Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bad ordering of GeoFence rules #11668

Closed
etj opened this issue Nov 6, 2023 · 2 comments · Fixed by #11669
Closed

Bad ordering of GeoFence rules #11668

etj opened this issue Nov 6, 2023 · 2 comments · Fixed by #11669
Assignees
@etj
Labels
investigation master

Comments

@etj
Copy link
Contributor

etj commented Nov 6, 2023
edited
Loading

Expected Behavior

Rules applying to everyone should not have priority over specific permissions.

Actual Behavior

The download denial is applied also to registered members:

image

Steps to Reproduce the Problem

  1. set the permissions like this image
  2. log in as any registered used (not admin)
  3. the download menu are in place, so start a download
  4. Result on GeoNode: the result will be an error
  5. Result in GeoServer: looking at the GeoFence logs you'll get the Process gs:Download not allowed to operate on layer (see comments in this issue for a full log)

Specifications

  • GeoNode version: master
  • Installation type vanilla
@etj etj self-assigned this Nov 6, 2023
@etj etj mentioned this issue Nov 6, 2023
Merged
12 tasks
@etj
Copy link
Contributor Author

etj commented Nov 8, 2023
edited
Loading

Permissions:
image

DB:
image

GeoFence logs for WMS request:

] - Filter RuleFilter[user:"user11447"+ role:ANY inst:name+:default-gs ip:"172.19.0.1"+ serv:"WMS"+ req:"GETMAP"+ sub:ANY ws:"geonode"+ layer:"pat_po_4326"+] is matching the following Rules:
] -     Role:ROLE_REGISTERED-MEMBERS
] -     Role:ROLE_REGISTERED-MEMBERS ---> Rule[id:238 pri:6 srv:WMS ws:geonode l:pat_po_4326 acc:ALLOW]
] -     Role:ROLE_REGISTERED-MEMBERS ---> Rule[id:242 pri:10 role:ROLE_REGISTERED-MEMBERS srv:WMS ws:geonode l:pat_po_4326 acc:ALLOW]
] -     Role:ROLE_REGISTERED-MEMBERS ---> Rule[id:249 pri:17 role:ROLE_REGISTERED-MEMBERS ws:geonode l:pat_po_4326 acc:ALLOW]
] -     Role:ROLE_AUTHENTICATED
] -     Role:ROLE_AUTHENTICATED ---> Rule[id:238 pri:6 srv:WMS ws:geonode l:pat_po_4326 acc:ALLOW]
] -     Role:ROLE_GROUP11447
] -     Role:ROLE_GROUP11447 ---> Rule[id:238 pri:6 srv:WMS ws:geonode l:pat_po_4326 acc:ALLOW]
] -     Role:ROLE_CONTRIBUTORS
] -     Role:ROLE_CONTRIBUTORS ---> Rule[id:238 pri:6 srv:WMS ws:geonode l:pat_po_4326 acc:ALLOW]
] - Filter RuleFilter[user:"user11447"+ role:ANY inst:name+:default-gs ip:"172.19.0.1"+ serv:"WMS"+ req:"GETMAP"+ sub:ANY ws:"geonode"+ layer:"pat_po_4326"+] on role ROLE_REGISTERED-MEMBERS has access AccessInfoInternal[grant:ALLOW]
] - Filter RuleFilter[user:"user11447"+ role:ANY inst:name+:default-gs ip:"172.19.0.1"+ serv:"WMS"+ req:"GETMAP"+ sub:ANY ws:"geonode"+ layer:"pat_po_4326"+] on role ROLE_AUTHENTICATED has access AccessInfoInternal[grant:ALLOW]
] - Filter RuleFilter[user:"user11447"+ role:ANY inst:name+:default-gs ip:"172.19.0.1"+ serv:"WMS"+ req:"GETMAP"+ sub:ANY ws:"geonode"+ layer:"pat_po_4326"+] on role ROLE_GROUP11447 has access AccessInfoInternal[grant:ALLOW]
] - Filter RuleFilter[user:"user11447"+ role:ANY inst:name+:default-gs ip:"172.19.0.1"+ serv:"WMS"+ req:"GETMAP"+ sub:ANY ws:"geonode"+ layer:"pat_po_4326"+] on role ROLE_CONTRIBUTORS has access AccessInfoInternal[grant:ALLOW]
] - Returning AccessInfo[grant:ALLOW admin:false] for RuleFilter[user:"user11447"+ role:ANY inst:name+:default-gs ip:"172.19.0.1"+ serv:"WMS"+ req:"GETMAP"+ sub:ANY ws:"geonode"+ layer:"pat_po_4326"+]

