't contains any "-", default to ""
2015-05-19 15:53:51 +02:00
|
|
|
/***************************************************************************
|
|
|
|
|
qgsaccesscontrolfilter.sip
|
|
|
|
|
--------------------------
|
|
|
|
|
Access control interface for Qgis Server plugins
|
|
|
|
|
|
|
|
|
|
begin : 2015-05-19
|
|
|
|
|
copyright : (C) 2015 by Stéphane Brunner
|
|
|
|
|
email : stephane dot brunner at camptocamp dot org
|
|
|
|
|
***************************************************************************/
|
|
|
|
|
|
|
|
|
|
/***************************************************************************
|
|
|
|
|
* *
|
|
|
|
|
* This program is free software; you can redistribute it and/or modify *
|
|
|
|
|
* it under the terms of the GNU General Public License as published by *
|
|
|
|
|
* the Free Software Foundation; either version 2 of the License, or *
|
|
|
|
|
* (at your option) any later version. *
|
|
|
|
|
* *
|
|
|
|
|
***************************************************************************/
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* \class QgsAccessControlFilter
|
|
|
|
|
* \brief Class defining access control interface for QGIS Server.
|
|
|
|
|
*
|
|
|
|
|
* Security can define any (or none) of the following method:
|
|
|
|
|
* * layerFilterExpression()
|
|
|
|
|
* * layerFilterSubsetString()
|
|
|
|
|
* * layerPermissions()
|
|
|
|
|
* * authorizedLayerAttributes()
|
|
|
|
|
* * allowToEdit()
|
|
|
|
|
* * cacheKey()
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
class QgsAccessControlFilter
|
|
|
|
|
{
|
|
|
|
|
%TypeHeaderCode
|
|
|
|
|
#include "qgsaccesscontrolfilter.h"
|
|
|
|
|
%End
|
|
|
|
|
|
|
|
|
|
public:
|
|
|
|
|
/** Constructor
|
|
|
|
|
* QgsServerInterface passed to plugins constructors
|
|
|
|
|
* and must be passed to QgsAccessControlPlugin instances.
|
|
|
|
|
*/
|
|
|
|
|
QgsAccessControlFilter( const QgsServerInterface* serverInterface );
|
|
|
|
|
/** Destructor */
|
|
|
|
|
virtual ~QgsAccessControlFilter();
|
|
|
|
|
|
|
|
|
|
/** Describe the layer permission */
|
|
|
|
|
struct LayerPermissions
|
|
|
|
|
{
|
|
|
|
|
bool canRead;
|
|
|
|
|
bool canUpdate;
|
|
|
|
|
bool canInsert;
|
|
|
|
|
bool canDelete;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
/** Return the QgsServerInterface instance*/
|
|
|
|
|
const QgsServerInterface* serverInterface() const;
|
|
|
|
|
/** Return an additional expression filter */
|
2016-01-07 16:26:59 +11:00
|
|
|
virtual QString layerFilterExpression( const QgsVectorLayer* layer ) const;
|
The plugin define the following methods:
* layerFilterExpression
Return an additional filter, used in
WMS/GetMap, WMS/GetFeatureInfo, WFS/GetFeature to filter the features
* layerFilterSubsetString
Return an additional the subset string (typically SQL) filter.
Faster than the layerFilterExpression but not supported on all the
type of layer
* layerPermissions
Change the rights on the layer per user (known by the plugin)
Concern rights: publish, insert, update, delete.
Mostly used in WFS/Transaction, and the publish in all requests.
* authorizedLayerAttributes
Be able to show some attributes only for a subset of user
Used in: WMS/GetFeatureInfo, WFS/GetFeature
* allowToEdit
Be able to don't allow to edit a particular feature, in our case base
on the Geometry
Used in: WFS/Transaction
* cacheKey
Cache key to used to create the capabilities cache, "" for no cache,
shouldn't contains any "-", default to ""
2015-05-19 15:53:51 +02:00
|
|
|
/** Return an additional the subset string (typically SQL) filter.
|
|
|
|
|
Faster than the layerFilterExpression but not supported on all the type of layer */
|
2016-01-07 16:26:59 +11:00
|
|
|
virtual QString layerFilterSubsetString( const QgsVectorLayer* layer ) const;
|
The plugin define the following methods:
* layerFilterExpression
Return an additional filter, used in
WMS/GetMap, WMS/GetFeatureInfo, WFS/GetFeature to filter the features
* layerFilterSubsetString
Return an additional the subset string (typically SQL) filter.
Faster than the layerFilterExpression but not supported on all the
type of layer
* layerPermissions
Change the rights on the layer per user (known by the plugin)
Concern rights: publish, insert, update, delete.
Mostly used in WFS/Transaction, and the publish in all requests.
