search

cobweb-eu / cobweb

An empty project for all the issues.
0 stars 0 forks source link

WP5 secure wrapper for accessing images from PCAPI #136

Closed xmichael closed 9 years ago

xmichael commented 9 years ago

Currently PCAPI is secured via an Apache redirection mechanism which enforces users to only see public or their own observations. This excludes observations made by members of the same non-public survey.

This is not normally a problem as the COBWEB map viewer would normally access the WFS endpoints that include data from all users in the surveys. However, our WFS does not support inline images and we have to revert back to PCAPI.

This should be straight forward to implement by providing an endpoint controlled by Andreas that would allow direct access to PCAPI for certain restricted operations

Example request could be:

/resources/UUID/SID/RECORDNAME/myimage.jpg which would be forwarded to /pcapi/surveys/local/UUID/SID/RECORDNAME/myimage.jpg (or equivalent PCAPI url) as long as the provided UUID and the UUID of the currently logged-in user are both members of SID

MasonJohnDavis commented 9 years ago

The question of whether a UUID is relevant to a SID should be something that is queried as a single end-point (is it the PEP or PDP?) Currently we have the q-service and the cookie which essentially do the same thing. Is there any work planned to consolidate here?

On 2 June 2015 at 16:51, M. Koutroumpas notifications@github.com wrote:

Currently PCAPI is secured via an Apache redirection mechanism which enforces users to only see public or their own observations. This excludes observations made by members of the same non-public survey.

This is not normally a problem as the COBWEB map viewer would normally access the WFS endpoints that include data from all users in the surveys. However, our WFS does not support inline images and we have to revert back to PCAPI.

This should be straight forward to implement by providing an endpoint controlled by Andreas that would allow direct access to PCAPI for certain restricted operations

Example request could be:

/resources/UUID/RECORDNAME/myimage.jpg which would be forwarded to /pcapi/surveys/local/UUID/SID/RECORDNAME/myimage.jpg as long as the UUID provided is and the UUID of the currently logged-in user as both member of SID.

— Reply to this email directly or view it on GitHub https://github.com/cobweb-eu/cobweb/issues/136.

xmichael commented 9 years ago

@MasonJohnDavis yes Andreas and I worked on this and we are now in the testing phase of a consolidated solution -- we are using the PEP/cookie solution together with PCAPI to provides controlled access to images + other resources like e.g. audio files that the WFS won't support.

xmichael commented 9 years ago

Closing this as it has been tested to work on DEV