@etj
Copy link
Contributor Author

etj commented Nov 8, 2023

WPS download request performs 3 calls:

  1. generic WPS request
cache] - Request for RuleFilter[user:"user11447"+ role:ANY inst:name+:default-gs ip:"172.19.0.1"+ serv:"WPS"+ req:"EXECUTE"+ sub:ANY ws:"geonode"+ layer:"pat_po_4326"+]
cache] - Loading RuleFilter[user:"user11447"+ role:ANY inst:name+:default-gs ip:"172.19.0.1"+ serv:"WPS"+ req:"EXECUTE"+ sub:ANY ws:"geonode"+ layer:"pat_po_4326"+]
RuleReaderServiceImpl] - Requesting access for RuleFilter[user:"user11447"+ role:ANY inst:name+:default-gs ip:"172.19.0.1"+ serv:"WPS"+ req:"EXECUTE"+ sub:ANY ws:"geonode"+ layer:"pat_po_4326"+]
RuleReaderServiceImpl] - Filter RuleFilter[user:"user11447"+ role:ANY inst:name+:default-gs ip:"172.19.0.1"+ serv:"WPS"+ req:"EXECUTE"+ sub:ANY ws:"geonode"+ layer:"pat_po_4326"+] is matching the following Rules:
RuleReaderServiceImpl] -     Role:ROLE_REGISTERED-MEMBERS
RuleReaderServiceImpl] -     Role:ROLE_REGISTERED-MEMBERS ---> Rule[id:240 pri:8 srv:WPS sub:GS:DOWNLOAD ws:geonode l:pat_po_4326 acc:DENY]
RuleReaderServiceImpl] -     Role:ROLE_REGISTERED-MEMBERS ---> Rule[id:241 pri:9 srv:WPS ws:geonode l:pat_po_4326 acc:ALLOW]
RuleReaderServiceImpl] -     Role:ROLE_REGISTERED-MEMBERS ---> Rule[id:244 pri:12 role:ROLE_REGISTERED-MEMBERS srv:WPS ws:geonode l:pat_po_4326 acc:ALLOW]
RuleReaderServiceImpl] -     Role:ROLE_REGISTERED-MEMBERS ---> Rule[id:249 pri:17 role:ROLE_REGISTERED-MEMBERS ws:geonode l:pat_po_4326 acc:ALLOW]
RuleReaderServiceImpl] -     Role:ROLE_AUTHENTICATED
RuleReaderServiceImpl] -     Role:ROLE_AUTHENTICATED ---> Rule[id:240 pri:8 srv:WPS sub:GS:DOWNLOAD ws:geonode l:pat_po_4326 acc:DENY]
RuleReaderServiceImpl] -     Role:ROLE_AUTHENTICATED ---> Rule[id:241 pri:9 srv:WPS ws:geonode l:pat_po_4326 acc:ALLOW]
RuleReaderServiceImpl] -     Role:ROLE_GROUP11447
RuleReaderServiceImpl] -     Role:ROLE_GROUP11447 ---> Rule[id:240 pri:8 srv:WPS sub:GS:DOWNLOAD ws:geonode l:pat_po_4326 acc:DENY]
RuleReaderServiceImpl] -     Role:ROLE_GROUP11447 ---> Rule[id:241 pri:9 srv:WPS ws:geonode l:pat_po_4326 acc:ALLOW]
RuleReaderServiceImpl] -     Role:ROLE_CONTRIBUTORS
RuleReaderServiceImpl] -     Role:ROLE_CONTRIBUTORS ---> Rule[id:240 pri:8 srv:WPS sub:GS:DOWNLOAD ws:geonode l:pat_po_4326 acc:DENY]
RuleReaderServiceImpl] -     Role:ROLE_CONTRIBUTORS ---> Rule[id:241 pri:9 srv:WPS ws:geonode l:pat_po_4326 acc:ALLOW]
RuleReaderServiceImpl] - Filter RuleFilter[user:"user11447"+ role:ANY inst:name+:default-gs ip:"172.19.0.1"+ serv:"WPS"+ req:"EXECUTE"+ sub:ANY ws:"geonode"+ layer:"pat_po_4326"+] on role ROLE_REGISTERED-MEMBERS has access AccessInfoInternal[grant:DENY]
RuleReaderServiceImpl] - Filter RuleFilter[user:"user11447"+ role:ANY inst:name+:default-gs ip:"172.19.0.1"+ serv:"WPS"+ req:"EXECUTE"+ sub:ANY ws:"geonode"+ layer:"pat_po_4326"+] on role ROLE_AUTHENTICATED has access AccessInfoInternal[grant:DENY]
