v1.23.0

Known issues

• #1016 Flower container did not start if LAYMAN_ROLE_SERVICE_URI points to host.docker.internal.
  • Fixed in v1.23.1.
• #1021 WFS-T error "<layer> is read-only".
  • Fixed in v1.23.2.
• #1022 Login not working in demo configuration with authentication
  • Fixed in v1.23.2.

Upgrade requirements

• Change environment variable LAYMAN_CLIENT_VERSION:

  LAYMAN_CLIENT_VERSION=v1.18.0
  

• Stop using environment variable LAYMAN_GS_ROLE_SERVICE, it has no effect to Layman anymore. Layman now uses role service identified by new environment variable LAYMAN_ROLE_SERVICE_URI. The service is called layman_role_service on GeoServer.
• Set new environment variable LAYMAN_ROLE_SERVICE_URI
• Stop using environment variable OAUTH2_INTROSPECTION_SUB_KEY, it has no effect to Layman anymore.
• If you are using Wagtail as OAuth2 provider
  • After running make upgrade-demo or make upgrade-demo-full, run also script v1_23_change_oauth2_sub_username_to_user_id.py:

    docker compose -f docker-compose.deps.demo.yml -f docker-compose.demo.yml run --rm --no-deps -u root -e LAYMAN_WAGTAIL_DB_URI=<URI_of_Wagtail_db> layman bash -c "cd src && python3 -B v1_23_change_oauth2_sub_username_to_user_id.py"

    • URI_of_Wagtail_db is PostgreSQL connection URI to Wagtail database, e.g. postgresql://user:[email protected]:5432/wagtail_db_name
    • The script changes OAuth2 "sub" values in Layman prime DB schema from Wagtail usernames to Wagtail user IDs. See 940.

Migrations and checks

Schema migrations

• #165 Add column role_name to table rights in prime DB schema. Add constraint that exactly one of columns role_name and id_user is not null.
• #165 Create DB schema _role_service that can be used as role service.
• #165 Column name in table workspaces in prime DB schema length is changed to 59 characters.
• Drop DB table right_types.

Data migrations

• #165 Delete technical roles and user-role relations in GeoServer default role service, which is now replaced by JDBC role service.

Changes

• #165 Prior to this version, Layman enabled to use usernames and pseudo-role EVERYONE in access rights. From now on, Layman accepts also role names.
• #165 Roles (except of EVERYONE) are managed by role service.
• #165 New REST endpoint GET Roles with list of all roles registered in role service, that can be used in access rights.
  • This new endpoint was added to Test Client into tab "Others".
• #165 POST Workspace Layers/Maps and PATCH Workspace Layer/Map saves role names mentioned in access_rights.read and access_rights.write parameters into prime DB schema.
• #165 Many requests respect roles in access rights:
  • GET/PATCH/DELETE Workspace Layer
  • GET Workspace Layer Thumbnail/Style/Metadata Comparison/Chunk
  • GET/PATCH/DELETE Workspace Map
  • GET Workspace Map File/Thumbnail/Metadata Comparison
  • GET Workspace Layers/Maps
  • GET Layers/Maps/Publications
  • DELETE Workspace Layers/Maps
  • requests to WMS and WFS endpoints
• #165 POST Workspace Layers/Maps respects roles in GRANT_CREATE_PUBLIC_WORKSPACE and GRANT_PUBLISH_IN_PUBLIC_WORKSPACE
• #165 Many endpoints return previously associated role names in access_rights.read and access_rights.write keys:
  • GET/PATCH Workspace Layer
  • GET/PATCH Workspace Map
  • GET Workspace Layers/Maps
  • GET Layers/Maps/Publications
• #165 Name of users and public workspaces are from now on restricted to a maximum length of 59 characters.
• 940 Use userId as OAuth2 "sub" instead of username. This is suitable for Wagtail.
• 940 Stop supporting Liferay as OAuth2 provider.
• 941 Wagtail database is now persistent when restarting Layman or Wagtail.
• All changes from v1.22.1, v1.22.2 and v1.22.3.
• #960 Handle WMS requests with HTTP error more efficiently in timgen.
• #962 Make values of layman_metadata.publication_status and status key(s) more consistent in responses of PATCH Workspace Layer/Map and GET Workspace Layer/Map.
• Timgen handles better some edge cases:
  • If map's internal layer points to non-existent workspace, Timgen is faster and does not fail.
  • If map's file was not obtained from Layman, Timgen fails quickly.
• Upgrade Python dependencies
  • werkzeug 2.3.7 -> 3.0.7 (suggested by dependabot)
  • urllib3 1.26.16 -> 1.26.18 (suggested by dependabot)
  • pillow 10.0.0 -> 10.1.0 (suggested by dependabot)
  • cacheout 0.14.1 -> 0.15.0
  • flask 2.3.3 -> 3.0.0
  • jsonschema 4.19.0 -> 4.20.0
  • owslib 0.29.2 -> 0.29.3
  • importlib-metadata 6.8.0 -> 7.0.0
  • psycopg2-binary 2.9.7 -> 2.9.9
  • redis 5.0.0 -> 5.0.1
  • unidecode 1.3.6 -> 1.3.7
  • platformdirs 3.10.0 -> 4.1.0
  • pycodestyle 2.11.0 -> 2.11.1
  • pytest 7.4.2 -> 7.4.3
  • pytest-rerunfailures 12.0 -> 13.0
  • pytest-timeout 2.1.0 -> 2.2.0
• Add development dependency plantuml/plantuml for rendering PlantUML diagrams.