def extent(self):
layer_name = self.root_layer.name
limited_to = self.permissions.get(layer_name, {}).get("limited_to")
extent = self.root_layer.extent
if limited_to:
coverage = load_limited_to(limited_to)
limited_coverage = coverage.intersection(extent.bbox, extent.srs)
extent = limited_coverage.extent
if self.coverage:
limited_coverage = self.coverage.intersection(extent.bbox, extent.srs)
extent = limited_coverage.extent
return extent
def filter_actual_layers(self, actual_layers, requested_layers, authorized_layers):
if authorized_layers is not PERMIT_ALL_LAYERS:
requested_layer_names = set(requested_layers)
for layer_name in actual_layers.keys():
if layer_name not in authorized_layers:
# check whether layer was requested explicit...
if layer_name in requested_layer_names:
raise RequestError("forbidden", status=403)
# or implicit (part of group layer)
else:
del actual_layers[layer_name]
elif authorized_layers[layer_name] is not None:
limited_to = load_limited_to(authorized_layers[layer_name])
actual_layers[layer_name] = [LimitedLayer(lyr, limited_to) for lyr in actual_layers[layer_name]]
def layer_permitted(self, layer):
if not self.permissions.get(layer.name, {}).get("map", False):
return False
extent = layer.extent
limited_to = self.permissions.get(layer.name, {}).get("limited_to")
if limited_to:
coverage = load_limited_to(limited_to)
if not coverage.intersects(extent.bbox, extent.srs):
return False
if self.coverage:
if not self.coverage.intersects(extent.bbox, extent.srs):
return False
return True
def authorized_capability_layers(self, env):
if "mapproxy.authorize" in env:
result = env["mapproxy.authorize"]("wms.capabilities", self.layers.keys(), environ=env)
if result["authorized"] == "unauthenticated":
raise RequestError("unauthorized", status=401)
if result["authorized"] == "full":
return self.root_layer
if result["authorized"] == "partial":
limited_to = result.get("limited_to")
if limited_to:
coverage = load_limited_to(limited_to)
else:
coverage = None
return FilteredRootLayer(self.root_layer, result["layers"], coverage=coverage)
raise RequestError("forbidden", status=403)
else:
return self.root_layer
def authorized_capability_layers(self, env):
if 'mapproxy.authorize' in env:
result = env['mapproxy.authorize']('wms.capabilities', self.layers.keys(), environ=env)
if result['authorized'] == 'unauthenticated':
raise RequestError('unauthorized', status=401)
if result['authorized'] == 'full':
return self.root_layer
if result['authorized'] == 'partial':
limited_to = result.get('limited_to')
if limited_to:
coverage = load_limited_to(limited_to)
else:
coverage = None
return FilteredRootLayer(self.root_layer, result['layers'], coverage=coverage)
raise RequestError('forbidden', status=403)
else:
return self.root_layer
def authorize_tile_layer(self, tile_layer, request):
if 'mapproxy.authorize' in request.http.environ:
query_extent = tile_layer.grid.srs.srs_code, tile_layer.tile_bbox(request)
result = request.http.environ['mapproxy.authorize']('wmts', [request.layer],
query_extent=query_extent, environ=request.http.environ)
if result['authorized'] == 'unauthenticated':
raise RequestError('unauthorized', status=401)
if result['authorized'] == 'full':
return
if result['authorized'] == 'partial':
if result['layers'].get(request.layer, {}).get('tile', False) == True:
limited_to = result.get('limited_to')
if limited_to:
return load_limited_to(limited_to)
else:
return None
raise RequestError('forbidden', status=403)
def authorize_tile_layer(self, tile_layer, request):
if "mapproxy.authorize" in request.http.environ:
query_extent = tile_layer.grid.srs.srs_code, tile_layer.tile_bbox(request)
result = request.http.environ["mapproxy.authorize"](
"wmts", [request.layer], query_extent=query_extent, environ=request.http.environ
)
if result["authorized"] == "unauthenticated":
raise RequestError("unauthorized", status=401)
if result["authorized"] == "full":
return
if result["authorized"] == "partial":
if result["layers"].get(request.layer, {}).get("tile", False) == True:
limited_to = result.get("limited_to")
if limited_to:
return load_limited_to(limited_to)
else:
return None
raise RequestError("forbidden", status=403)
def authorized_layers(self, feature, layers, env, query_extent):
if "mapproxy.authorize" in env:
result = env["mapproxy.authorize"]("wms." + feature, layers[:], environ=env, query_extent=query_extent)
if result["authorized"] == "unauthenticated":
raise RequestError("unauthorized", status=401)
if result["authorized"] == "full":
return PERMIT_ALL_LAYERS, None
layers = {}
if result["authorized"] == "partial":
for layer_name, permissions in result["layers"].iteritems():
if permissions.get(feature, False) == True:
layers[layer_name] = permissions.get("limited_to")
limited_to = result.get("limited_to")
if limited_to:
coverage = load_limited_to(limited_to)
else:
coverage = None
return layers, coverage
else:
return PERMIT_ALL_LAYERS, None
def authorized_layers(self, feature, layers, env, query_extent):
if 'mapproxy.authorize' in env:
result = env['mapproxy.authorize']('wms.' + feature, layers[:],
environ=env, query_extent=query_extent)
if result['authorized'] == 'unauthenticated':
raise RequestError('unauthorized', status=401)
if result['authorized'] == 'full':
return PERMIT_ALL_LAYERS, None
layers = {}
if result['authorized'] == 'partial':
for layer_name, permissions in result['layers'].iteritems():
if permissions.get(feature, False) == True:
layers[layer_name] = permissions.get('limited_to')
limited_to = result.get('limited_to')
if limited_to:
coverage = load_limited_to(limited_to)
else:
coverage = None
return layers, coverage
else:
return PERMIT_ALL_LAYERS, None
def authorize_tile_layer(self, tile_layer, request):
if 'mapproxy.authorize' in request.http.environ:
if request.tile:
query_extent = (tile_layer.grid.srs.srs_code,
tile_layer.tile_bbox(request, use_profiles=request.use_profiles))
else:
query_extent = None # for layer capabilities
result = request.http.environ['mapproxy.authorize']('tms', [tile_layer.name],
query_extent=query_extent, environ=request.http.environ)
if result['authorized'] == 'unauthenticated':
raise RequestError('unauthorized', status=401)
if result['authorized'] == 'full':
return
if result['authorized'] == 'partial':
if result['layers'].get(tile_layer.name, {}).get('tile', False) == True:
limited_to = result['layers'][tile_layer.name].get('limited_to')
if not limited_to:
limited_to = result.get('limited_to')
if limited_to:
return load_limited_to(limited_to)
else:
return None
raise RequestError('forbidden', status=403)
def coverage(geom, srs='EPSG:4326'):
return load_limited_to({'srs': srs, 'geometry': geom})
def coverage(geom, srs='EPSG:4326'):
return load_limited_to({'srs': srs, 'geometry': geom})
def coverage(geom, srs="EPSG:4326"):
return load_limited_to({"srs": srs, "geometry": geom})
