camptocamp · sbrunner · Jul 27, 2018 · Jul 5, 2018 · Jul 6, 2018 · Jul 6, 2018
diff --git a/.dockerignore b/.dockerignore
@@ -14,4 +14,5 @@
 !admin/README.md
 !admin/requirements.txt
 !admin/requirements-dev.txt
+!admin/npm-packages
 **/__pycache__/
diff --git a/.editorconfig b/.editorconfig
@@ -0,0 +1,15 @@
+root = true
+
+[*]
+end_of_line = lf
+insert_final_newline = true
+charset = utf-8
+indent_style = space
+indent_size = 4
+trim_trailing_whitespace = true
+
+[*.js]
+indent_size = 2
+
+[Makefile]
+indent_style = tab
diff --git a/Dockerfile.mako b/Dockerfile.mako
@@ -29,7 +29,10 @@ COPY commons /opt/c2cgeoportal_commons
 COPY geoportal /opt/c2cgeoportal_geoportal
 COPY admin /opt/c2cgeoportal_admin
 
-RUN chmod go+r -R /opt/c2cgeoportal_commons /opt/c2cgeoportal_geoportal && \
+RUN \
+  (cd /opt/c2cgeoportal_admin/; npm install --no-optional `cat npm-packages`) && \
+  npm cache clear && \
+  chmod go+r -R /opt/c2cgeoportal_commons /opt/c2cgeoportal_geoportal /opt/c2cgeoportal_admin && \
   ln -s /opt/c2cgeoportal_commons/c2cgeoportal_commons/alembic /opt && \
   pip install --disable-pip-version-check --no-cache-dir --no-deps \
     --editable=/opt/c2cgeoportal_commons \

diff --git a/Makefile b/Makefile
@@ -406,7 +406,7 @@ npm-packages: ngeo package.json
 	npm-packages --ngeo \
 		coveralls gaze jasmine-core jsdoc jsdom karma karma-chrome-launcher karma-coverage \
 		karma-jasmine karma-sourcemap-loader karma-webpack \
-		--src=ngeo/package.json --src=package.json --dst=$@
+		--src=ngeo/package.json --dst=$@
 	echo googshift eslint-plugin-googshift >> $@
 
 admin/npm-packages: ngeo package.json

diff --git a/doc/administrator/administrate.rst b/doc/administrator/administrate.rst
@@ -181,6 +181,11 @@ To make the WMTS queryable, you should add the following ``Metadata``:
 * ``ogcServer`` with the name of the used ``OGC server``,
 * ``wmsLayers`` or ``queryLayers`` with the layers to query (groups not supported).
 
+It is possible to give some scale limits for the queryable layers by setting
+a ``minResolution`` and/or a ``maxResolution Metadata`` value(s) for the
+WMTS layer. These values correspond to the WMTS layer resolution(s) which should
+be the zoom limit.
+
 Print WMTS in high quality
 ~~~~~~~~~~~~~~~~~~~~~~~~~~
 To print the layers in high quality, you should add the following ``Metadata``:

diff --git a/docker/build/Dockerfile b/docker/build/Dockerfile
@@ -4,7 +4,7 @@ LABEL maintainer Camptocamp "info@camptocamp.com"
 RUN \
   . /etc/os-release && \
   apt-get update && \
-  apt-get install --assume-yes --no-install-recommends tree apt-transport-https gettext sudo && \
+  apt-get install --assume-yes --no-install-recommends tree apt-transport-https gettext sudo libxml2-utils && \
   echo "deb https://deb.nodesource.com/node_6.x ${VERSION_CODENAME} main" > /etc/apt/sources.list.d/nodesource.list && \
   curl --silent https://deb.nodesource.com/gpgkey/nodesource.gpg.key | apt-key add - && \
 # Docker source list should be like it but actually it's empty...

diff --git a/docker/qgisserver/geomapfish_plugin/accesscontrol.py b/docker/qgisserver/geomapfish_plugin/accesscontrol.py
@@ -43,60 +43,74 @@ def __init__(self, server_iface):
 
         self.server_iface = server_iface
         self.area_cache = {}
+        self.layers = None
 
-        if "GEOMAPFISH_OGCSERVER" not in os.environ:
-            raise GMFException("The environment variable 'GEOMAPFISH_OGCSERVER' is not defined.")
