v1.8.0

Upgrade requirements

• Set environment variable LAYMAN_AUTHN_HTTP_HEADER_NAME that serves as a secret. Only combination of lowercase characters and numbers must be used for the value.
• Set environment variable LAYMAN_PRIME_SCHEMA. It is the name of the DB schema, so it is subject to the restrictions given by PostgreSQL. We recommend value _prime_schema if possible.
• Replace LAYMAN_AUTHZ_MODULE environment variable with GRANT_CREATE_PUBLIC_WORKSPACE and GRANT_PUBLISH_IN_PUBLIC_WORKSPACE. The following settings correspond best with behaviour of previously used LAYMAN_AUTHZ_MODULE:
  • LAYMAN_AUTHZ_MODULE=layman.authz.read_everyone_write_owner (variable to remove)
    • GRANT_CREATE_PUBLIC_WORKSPACE= (new variable)
    • GRANT_PUBLISH_IN_PUBLIC_WORKSPACE= (new variable)
  • LAYMAN_AUTHZ_MODULE=layman.authz.read_everyone_write_everyone (variable to remove)
    • GRANT_CREATE_PUBLIC_WORKSPACE=EVERYONE (new variable)
    • GRANT_PUBLISH_IN_PUBLIC_WORKSPACE=EVERYONE (new variable)
• Change LAYMAN_CLIENT_VERSION to v1.4.1
  • If you are running Layman with development settings, run also make client-build.
• Starting version 1.8, each user can have zero or one personal workspaces, not more (in other words, one Liferay account can be linked with zero or one personal workspaces). Layman automatically checks this at first start. If two workspace linked to single user are fond, they are reported and Layman initialization is stopped. In such case, choose which one of reported workspaces should be the only personal workspace of the user, delete authn.txt file from the other workspace, and restart layman. The other workspace becomes public.
• If you are running Layman with development settings, run also make timgen-build.

Changes

• We started to strictly distinguish workspace as place, where publications are stored, and user as representation of person in Layman system. This change was reflected in following places:
  • In REST API documentation, username was replaced with workspace_name. It's not breaking change, as it's only naming of part of URL path.
  • Error messages and data, as well as Layman Test Client, also distinguishes workspace and user/username.
• Each workspace is now either personal, or public. Personal workspace is automatically created when user reserves his username. Creation of and posting new publication to public workspaces is controlled by GRANT_CREATE_PUBLIC_WORKSPACE and GRANT_PUBLISH_IN_PUBLIC_WORKSPACE.
• #28 It is possible to control also read access to any publication per user.
  • New attribute access_rights added to GET Layers, GET Layer, GET Maps and GET Map responses.
  • New parameters access_rights.read and access_rights.write added to POST Layers, PATCH Layer, POST Maps and PATCH Map requests. These new parameters are added to Test Client GUI.
  • Default values of access rights parameters (both read and write) of newly created publications are set to current authenticated user, or EVERYONE if published by anonymous.
• #28 At first start of Layman, access rights of existing publications are set in following way:
  • everyone can read and only owner of the workspace can edit publications in personal workspaces
  • anyone can read or edit publications in public workspaces.
  • Security rules on GeoServer on workspace level (workspace.*.r/w) are deleted and replaced with security rules on layer level (workspace.layername.r/w) according to rules on Layman side.
• #28 Only publications with read access for EVERYONE are published to Micka as public.
• #28 New REST endpoint GET Users with list of all users registered in Layman. This new endpoint was added to Test Client into tab "Others".
• #28 WMS endpoint accepts same authentication credentials (e.g. OAuth2 headers) as Layman REST API endpoints. It's implemented using Layman's WFS proxy. This proxy authenticates the user and send user identification to GeoServer.
• #161 New method DELETE was implemented for endpoints DELETE Maps and DELETE Layers.
• #178 New attribute screen_name is part of response for GET Users and Get Current User.
• #178 LifeRay attribute screen_name is preferred for creating username in Layman. Previously it was first part of email.
• Attribute groups is no longer returned in GET Map File response.
• #28 New environment variable LAYMAN_PRIME_SCHEMA.