accesscontrol.rst 3.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187
  1. .. _rest_api_accesscontrol:
  2. Access Control
  3. ==============
  4. ``/security/acl/catalog.<format>``
  5. ----------------------------------
  6. Fetches the catalog mode and allows to change the catalog mode. The mode must be one of
  7. * HIDE
  8. * MIXED
  9. * CHALLENGE
  10. .. list-table::
  11. :header-rows: 1
  12. * - Method
  13. - Action
  14. - Status code
  15. - Formats
  16. - Default Format
  17. * - GET
  18. - Fetch the catalog mode
  19. - 200,403
  20. - XML, JSON
  21. -
  22. * - PUT
  23. - Set the catalog mode
  24. - 200,403,404,422
  25. - XML, JSON
  26. -
  27. Formats:
  28. **XML**
  29. .. code-block:: xml
  30. <catalog>
  31. <mode>HIDE</mode>
  32. </catalog>
  33. **JSON**
  34. .. code-block:: json
  35. {"mode":"HIDE" }
  36. Exceptions
  37. ~~~~~~~~~~
  38. .. list-table::
  39. :header-rows: 1
  40. * - Exception
  41. - Status code
  42. * - No administrative privileges
  43. - 403
  44. * - Malformed request
  45. - 404
  46. * - Invalid catalog mode
  47. - 422
  48. ``/security/acl/layers.<format>``
  49. ---------------------------------
  50. ``/security/acl/services.<format>``
  51. -----------------------------------
  52. ``/security/acl/rest.<format>``
  53. -------------------------------
  54. API for administering access control for
  55. * Layers
  56. * Services
  57. * The REST API
  58. .. list-table::
  59. :header-rows: 1
  60. * - Method
  61. - Action
  62. - Status code
  63. - Formats
  64. - Default Format
  65. * - GET
  66. - Fetch all rules
  67. - 200,403
  68. - XML, JSON
  69. -
  70. * - POST
  71. - Add a set of rules
  72. - 200,403,409
  73. - XML, JSON
  74. -
  75. * - PUT
  76. - Modify a set of rules
  77. - 200,403,409
  78. - XML, JSON
  79. -
  80. * - DELETE
  81. - Delete a specific rule
  82. - 200,404,409
  83. - XML, JSON
  84. -
  85. Format for DELETE:
  86. The specified rule has to be the last part in the URI::
  87. /security/acl/layers/*.*.r
  88. .. note::
  89. Slashes ("/") in a rule name must be encoded with **%2F**. The REST rule **/\*\*;GET** must be encoded
  90. to /security/acl/rest/**%2F\*\*;GET**
  91. Formats for GET,POST and PUT:
  92. **XML**
  93. .. code-block:: xml
  94. <?xml version="1.0" encoding="UTF-8"?>
  95. <rules>
  96. <rule resource="*.*.r">*</rule>
  97. <rule resource="myworkspace.*.w">ROLE_1,ROLE_2</rule>
  98. </rules>
  99. **JSON** ::
  100. {
  101. "*.*.r": "*",
  102. "myworkspace".*.w": "ROLE_1,ROLE_2"
  103. }
  104. The resource attribute specifies a rule. There are three different formats.
  105. * For layers: <workspace>.<layer>.<access>. The asterisk is a wild card for <workspace>
  106. and <layer>. <access> is one of **r** (read), **w** (write) or **a** (administer).
  107. * For services: <service>.<method>. The asterisk is a wild card wild card for <service>
  108. and <method>. Examples:
  109. * wfs.GetFeature
  110. * wfs.GetTransaction
  111. * wfs.*
  112. * For REST: <URL Ant pattern>;<comma separated list of HTTP methods>. Examples:
  113. * /\*\*;GET
  114. * /\*\*;POST,DELETE,PUT
  115. The content of a rule element is a comma separated list of roles or the asterisk.
  116. Exceptions
  117. ~~~~~~~~~~
  118. .. list-table::
  119. :header-rows: 1
  120. * - Exception
  121. - Status code
  122. * - No administrative privileges
  123. - 403
  124. * - POST, adding an already existing rule
  125. - 409
  126. * - PUT, modifying a non existing rule
  127. - 409
  128. * - DELETE, Deleting a non existing rule
  129. - 409
  130. * - Invalid rule specification
  131. - 422
  132. .. note::
  133. When adding a set of rules and only one role does already exist, the whole request is aborted.
  134. When modifying a set of rules and only one role does not exist, the whole request is aborted too.