-
-        print("Use OGC server named '{}'".format(os.environ["GEOMAPFISH_OGCSERVER"]))
-
-        config.init(os.environ.get('GEOMAPFISH_CONFIG', '/etc/qgisserver/geomapfish.yaml'))
-        self.srid = config.get('srid')
-
-        from c2cgeoportal_commons.models.main import LayerWMS, OGCServer
-        configure_mappers()
-
-        engine = sqlalchemy.create_engine(config.get('sqlalchemy_slave.url'))
-        session_factory = sessionmaker()
-        session_factory.configure(bind=engine)
-        self.DBSession = scoped_session(session_factory)
-
-        self.ogcserver = self.DBSession.query(OGCServer) \
-            .filter(OGCServer.name == os.environ["GEOMAPFISH_OGCSERVER"]) \
-            .one()
+        try:
+            if "GEOMAPFISH_OGCSERVER" not in os.environ:
+                raise GMFException("The environment variable 'GEOMAPFISH_OGCSERVER' is not defined.")
+
+            print("Use OGC server named '{}'".format(os.environ["GEOMAPFISH_OGCSERVER"]))
+
+            config.init(os.environ.get('GEOMAPFISH_CONFIG', '/etc/qgisserver/geomapfish.yaml'))
+            self.srid = config.get('srid')
+
+            from c2cgeoportal_commons.models.main import LayerWMS, OGCServer
+            configure_mappers()
+
+            engine = sqlalchemy.create_engine(config.get('sqlalchemy_slave.url'))
+            session_factory = sessionmaker()
+            session_factory.configure(bind=engine)
+            self.DBSession = scoped_session(session_factory)
+
+            self.ogcserver = self.DBSession.query(OGCServer) \
+                .filter(OGCServer.name == os.environ["GEOMAPFISH_OGCSERVER"]) \
+                .one()
+
+            layers = {}
+            # TODO manage groups ...
+            for layer in self.DBSession.query(LayerWMS).filter(LayerWMS.ogc_server_id == self.ogcserver.id).all():
+                for name in layer.layer.split(','):
+                    if name not in layers:
+                        layers[name] = []
+                    layers[name].append(layer)
+            QgsMessageLog.logMessage('[accesscontrol] layers: {}'.format(
+                json.dumps(dict([(k, [l.name for l in v]) for k, v in layers.items()]), sort_keys=True, indent=4)
+            ))
+            self.layers = layers
 
-        self.layers = {}
-        # TODO manage groups ...
