Remove paths to file storage from landing pages

[mortenwh]

According to IT, this is a security issue, so we need to remove the paths before the official publication of data.met.no

[ferrighi]

The path is also present in the mmd record, which is downloadable from the data portal. If this is considered a security issue, you also need to deactivate the metadata download. An alternative would be to remove that information from the mmd_file which is encoded and pushed to solr.

[mortenwh]

Is the MMD download ability necessary? I guess this could be accessed in another way from internal systems? Probably better than removing the information, as it would be very useful for the production systems.

[ferrighi]

No, it is really not necessary to offer mmd download to the external public as it is an internal standard. But for the other option I would not remove the element from the mmd file, but only from the encoded mmd indexed in solr. That information would anyway be accessible as single element in solr.

[magnarem]

Implemented so that only authenticated users will see that path. In the future we could also create a special Drupal permission for be able to see, if we do not want some authenticated users to see the path.

I will also add possibility to configure per site which metadata formats that the user can export too, so then it will be dependent on the site configuration for the given portal.

Keeping this issue open until fully implemented and pushed to the sites.

[ferrighi]

I do not think we are planning any user registration, so I would just remove the element and disable MMD download for now. We can have a brief chat about this.

[magnarem]

Added posibility to configure for each sites which types of metadata formats that can be exported both on the landing pages and the search interface. Also in the metadata_details anonymous users will not see the file location.

This is added to data-test.met.no now and can be tested.

If everything looks good, this issue can now be closed.

[magnarem]

@mortenwh. I consider this issue as fixed. Anonymous users will not see this location anywhere, and the sites can be configured not to export MMD. data-{test,staging}.met.no now have the updates enabled, and the MMD export disabled.

However I see that the wms-urls for fastapi is kind of using the whole lustre-path for the wms visualisation url. `

https://fastapi.s-enda-dev.k8s.met.no/api/get_quicklook//lustre/storeB/immutable/archive/projects/remotesensing/satellite-thredds/polar-swath/2023/09/03/terra-modis-1km-20230903200554-20230903201455.nc?service=WMS&version=1.3.0&request=GetCapabilities?SERVICE=WMS&REQUEST=GetCapabilities ` So this should probably be another issue for fastapi, if this is considered important to hide the full lustrepath also here.

[mortenwh]

Great - thanks! Regarding the wms url, I have notified Trygve..