RuleReaderServiceImpl] - Filter RuleFilter[user:"user11447"+ role:ANY inst:name+:default-gs ip:"172.19.0.1"+ serv:"WPS"+ req:"EXECUTE"+ sub:ANY ws:"geonode"+ layer:"pat_po_4326"+] on role ROLE_GROUP11447 has access AccessInfoInternal[grant:DENY]
RuleReaderServiceImpl] - Filter RuleFilter[user:"user11447"+ role:ANY inst:name+:default-gs ip:"172.19.0.1"+ serv:"WPS"+ req:"EXECUTE"+ sub:ANY ws:"geonode"+ layer:"pat_po_4326"+] on role ROLE_CONTRIBUTORS has access AccessInfoInternal[grant:DENY]
RuleReaderServiceImpl] - No access for filter RuleFilter[user:"user11447"+ role:ANY inst:name+:default-gs ip:"172.19.0.1"+ serv:"WPS"+ req:"EXECUTE"+ sub:ANY ws:"geonode"+ layer:"pat_po_4326"+]
RuleReaderServiceImpl] - Returning AccessInfo[grant:DENY admin:false] for RuleFilter[user:"user11447"+ role:ANY inst:name+:default-gs ip:"172.19.0.1"+ serv:"WPS"+ req:"EXECUTE"+ sub:ANY ws:"geonode"+ layer:"pat_po_4326"+]
  1. call for gs:DownloadEstimator
wpscommon] - Retrieving AccessInfo for proc gs:DownloadEstimator
cache] - Request for RuleFilter[user:"user11447"+ role:ANY inst:name+:default-gs ip:"172.19.0.1"+ serv:"WPS"+ req:"EXECUTE"+ sub:"GS:DOWNLOADESTIMATOR"+ ws:"geonode"+ layer:"pat_po_4326"+]
cache] - Loading RuleFilter[user:"user11447"+ role:ANY inst:name+:default-gs ip:"172.19.0.1"+ serv:"WPS"+ req:"EXECUTE"+ sub:"GS:DOWNLOADESTIMATOR"+ ws:"geonode"+ layer:"pat_po_4326"+]
RuleReaderServiceImpl] - Requesting access for RuleFilter[user:"user11447"+ role:ANY inst:name+:default-gs ip:"172.19.0.1"+ serv:"WPS"+ req:"EXECUTE"+ sub:"GS:DOWNLOADESTIMATOR"+ ws:"geonode"+ layer:"pat_po_4326"+]
RuleReaderServiceImpl] - Filter RuleFilter[user:"user11447"+ role:ANY inst:name+:default-gs ip:"172.19.0.1"+ serv:"WPS"+ req:"EXECUTE"+ sub:"GS:DOWNLOADESTIMATOR"+ ws:"geonode"+ layer:"pat_po_4326"+] is matching the following Rules:
RuleReaderServiceImpl] -     Role:ROLE_REGISTERED-MEMBERS
RuleReaderServiceImpl] -     Role:ROLE_REGISTERED-MEMBERS ---> Rule[id:241 pri:9 srv:WPS ws:geonode l:pat_po_4326 acc:ALLOW]
RuleReaderServiceImpl] -     Role:ROLE_REGISTERED-MEMBERS ---> Rule[id:244 pri:12 role:ROLE_REGISTERED-MEMBERS srv:WPS ws:geonode l:pat_po_4326 acc:ALLOW]
RuleReaderServiceImpl] -     Role:ROLE_REGISTERED-MEMBERS ---> Rule[id:249 pri:17 role:ROLE_REGISTERED-MEMBERS ws:geonode l:pat_po_4326 acc:ALLOW]
RuleReaderServiceImpl] -     Role:ROLE_AUTHENTICATED
RuleReaderServiceImpl] -     Role:ROLE_AUTHENTICATED ---> Rule[id:241 pri:9 srv:WPS ws:geonode l:pat_po_4326 acc:ALLOW]
RuleReaderServiceImpl] -     Role:ROLE_GROUP11447
RuleReaderServiceImpl] -     Role:ROLE_GROUP11447 ---> Rule[id:241 pri:9 srv:WPS ws:geonode l:pat_po_4326 acc:ALLOW]
RuleReaderServiceImpl] -     Role:ROLE_CONTRIBUTORS