-        for layer in self.DBSession.query(LayerWMS).filter(LayerWMS.ogc_server_id == self.ogcserver.id).all():
-            for name in layer.layer.split(','):
-                if name not in self.layers:
-                    self.layers[name] = []
-                self.layers[name].append(layer)
-        QgsMessageLog.logMessage('[accesscontrol] layers: {}'.format(
-            json.dumps(self.layers, sort_keys=True, indent=4)
-        ))
+        except Exception as e:
+            QgsMessageLog.logMessage(traceback.format_tb(e))
+            QgsMessageLog.logMessage(str(e))
+            raise
 
         server_iface.registerAccessControl(self, int(os.environ.get("GEOMAPFISH_POSITION", 100)))
 
+    def assert_plugin_initialised(self):
+        if self.layers is None:
+            raise Exception("The plugin is not initialised")
+
     def get_role(self):
         from c2cgeoportal_commons.models.main import Role
         parameters = self.serverInterface().requestHandler().parameterMap()
-        return self.DBSession.query(Role).get(parameters['ROLE_ID'])
+        return self.DBSession.query(Role).get(parameters['ROLE_ID']) if 'ROLE_ID' in parameters else None
 
-    def get_restriction_areas(self, gmf_layers, rw=False, role=False):
+    @staticmethod
+    def get_restriction_areas(gmf_layers, rw=False, role=None):
         """
         None => full access
         [] => no access
         shapely.ops.cascaded_union(result) => geom of access
         """
-        if role is False:
-            role = self.get_role()
+
+        if role is None:
+            return []
 
         restriction_areas = []
         for layer in gmf_layers:
             for restriction_area in layer.restrictionareas:
                 if role in restriction_area.roles and rw is False or restriction_area.readwrite is True:
                     if restriction_area.area is None:
-                        return None
+                        return []
                     else:
                         restriction_areas.append(geoalchemy2.shape.to_shape(
                             restriction_area.area
@@ -106,16 +120,16 @@ def get_restriction_areas(self, gmf_layers, rw=False, role=False):
 
     def get_area(self, layer, rw=False):
         role = self.get_role()
-        key = (layer.name(), role.name, rw)
+        key = (layer.name(), role.name if role is not None else None, rw)
 
         if key in self.area_cache:
             return self.area_cache[key]
 
         gmf_layers = self.layers[layer.name()]
         restriction_areas = self.get_restriction_areas(gmf_layers, role=role)
 
-        if restriction_areas is None:
-            self.area_cache[key] = None
+        if len(restriction_areas) == 0:
+            self.area_cache[key] = []
             return None
 
         area = ops.unary_union(restriction_areas).wkt
@@ -126,6 +140,8 @@ def layerFilterSubsetString(self, layer):  # NOQA
         """ Return an additional subset string (typically SQL) filter """
         QgsMessageLog.logMessage("layerFilterSubsetString {}".format(layer.dataProvider().storageType()))
 
+        self.assert_plugin_initialised()
+
         try:
             if layer.dataProvider().storageType() not in self.EXPRESSION_TYPE:
                 return None
@@ -146,14 +162,17 @@ def layerFilterSubsetString(self, layer):  # NOQA
             return "ST_intersects({}, {})".format(
                 QgsDataSourceUri(layer.dataProvider().dataSourceUri()).geometryColumn(), area
             )
-        except Exception:
-            QgsMessageLog.logMessage(traceback.format_exc())
+        except Exception as e:
+            QgsMessageLog.logMessage(traceback.format_tb(e))
+            QgsMessageLog.logMessage(str(e))
             raise
 
     def layerFilterExpression(self, layer):  # NOQA
         """ Return an additional expression filter """
         QgsMessageLog.logMessage("layerFilterExpression {}".format(layer.dataProvider().storageType()))
 
