Feat(Auth): Display public data if user not auth#188
Conversation
|
|
||
|
|
||
| def get_map(user): | ||
| return map if user.is_authenticated else public_map No newline at end of file |
There was a problem hiding this comment.
So it means that public layers/data should be duplicated in both config.json and public_config.json ?
From a coordo consumer PoV, I would expect either
- to have a "public" attribute directly on the layer and still one config.json
- to have a "merger" that allows backend side to create a map from both public and "private" configs (so that what is in public does not need to be copied in the private config)
public_config_path = settings.BASE_DIR / "configs" / "public_config.json"
config_path = settings.BASE_DIR / "configs" / "config.json"
public_map = Map.from_file(public_config_path)
map = Map.from_files(public_config_path, config_path) # from_files allow to specify multiple JSON files)There was a problem hiding this comment.
How to know what is public data and private data ? This depends on the data itself. In All4trees case, there is the 'conf' field in form data that allows us to know.
I added a second config.json just to add a line 'filter' on each layer to filter out data with conf=0 (i.e private data). This filter could certainly be added at runtime, though.
david-bretaud-dev
left a comment
There was a problem hiding this comment.
One suggestion/improvement to make config files declaration easier, but I have no vision on Coordo side (so no blocker to get the approval)
9b22638 to
4c20e9d
Compare
4c20e9d to
66d1e44
Compare
| @@ -0,0 +1,210 @@ | |||
| { | |||
There was a problem hiding this comment.
Shouldn't it be deleted ?
| } | ||
| }, | ||
| { | ||
| "id": "seed", |
There was a problem hiding this comment.
Shall we remove from config.json the seed layers then ?
And rename config.json to all4trees_config.json ?
There was a problem hiding this comment.
Seed layers have already been removed because there is now a bug when importing seed data in coordo
| user_map = copy(map) | ||
| if user.is_authenticated: | ||
| project = user.project | ||
| if (project.lower() != ADMIN_PROJECT): |
There was a problem hiding this comment.
Shouldn't it be an equal ? I want to apply the filter on project when the user is part of the project
There was a problem hiding this comment.
Nope, admin project, means all4trees, ike Cathalijne, which will have a visibility on all associative projects.
| return DatapackageManager(request).remove_foreign_key() | ||
|
|
||
|
|
||
| def get_map(user): |
There was a problem hiding this comment.
This makes the endpoint definitely "all4trees only", maybe let's reflect in the naming of the methods (get_all4trees_map)
There was a problem hiding this comment.
Yes, that's why I separated seed and all4trees.
david-bretaud-dev
left a comment
There was a problem hiding this comment.
I approve to not block you, however I think we need to think of what we want to do with the backend, which direction we want to take on the separation between all4trees and seed.
Here we are kind of in-between an agnostic approach (seed gets its own config file) but hardcoding stuff that matches all4trees only (only authenticated users regarding all4trees).
Would be nice to clarify with the team what is the strategy:
- We do all the endpoints and configs with "hardcoded" config for all4trees (init step), then when ready we can introduce tenant-oriented endpoints and make only the end of the flow agnostic (getting the map and applying filters)
- We do directly clear distinction between what is agnostic vs what is tenant-oriented (but doing stuff only for all4trees), e.g. getting the map for all 4 trees with all4trees filters should be on an "all4trees" endpoint=>
data4trees.services.d4g.fr/api/maps/all4trees/style.json
you're right, bu we don't have any news from Seed, therefore I don't know if we will end the project for them. |
As a an unauthenticated user, I only have access to public data.
When I login, the map diplsays confidential data.
Futher to come:
In the next PR, only data according to user's project will be displayed.
Capture.video.du.2026-07-11.11-54-27.mp4