v2.3.0

Layman supports import of layers in EPSG:32719, EPSG:32635, EPSG:32636, EPSG:32637 using LAYMAN_INPUT_SRS_LIST.

v2.2.0

Changes

• Layman supports import of layers in EPSG:9377, EPSG:32718 using LAYMAN_INPUT_SRS_LIST.
• Add sed command to Dockerfile files to change HTTP to HTTPS in apt sources.list.

v2.1.0

Changes

• #1124 Upgrade GeoServer to 2.26.2.

v2.0.0

Upgrade requirements

• Only versions 1.23.2 and newer can be upgraded to this version. For older versions, please upgrade to last 1.23.x first.
• Change environment variable LAYMAN_CLIENT_VERSION:

  LAYMAN_CLIENT_VERSION=v2.0.0
  

• Set new environment variable GRANT_DELETE_OTHER_USER, e.g. to empty value:

  GRANT_DELETE_OTHER_USER=
  

• In demo configuration, build QGIS v3.40.4 image using command

  docker compose -f docker-compose.deps.demo.yml build qgis
  

Migrations and checks

Schema migrations

• #1009 Add column description to table publications in prime DB schema.
• #1048 Add column created_at to table publications in prime DB schema.
• #1048 Add column layer_uuid to table map_layer in prime DB schema.

Data migrations

• #1009 Fill column description in publications table in prime DB schema. Value is taken from GeoServer for layers and from filesystem for maps.
• #1048 Fill column created_at in publications table in prime DB schema. Value is taken from filesystem uuid.txt file creation. uuid.txt file is subsequently deleted.
• #1048 New schema layers is created in database.
• #1048 New workspaces layman and layman_wms are created on GeoServer, each with PostgreSQL data store postgresql.
• #1048 Layers, whose wfs_wms_status is not AVAILABLE, are deleted.
• #1048 Relations in prime DB schema table map_layer are migrated from columns layer_workspace and layer_name into column layer_uuid. Columns layer_workspace and layer_name are subsequently dropped and column layer_uuid is set to NOT NULL.
• #1048 Most layer data is moved, renamed and/or re-created:
  • layers files are moved to new paths derived from uuid
  • internal layer tables are moved to database schema layers, index and sequence names are derived from uuid (table name already was)
  • GeoServer layers are re-created with new names derived from uuid
  • WMS and WFS references are updated in existing CSW metadata records.
• #1048 Map files are moved to new paths with new names derived from uuid and referenced internal layers' url and names are changed to the new ones.
• #1048 Some workspace-related data is removed:
  • GeoServer workspaces <layman_workspace_name> and <layman_workspace_name>_wms per each Layman workspace
  • database schemas <layman_workspace_name> per each Layman workspace
  • directory LAYMAN_QGIS_DATA_DIR/workspaces
  • directory LAYMAN_NORMALIZED_RASTER_DATA_DIR/workspaces
  • directory LAYMAN_DATA_DIR/workspaces

Changes

• #1048 Many names, identifiers, and references of layers and maps are now derived from uuid instead of Layman workspace and name. Entities that represented Layman workspaces are suppressed.
  • Names of files and directories are derived from publication uuid. Workspace directories are not used anymore.
  • All layer tables are stored in layers DB schema. Workspace schemas are not used anymore.
  • Names of Feature types, Coverages, Layers and Styles in GeoServer WFS and WMS workspaces are derived from layer uuid (i.e. l_<UUID>). All GeoServer entities are created in two global workspaces (layman for WFS layers and layman_wms for WMS layers), instead of separate workspaces for each Layman workspace.
  • Metadata properties wfs_url and wms_url contain new layer names l_<UUID>.
  • Layer in map JSON file is considered internal if named l_<UUID> and located in GeoServer workspace layman or layman_wms.
• #1048 New keys wfs.name and wms.name were added to GET Workspace Layer response. Use values from these keys when communicating with WFS and WMS.
• #1048 Actions POST Workspace Maps and PATCH Workspace Map raises error if there is internal layer referenced by its Layman name and Layman workspace instead of new GeoServer name l_<UUID> and new GeoServer workspace layman or layman_wms.
• #1048 Layers with QML style are named by their title instead of name in WMS graphical legend.
• #1048 Keys file.paths, file.path and thumbnail.path of GET Workspace Layer/Map are relative to LAYMAN_DATA_DIR instead of workspace directory.
• #1048 Stop saving publication UUID to uuid.txt file.
• #1048 Information about layer in WMS and WFS (e.g. keys wms and wfs in GET Workspace Layer) is obtained from GeoServer REST API instead of WMS GetCapabilities to improve speed.
• #1048 POST Workspace Layers/Maps accepts new optional body parameter uuid. It's meant mostly for testing purposes.
• #161 New method DELETE User allows users to delete user accounts.
• #942 New key used_in_maps was added to responses of requests GET Publications, GET Layers, GET Workspace Layers, and GET Workspace Layer. It can be used to warn user before deleting layer that the layer is used in some maps.
• #1009 PATCH Workspace Layer/Map returns same response as POST Workspace Layers/Maps with only name, uuid, url and for Layer also optional files_to_upload keys.
• #1009 Updating Micka record as part of PATCH Workspace Layer runs asynchronously to make PATCH request faster.
• #909 Upgrade QGIS Server from v3.32.2 to v3.40.4. Also use docker hub repo layermanager/qgis-server instead of jirikcz/qgis-server,
  • QML styles up to v3.40.2 are supported.
  • #270 Precision error of EPSG:5514 in QGIS WMS GetMap was partially fixed with following exceptions: if data CRS is EPSG:5514 and WMS GetMap CRS is EPSG:4326 or CRS:84, or vice versa, the precision error is now about 3.2 m (it was 0.5 m in v3.32.2).
• #1039 Deprecated endpoint, parameters and keys were removed:
  • key file_type was removed from endpoints GET Publications/Layers/Workspace Layers/Workspace Layer response
  • key file.path was removed from GET Workspace Layer response
  • key sld was removed from GET Workspace Layer response
  • key db_table was removed from GET Workspace Layer response
  • key data.layman.last-migration was removed from GET Version response
  • body parameter sld was removed from POST Workspace Publications and PATCH Workspace Publication
  • workspace-related endpoints which did not include /workspaces in their path were removed
• #701 Check bounding bbox of normalized raster before posting to GeoServer. Stop checking that Layer is available in WMS/WFS GetCapabilities after publishing to GeoServer.
• Output from make upgrade-demo and make upgrade-demo-full is saved to tmp/logs/demo_upgrade_${date -u +"%FT%H%MZ"}.log. The output is also written to standard output.
• Add forgotten thumbnail.path attributes to documentation of GET Workspace Layer/Map responses.
• Upgrade GeoServer to 2.21.4.
• #1028 Upgrade Node.js of Layme...