RuleReaderServiceImpl] -     Role:ROLE_CONTRIBUTORS ---> Rule[id:241 pri:9 srv:WPS ws:geonode l:pat_po_4326 acc:ALLOW]
RuleReaderServiceImpl] - Filter RuleFilter[user:"user11447"+ role:ANY inst:name+:default-gs ip:"172.19.0.1"+ serv:"WPS"+ req:"EXECUTE"+ sub:"GS:DOWNLOADESTIMATOR"+ ws:"geonode"+ layer:"pat_po_4326"+] on role ROLE_REGISTERED-MEMBERS has access AccessInfoInternal[grant:ALLOW]
RuleReaderServiceImpl] - Filter RuleFilter[user:"user11447"+ role:ANY inst:name+:default-gs ip:"172.19.0.1"+ serv:"WPS"+ req:"EXECUTE"+ sub:"GS:DOWNLOADESTIMATOR"+ ws:"geonode"+ layer:"pat_po_4326"+] on role ROLE_AUTHENTICATED has access AccessInfoInternal[grant:ALLOW]
RuleReaderServiceImpl] - Filter RuleFilter[user:"user11447"+ role:ANY inst:name+:default-gs ip:"172.19.0.1"+ serv:"WPS"+ req:"EXECUTE"+ sub:"GS:DOWNLOADESTIMATOR"+ ws:"geonode"+ layer:"pat_po_4326"+] on role ROLE_GROUP11447 has access AccessInfoInternal[grant:ALLOW]
RuleReaderServiceImpl] - Filter RuleFilter[user:"user11447"+ role:ANY inst:name+:default-gs ip:"172.19.0.1"+ serv:"WPS"+ req:"EXECUTE"+ sub:"GS:DOWNLOADESTIMATOR"+ ws:"geonode"+ layer:"pat_po_4326"+] on role ROLE_CONTRIBUTORS has access AccessInfoInternal[grant:ALLOW]
RuleReaderServiceImpl] - Returning AccessInfo[grant:ALLOW admin:false] for RuleFilter[user:"user11447"+ role:ANY inst:name+:default-gs ip:"172.19.0.1"+ serv:"WPS"+ req:"EXECUTE"+ sub:"GS:DOWNLOADESTIMATOR"+ ws:"geonode"+ layer:"pat_po_4326"+]
.geofence] - Got WPS access AccessInfo[grant:ALLOW admin:false] for layer pat_po_4326 and user user11447
  1. call for gs:Download:
wpscommon] - Retrieving AccessInfo for proc gs:Download
cache] - Request for RuleFilter[user:"user11447"+ role:ANY inst:name+:default-gs ip:"172.19.0.1"+ serv:"WPS"+ req:"EXECUTE"+ sub:"GS:DOWNLOAD"+ ws:"geonode"+ layer:"pat_po_4326"+]
cache] - Loading RuleFilter[user:"user11447"+ role:ANY inst:name+:default-gs ip:"172.19.0.1"+ serv:"WPS"+ req:"EXECUTE"+ sub:"GS:DOWNLOAD"+ ws:"geonode"+ layer:"pat_po_4326"+]
RuleReaderServiceImpl] - Requesting access for RuleFilter[user:"user11447"+ role:ANY inst:name+:default-gs ip:"172.19.0.1"+ serv:"WPS"+ req:"EXECUTE"+ sub:"GS:DOWNLOAD"+ ws:"geonode"+ layer:"pat_po_4326"+]
RuleReaderServiceImpl] - Filter RuleFilter[user:"user11447"+ role:ANY inst:name+:default-gs ip:"172.19.0.1"+ serv:"WPS"+ req:"EXECUTE"+ sub:"GS:DOWNLOAD"+ ws:"geonode"+ layer:"pat_po_4326"+] is matching the following Rules:
RuleReaderServiceImpl] -     Role:ROLE_REGISTERED-MEMBERS
RuleReaderServiceImpl] -     Role:ROLE_REGISTERED-MEMBERS ---> Rule[id:240 pri:8 srv:WPS sub:GS:DOWNLOAD ws:geonode l:pat_po_4326 acc:DENY]
RuleReaderServiceImpl] -     Role:ROLE_REGISTERED-MEMBERS ---> Rule[id:241 pri:9 srv:WPS ws:geonode l:pat_po_4326 acc:ALLOW]
