def extent(self):
layer_name = self.root_layer.name
limited_to = self.permissions.get(layer_name, {}).get('limited_to')
extent = self.root_layer.extent
if limited_to:
coverage = load_limited_to(limited_to)
limited_coverage = coverage.intersection(extent.bbox, extent.srs)
extent = limited_coverage.extent
if self.coverage:
limited_coverage = self.coverage.intersection(extent.bbox, extent.srs)
extent = limited_coverage.extent
return extent
def filter_actual_layers(self, actual_layers, requested_layers, authorized_layers):
if authorized_layers is not PERMIT_ALL_LAYERS:
requested_layer_names = set(requested_layers)
for layer_name in actual_layers.keys():
if layer_name not in authorized_layers:
# check whether layer was requested explicit...
if layer_name in requested_layer_names:
raise RequestError('forbidden', status=403)
# or implicit (part of group layer)
else:
del actual_layers[layer_name]
elif authorized_layers[layer_name] is not None:
limited_to = load_limited_to(authorized_layers[layer_name])
actual_layers[layer_name] = [LimitedLayer(lyr, limited_to) for lyr in actual_layers[layer_name]]
def layer_permitted(self, layer):
if not self.permissions.get(layer.name, {}).get('map', False):
return False
extent = layer.extent
limited_to = self.permissions.get(layer.name, {}).get('limited_to')
if limited_to:
coverage = load_limited_to(limited_to)
if not coverage.intersects(extent.bbox, extent.srs):
return False
if self.coverage:
if not self.coverage.intersects(extent.bbox, extent.srs):
return False
return True
def authorized_capability_layers(self, env):
if 'mapproxy.authorize' in env:
result = env['mapproxy.authorize']('wms.capabilities', self.layers.keys(), environ=env)
if result['authorized'] == 'unauthenticated':
raise RequestError('unauthorized', status=401)
if result['authorized'] == 'full':
return self.root_layer
if result['authorized'] == 'partial':
limited_to = result.get('limited_to')
if limited_to:
coverage = load_limited_to(limited_to)
else:
coverage = None
return FilteredRootLayer(self.root_layer, result['layers'], coverage=coverage)
raise RequestError('forbidden', status=403)
else:
return self.root_layer
def authorized_layers(self, feature, layers, env, query_extent):
if 'mapproxy.authorize' in env:
result = env['mapproxy.authorize']('wms.' + feature, layers[:],
environ=env, query_extent=query_extent)
if result['authorized'] == 'unauthenticated':
raise RequestError('unauthorized', status=401)
if result['authorized'] == 'full':
return PERMIT_ALL_LAYERS, None
layers = {}
if result['authorized'] == 'partial':
for layer_name, permissions in result['layers'].iteritems():
if permissions.get(feature, False) == True:
layers[layer_name] = permissions.get('limited_to')
limited_to = result.get('limited_to')
if limited_to:
coverage = load_limited_to(limited_to)
else:
coverage = None
return layers, coverage
else:
return PERMIT_ALL_LAYERS, None
def coverage(geom, srs='EPSG:4326'):
return load_limited_to({'srs': srs, 'geometry': geom})
