I'm implementing a system which has structure like in my question: Design question: what's the role of WFS-T in this kind of webapp?
There's spatial data which is updated through WFS-T and non-spatial data which is updated through traditional (Java) web application.
When user updates non-spatial data, it is easy to implement authorization rules such as
if current_user = sales_region.manager AND sales_region.status = ACTIVE then all spatial fields can be updated
But can I do the same for the WFS-T geometry updates?
if current_user = sales_region.manager AND sales_region.status = ACTIVE then sales_region.area geometry can be updated through WFS-T requests
Isn't the WFS-T interface just an open XML interface? Anyone who has http access to it can modify, add and remove geometries at will? How could I add business rules checks to protect the geometry updates?
I know I could protect the whole WFS-T interface so that only some users can access it altogether, but that's not what I am after. I need to allow or deny some updates based on the data and some defined business rules.
Are there any easy solutions for this?
أكثر...
There's spatial data which is updated through WFS-T and non-spatial data which is updated through traditional (Java) web application.
When user updates non-spatial data, it is easy to implement authorization rules such as
if current_user = sales_region.manager AND sales_region.status = ACTIVE then all spatial fields can be updated
But can I do the same for the WFS-T geometry updates?
if current_user = sales_region.manager AND sales_region.status = ACTIVE then sales_region.area geometry can be updated through WFS-T requests
Isn't the WFS-T interface just an open XML interface? Anyone who has http access to it can modify, add and remove geometries at will? How could I add business rules checks to protect the geometry updates?
I know I could protect the whole WFS-T interface so that only some users can access it altogether, but that's not what I am after. I need to allow or deny some updates based on the data and some defined business rules.
Are there any easy solutions for this?
أكثر...