RuleReaderServiceImpl] -     Role:ROLE_REGISTERED-MEMBERS ---> Rule[id:244 pri:12 role:ROLE_REGISTERED-MEMBERS srv:WPS ws:geonode l:pat_po_4326 acc:ALLOW]
RuleReaderServiceImpl] -     Role:ROLE_REGISTERED-MEMBERS ---> Rule[id:249 pri:17 role:ROLE_REGISTERED-MEMBERS ws:geonode l:pat_po_4326 acc:ALLOW]
RuleReaderServiceImpl] -     Role:ROLE_AUTHENTICATED
RuleReaderServiceImpl] -     Role:ROLE_AUTHENTICATED ---> Rule[id:240 pri:8 srv:WPS sub:GS:DOWNLOAD ws:geonode l:pat_po_4326 acc:DENY]
RuleReaderServiceImpl] -     Role:ROLE_AUTHENTICATED ---> Rule[id:241 pri:9 srv:WPS ws:geonode l:pat_po_4326 acc:ALLOW]
RuleReaderServiceImpl] -     Role:ROLE_GROUP11447
RuleReaderServiceImpl] -     Role:ROLE_GROUP11447 ---> Rule[id:240 pri:8 srv:WPS sub:GS:DOWNLOAD ws:geonode l:pat_po_4326 acc:DENY]
RuleReaderServiceImpl] -     Role:ROLE_GROUP11447 ---> Rule[id:241 pri:9 srv:WPS ws:geonode l:pat_po_4326 acc:ALLOW]
RuleReaderServiceImpl] -     Role:ROLE_CONTRIBUTORS
RuleReaderServiceImpl] -     Role:ROLE_CONTRIBUTORS ---> Rule[id:240 pri:8 srv:WPS sub:GS:DOWNLOAD ws:geonode l:pat_po_4326 acc:DENY]
RuleReaderServiceImpl] -     Role:ROLE_CONTRIBUTORS ---> Rule[id:241 pri:9 srv:WPS ws:geonode l:pat_po_4326 acc:ALLOW]
RuleReaderServiceImpl] - Filter RuleFilter[user:"user11447"+ role:ANY inst:name+:default-gs ip:"172.19.0.1"+ serv:"WPS"+ req:"EXECUTE"+ sub:"GS:DOWNLOAD"+ ws:"geonode"+ layer:"pat_po_4326"+] on role ROLE_REGISTERED-MEMBERS has access AccessInfoInternal[grant:DENY]
RuleReaderServiceImpl] - Filter RuleFilter[user:"user11447"+ role:ANY inst:name+:default-gs ip:"172.19.0.1"+ serv:"WPS"+ req:"EXECUTE"+ sub:"GS:DOWNLOAD"+ ws:"geonode"+ layer:"pat_po_4326"+] on role ROLE_AUTHENTICATED has access AccessInfoInternal[grant:DENY]
RuleReaderServiceImpl] - Filter RuleFilter[user:"user11447"+ role:ANY inst:name+:default-gs ip:"172.19.0.1"+ serv:"WPS"+ req:"EXECUTE"+ sub:"GS:DOWNLOAD"+ ws:"geonode"+ layer:"pat_po_4326"+] on role ROLE_GROUP11447 has access AccessInfoInternal[grant:DENY]
RuleReaderServiceImpl] - Filter RuleFilter[user:"user11447"+ role:ANY inst:name+:default-gs ip:"172.19.0.1"+ serv:"WPS"+ req:"EXECUTE"+ sub:"GS:DOWNLOAD"+ ws:"geonode"+ layer:"pat_po_4326"+] on role ROLE_CONTRIBUTORS has access AccessInfoInternal[grant:DENY]
RuleReaderServiceImpl] - No access for filter RuleFilter[user:"user11447"+ role:ANY inst:name+:default-gs ip:"172.19.0.1"+ serv:"WPS"+ req:"EXECUTE"+ sub:"GS:DOWNLOAD"+ ws:"geonode"+ layer:"pat_po_4326"+]
RuleReaderServiceImpl] - Returning AccessInfo[grant:DENY admin:false] for RuleFilter[user:"user11447"+ role:ANY inst:name+:default-gs ip:"172.19.0.1"+ serv:"WPS"+ req:"EXECUTE"+ sub:"GS:DOWNLOAD"+ ws:"geonode"+ layer:"pat_po_4326"+]
wpscommon] - Process gs:Download not allowed to operate on layer
.geofence] - Got WPS access AccessInfo[grant:DENY admin:false] for layer pat_po_4326 and user user11447