+        self.assert_plugin_initialised()
+
         try:
             if layer.dataProvider().storageType() in self.EXPRESSION_TYPE:
                 return None
@@ -164,21 +183,24 @@ def layerFilterExpression(self, layer):  # NOQA
                 return None
 
             QgsMessageLog.logMessage("intersects($geometry, geom_from_wkt('{}'))".format(area))
-            #return "geometry = '{}'".format(ops.unary_union(restriction_areas).wkt)
-            #return "fid = 2"
+            # return "geometry = '{}'".format(ops.unary_union(restriction_areas).wkt)
+            # return "fid = 2"
             # TODO cache the union
             # TODO verify the geometry
             return "intersects($geometry, transform(geom_from_wkt('{}'), 'EPSG:{}', 'EPSG:{}')".format(
                 area, self.srid, layer.crs().projectionAcronym()
             )
-        except Exception:
-            QgsMessageLog.logMessage(traceback.format_exc())
+        except Exception as e:
+            QgsMessageLog.logMessage(traceback.format_tb(e))
+            QgsMessageLog.logMessage(str(e))
             raise
 
     def layerPermissions(self, layer):  # NOQA
         """ Return the layer rights """
         QgsMessageLog.logMessage("layerPermissions {}".format(layer.name()))
 
+        self.assert_plugin_initialised()
+
         try:
             rights = QgsAccessControlFilter.LayerPermissions()
             rights.canRead = rights.canInsert = rights.canUpdate = rights.canDelete = False
@@ -191,20 +213,19 @@ def layerPermissions(self, layer):  # NOQA
                 if l.public is True:
                     rights.canRead = True
 
+            role = self.get_role()
             if not rights.canRead:
-                role = self.get_role()
                 restriction_areas = self.get_restriction_areas(gmf_layers, role=role)
-                if restriction_areas is not None and len(restriction_areas) == 0:
-                    return rights
-                rights.canRead = True
+                if len(restriction_areas) > 0:
+                    rights.canRead = True
 
             restriction_areas = self.get_restriction_areas(gmf_layers, rw=True, role=role)
-            rights.canInsert = rights.canUpdate = rights.canDelete = \
-                restriction_areas is None or len(restriction_areas) > 0
+            rights.canInsert = rights.canUpdate = rights.canDelete = len(restriction_areas) > 0
 
             return rights
-        except Exception:
-            QgsMessageLog.logMessage(traceback.format_exc())
+        except Exception as e:
+            QgsMessageLog.logMessage(traceback.format_tb(e))
+            QgsMessageLog.logMessage(str(e))
             raise
 
     @staticmethod
@@ -220,12 +241,15 @@ def allowToEdit(self, layer, feature):  # NOQA
         """ Are we authorise to modify the following geometry """
         QgsMessageLog.logMessage("allowToEdit")
 
+        self.assert_plugin_initialised()
+
         try:
             area = self.get_area(layer, rw=True)
 
             return area is None or area.intersect(feature.geom)
-        except Exception:
-            QgsMessageLog.logMessage(traceback.format_exc())
+        except Exception as e:
+            QgsMessageLog.logMessage(traceback.format_tb(e))
+            QgsMessageLog.logMessage(str(e))
             raise
 
     def cacheKey(self):  # NOQA

diff --git a/geoportal/c2cgeoportal_geoportal/lib/authentication.py b/geoportal/c2cgeoportal_geoportal/lib/authentication.py
@@ -45,7 +45,7 @@ def create_authentication(settings):
         callback=defaultgroupsfinder,
         cookie_name=settings["authtkt_cookie_name"],
         timeout=timeout, max_age=timeout, reissue_time=reissue_time,
-        hashalg="sha512", http_only=True
+        hashalg="sha512", http_only=True, secure=True,
     )
     basic_authentication_policy = BasicAuthAuthenticationPolicy(c2cgeoportal_check)
     policies = [cookie_authentication_policy, basic_authentication_policy]