* authorizedLayerAttributes
Be able to show some attributes only for a subset of user
Used in: WMS/GetFeatureInfo, WFS/GetFeature
* allowToEdit
Be able to don't allow to edit a particular feature, in our case base
on the Geometry
Used in: WFS/Transaction
* cacheKey
Cache key to used to create the capabilities cache, "" for no cache,
shouldn't contains any "-", default to ""
2015-05-19 15:53:51 +02:00
|
|
|
/** Return the layer permissions */
|
2016-01-07 16:26:59 +11:00
|
|
|
virtual LayerPermissions layerPermissions( const QgsMapLayer* layer ) const;
|
The plugin define the following methods:
* layerFilterExpression
Return an additional filter, used in
WMS/GetMap, WMS/GetFeatureInfo, WFS/GetFeature to filter the features
* layerFilterSubsetString
Return an additional the subset string (typically SQL) filter.
Faster than the layerFilterExpression but not supported on all the
type of layer
* layerPermissions
Change the rights on the layer per user (known by the plugin)
Concern rights: publish, insert, update, delete.
Mostly used in WFS/Transaction, and the publish in all requests.
* authorizedLayerAttributes
Be able to show some attributes only for a subset of user
Used in: WMS/GetFeatureInfo, WFS/GetFeature
* allowToEdit
Be able to don't allow to edit a particular feature, in our case base
on the Geometry
Used in: WFS/Transaction
* cacheKey
Cache key to used to create the capabilities cache, "" for no cache,
shouldn't contains any "-", default to ""
2015-05-19 15:53:51 +02:00
|
|
|
/** Return the authorized layer attributes */
|
2016-01-07 16:26:59 +11:00
|
|
|
virtual QStringList authorizedLayerAttributes( const QgsVectorLayer* layer, const QStringList& attributes ) const;
|
The plugin define the following methods:
* layerFilterExpression
Return an additional filter, used in
WMS/GetMap, WMS/GetFeatureInfo, WFS/GetFeature to filter the features
* layerFilterSubsetString
Return an additional the subset string (typically SQL) filter.
Faster than the layerFilterExpression but not supported on all the
type of layer
* layerPermissions
Change the rights on the layer per user (known by the plugin)
Concern rights: publish, insert, update, delete.
Mostly used in WFS/Transaction, and the publish in all requests.
* authorizedLayerAttributes
Be able to show some attributes only for a subset of user
Used in: WMS/GetFeatureInfo, WFS/GetFeature
* allowToEdit
Be able to don't allow to edit a particular feature, in our case base
on the Geometry
Used in: WFS/Transaction
* cacheKey
Cache key to used to create the capabilities cache, "" for no cache,
shouldn't contains any "-", default to ""
2015-05-19 15:53:51 +02:00
|
|
|
/** Are we authorize to modify the following geometry */
|
2016-01-07 16:26:59 +11:00
|
|
|
virtual bool allowToEdit( const QgsVectorLayer* layer, const QgsFeature& feature ) const;
|
The plugin define the following methods:
* layerFilterExpression
Return an additional filter, used in
WMS/GetMap, WMS/GetFeatureInfo, WFS/GetFeature to filter the features
* layerFilterSubsetString
Return an additional the subset string (typically SQL) filter.
Faster than the layerFilterExpression but not supported on all the
type of layer
* layerPermissions
Change the rights on the layer per user (known by the plugin)
Concern rights: publish, insert, update, delete.
Mostly used in WFS/Transaction, and the publish in all requests.
* authorizedLayerAttributes
Be able to show some attributes only for a subset of user
Used in: WMS/GetFeatureInfo, WFS/GetFeature
* allowToEdit
Be able to don't allow to edit a particular feature, in our case base
on the Geometry
Used in: WFS/Transaction
* cacheKey
Cache key to used to create the capabilities cache, "" for no cache,
shouldn't contains any "-", default to ""
2015-05-19 15:53:51 +02:00
|
|
|
/** Cache key to used to create the capabilities cache, "" for no cache, shouldn't any contains "-", default to "" */
|
2016-01-07 16:26:59 +11:00
|
|
|
virtual QString cacheKey() const;
|
The plugin define the following methods:
* layerFilterExpression
Return an additional filter, used in
WMS/GetMap, WMS/GetFeatureInfo, WFS/GetFeature to filter the features
* layerFilterSubsetString
Return an additional the subset string (typically SQL) filter.
Faster than the layerFilterExpression but not supported on all the
type of layer
* layerPermissions
Change the rights on the layer per user (known by the plugin)
Concern rights: publish, insert, update, delete.
Mostly used in WFS/Transaction, and the publish in all requests.
* authorizedLayerAttributes
Be able to show some attributes only for a subset of user
Used in: WMS/GetFeatureInfo, WFS/GetFeature
* allowToEdit
Be able to don't allow to edit a particular feature, in our case base
on the Geometry
Used in: WFS/Transaction
* cacheKey
Cache key to used to create the capabilities cache, "" for no cache,
shouldn't contains any "-", default to ""
2015-05-19 15:53:51 +02:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
typedef QMultiMap<int, QgsAccessControlFilter*> QgsAccessControlFilterMap;
|