etj added a commit that referenced this issue Nov 8, 2023
@etj
[Fixes #11668] Bad ordering of GeoFence rules
22a5718
giohappy added a commit that referenced this issue Nov 9, 2023
@etj @giohappy
[Fixes #11447, #11668] Various fixes in GeoFence permissions (#11669)
e7b53a5 
* [Fixes #11447] Bad role name in creating GeoFence rules

* [Fixes #11668] Bad ordering of GeoFence rules

---------

Co-authored-by: Giovanni Allegri <giohappy@gmail.com>
github-actions bot pushed a commit that referenced this issue Nov 9, 2023
@etj @github-actions
[Fixes #11447, #11668] Various fixes in GeoFence permissions (#11669)
e2eb13a 
* [Fixes #11447] Bad role name in creating GeoFence rules

* [Fixes #11668] Bad ordering of GeoFence rules

---------

Co-authored-by: Giovanni Allegri <giohappy@gmail.com>
(cherry picked from commit e7b53a5)
giohappy pushed a commit that referenced this issue Nov 9, 2023
@github-actions @etj
[Fixes #11447, #11668] Various fixes in GeoFence permissions (#11669) (
0992701 
…#11677)

* [Fixes #11447] Bad role name in creating GeoFence rules

* [Fixes #11668] Bad ordering of GeoFence rules

---------

Co-authored-by: Giovanni Allegri <giohappy@gmail.com>
(cherry picked from commit e7b53a5)

Co-authored-by: Emanuele Tajariol <etj@geo-solutions.it>
davekennewell pushed a commit to Hydrata/geonode that referenced this issue Nov 30, 2023
@etj @davekennewell
[Fixes GeoNode#11447, GeoNode#11668] Various fixes in GeoFence permis…
e05954c 
…sions (GeoNode#11669)

* [Fixes GeoNode#11447] Bad role name in creating GeoFence rules

* [Fixes GeoNode#11668] Bad ordering of GeoFence rules

---------

Co-authored-by: Giovanni Allegri <giohappy@gmail.com>
(cherry picked from commit e7b53a5)
chumano pushed a commit to cec-tris/geonode that referenced this issue Dec 24, 2023
@github-actions @etj @chumano
[Fixes GeoNode#11447, GeoNode#11668] Various fixes in GeoFence permis…
fdaf1ca 
…sions (GeoNode#11669) (GeoNode#11677)

* [Fixes GeoNode#11447] Bad role name in creating GeoFence rules

* [Fixes GeoNode#11668] Bad ordering of GeoFence rules

---------

Co-authored-by: Giovanni Allegri <giohappy@gmail.com>
(cherry picked from commit e7b53a5)

Co-authored-by: Emanuele Tajariol <etj@geo-solutions.it>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@etj etj

Labels
investigation master
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[Fixes #11447, #11668] Various fixes in GeoFence permissions GeoNode/geonode
1 participant
@etj