diff --git a/geoportal/c2cgeoportal_geoportal/scaffolds/create/docker-compose-run b/geoportal/c2cgeoportal_geoportal/scaffolds/create/docker-compose-run
@@ -7,8 +7,8 @@ import subprocess
 
 os.environ["HOME_DIR"] = os.environ["HOME"]
 os.environ['USER_NAME'] = getpass.getuser()
-os.environ['USER_ID'] = str(os.getuid())
-os.environ['GROUP_ID'] = str(os.getgid())
+os.environ['USER_ID'] = str(os.getuid()) if os.name == "posix" else "1000"
+os.environ['GROUP_ID'] = str(os.getgid()) if os.name == "posix" else "1000"
 
 try:
     subprocess.check_call([

diff --git a/geoportal/c2cgeoportal_geoportal/scaffolds/create/vars.yaml_tmpl b/geoportal/c2cgeoportal_geoportal/scaffolds/create/vars.yaml_tmpl
@@ -49,7 +49,6 @@ vars:
         partitionlimit: 5
       routes: &routes
         authenticationBaseUrl: base
-        fulltextsearchUrl: fulltextsearch
         gmfLayersUrl: layers_root
         gmfRasterUrl: raster
         gmfProfileCsvUrl: profile.csv

diff --git a/geoportal/c2cgeoportal_geoportal/scaffolds/nondockercreate/mapserver/mapserver.map.mako_tmpl b/geoportal/c2cgeoportal_geoportal/scaffolds/nondockercreate/mapserver/mapserver.map.mako_tmpl
@@ -70,7 +70,7 @@ MAP
         METADATA
             "wms_title" "changeme"
             "wms_abstract" "changeme"
-            "wms_onlineresource" "http://${host}/${instanceid}/wsgi/mapserv_proxy"
+            "wms_onlineresource" "${web_protocol}://${host}/${instanceid}/wsgi/mapserv_proxy"
             "wms_srs" "EPSG:{{srid}}"
             "wms_encoding" "UTF-8"
             "wms_enable_request" "*"

diff --git a/geoportal/c2cgeoportal_geoportal/scaffolds/nondockercreate/nondocker-finalise.mk_tmpl b/geoportal/c2cgeoportal_geoportal/scaffolds/nondockercreate/nondocker-finalise.mk_tmpl
@@ -69,7 +69,7 @@ clean-all:
 .PHONY: build
 build: $(PRINT_OUTPUT_WAR) \
 	.build/apache.timestamp \
-	.build/npm.timestamp \
+	.build/admin-npm.timestamp \
 
 # Apache
 
@@ -192,18 +192,25 @@ endif
 	$(PYTHON_BIN)/python -m compileall -q geoportal/$(PACKAGE)_geoportal -x geoportal/$(PACKAGE)_geoportal/static.* >/dev/null || true
 
 npm-packages: .config
-	$(DOCKER_RUN) cp /opt/npm-packages .
+	$(DOCKER_RUN) cp /opt/c2cgeoportal_admin/npm-packages $@
 
-.build/npm.timestamp: .config npm-packages
+geoportal/npm-packages: .config
+	$(DOCKER_RUN) cp /opt/npm-packages $@
+
+.build/admin-npm.timestamp: npm-packages
+	rm --force --recursive admin/node_modules
+	mkdir --parent admin
+	cat $< | xargs npm install --prefix ./admin
+	touch $@
+
+.build/geoportal-npm.timestamp: geoportal/npm-packages
 	rm --force --recursive admin/node_modules
 	mkdir --parent admin
-	cat npm-packages | xargs npm install --prefix ./admin
+	cat $< | xargs npm install --prefix ./geoportal
 	touch $@
 
 .PHONY: serve-%
-serve-%: .build/npm.timestamp
-	rm -f geoportal/node_modules
-	ln -s ../admin/node_modules geoportal
+serve-%: .build/geoportal-npm.timestamp
 	(cd geoportal; INTERFACE=$* NODE_ENV=development node_modules/.bin/webpack-dev-server --port=$(DEV_SERVER_PORT) -d --watch --progress \
 		--public=$(VISIBLE_WEB_HOST):$(VISIBLE_WEB_PORT) --disable-host-check --mode=development)
 	rm geoportal/node_modules
diff --git a/geoportal/c2cgeoportal_geoportal/scaffolds/nondockercreate/vars.yaml_tmpl b/geoportal/c2cgeoportal_geoportal/scaffolds/nondockercreate/vars.yaml_tmpl
@@ -49,7 +49,6 @@ vars:
         partitionlimit: 5
       routes: &routes
         authenticationBaseUrl: base
-        fulltextsearchUrl: fulltextsearch
         gmfLayersUrl: layers_root
         gmfRasterUrl: raster
         gmfProfileCsvUrl: profile.csv

diff --git a/geoportal/c2cgeoportal_geoportal/scaffolds/update/+dot+editorconfig b/geoportal/c2cgeoportal_geoportal/scaffolds/update/+dot+editorconfig
@@ -0,0 +1,15 @@
+root = true
+
+[*]
+end_of_line = lf
+insert_final_newline = true
+charset = utf-8
+indent_style = space
+indent_size = 4
+trim_trailing_whitespace = true
+
+[*.js]
+indent_size = 2
+
+[Makefile]
+indent_style = tab