The Lizmap plugin as an access control plugin for QGIS Server
Since the beginning of Lizmap-Web-Client all the server part was based on PHP code. With Lizmap Web Client 3.4, which will be released very soon, part of the functionality has been developed within the Lizmap plugin to add features to QGIS Server.
QGIS Server is an open source implementation of the WMS 1.3.0, 1.1.1 and 1.0.0, WFS 1.1.0 and 1.0.0 and WCS 1.0.0 standards defined by the Open Geospatial Consortium (OGC). QGIS Server uses QGIS as a backend for GIS layer logic and map rendering. As QGIS desktop and QGIS Server use the same visualization libraries, the maps that are published on the web look the same as in desktop GIS.
Just like QGIS Desktop, QGIS Server is extensible using Python plugins. For example, it is possible to add a data access control system to QGIS Server Documentation.
The first QGIS Server feature we implemented in the Lizmap plugin is an access control system.
We have implemented 3 access controls:
- access to the project
- filter by user
- access to project layers
The first 2 controls were already present. In the Lizmap configuration, it is possible to restrict access to a project for a list of user groups. It is also possible to define filtering rules according to the user logged in or not.
The implementation in QGIS Server of the filter by user, thanks to the Lizmap plugin, allows to filter layers even if they are hidden in a layer group. In Lizmap Web Client version 3.3 and previous versions, filtering layers by user only works if the layer is displayed alone, because Lizmap Web Client adds filters to the requests sent to QGIS server. In Lizmap, it is possible to transform a group of QGIS layers into a single layer for the web client. This results in requests where the layer to be filtered does not appear. With the Lizmap plugin for Lizmap Web Client 3.4 all layers will be filtered correctly.
By making the Lizmap plugin, an access control plugin for QGIS Server, we were able to add the possibility to restrict access to the layers of a project for a list of user groups.
The ability to restrict access to the layers of a project for a list of user groups makes it possible to distribute a QGIS project, a Lizmap webmap, with a content that can vary depending on the user.