v1.23.2

Upgrade requirements

• #1021 After upgrade and start of Layman, it's needed to change GeoServer configuration by following steps:
  1. Log in to GeoServer Admin
  2. Click on Security > Authentication
  3. Find part "Authentication Filters" and click on "laymanHttpHeader"
  4. In part "Role source" choose "Role service" in left dropdown and "layman_role_service" in right dropdown.
  5. Click on Save button.

Changes

• #1021 Fix WFS-T error by manually changing GeoServer configuration as described in upgrade requirements.
• #1022 Fix login in demo configuration with authentication.

v1.23.1

Known issues

• #1021 WFS-T error "<layer> is read-only".
  • Fixed in v1.23.2.
• #1022 Login not working in demo configuration with authentication
  • Fixed in v1.23.2.

Changes

• #1016 Flower and Celery worker containers used to wait for all dependencies and also check role service, from now on it waits only for Layman API to be ready.
• #165 Roles in REST endpoint GET Roles result are in alphabetical order.

v1.23.0

Known issues

• #1016 Flower container did not start if LAYMAN_ROLE_SERVICE_URI points to host.docker.internal.
  • Fixed in v1.23.1.
• #1021 WFS-T error "<layer> is read-only".
  • Fixed in v1.23.2.
• #1022 Login not working in demo configuration with authentication
  • Fixed in v1.23.2.

Upgrade requirements

• Change environment variable LAYMAN_CLIENT_VERSION:

  LAYMAN_CLIENT_VERSION=v1.18.0
  

• Stop using environment variable LAYMAN_GS_ROLE_SERVICE, it has no effect to Layman anymore. Layman now uses role service identified by new environment variable LAYMAN_ROLE_SERVICE_URI. The service is called layman_role_service on GeoServer.
• Set new environment variable LAYMAN_ROLE_SERVICE_URI
• Stop using environment variable OAUTH2_INTROSPECTION_SUB_KEY, it has no effect to Layman anymore.
• If you are using Wagtail as OAuth2 provider
  • After running make upgrade-demo or make upgrade-demo-full, run also script v1_23_change_oauth2_sub_username_to_user_id.py:

    docker compose -f docker-compose.deps.demo.yml -f docker-compose.demo.yml run --rm --no-deps -u root -e LAYMAN_WAGTAIL_DB_URI=<URI_of_Wagtail_db> layman bash -c "cd src && python3 -B v1_23_change_oauth2_sub_username_to_user_id.py"

    • URI_of_Wagtail_db is PostgreSQL connection URI to Wagtail database, e.g. postgresql://user:password@host.docker.internal:5432/wagtail_db_name
    • The script changes OAuth2 "sub" values in Layman prime DB schema from Wagtail usernames to Wagtail user IDs. See 940.

Migrations and checks

Schema migrations

• #165 Add column role_name to table rights in prime DB schema. Add constraint that exactly one of columns role_name and id_user is not null.
• #165 Create DB schema _role_service that can be used as role service.
• #165 Column name in table workspaces in prime DB schema length is changed to 59 characters.
• Drop DB table right_types.

Data migrations

• #165 Delete technical roles and user-role relations in GeoServer default role service, which is now replaced by JDBC role service.

Changes

• #165 Prior to this version, Layman enabled to use usernames and pseudo-role EVERYONE in access rights. From now on, Layman accepts also role names.
• #165 Roles (except of EVERYONE) are managed by role service.
• #165 New REST endpoint GET Roles with list of all roles registered in role service, that can be used in access rights.
  • This new endpoint was added to Test Client into tab "Others".
• #165 POST Workspace Layers/Maps and PATCH Workspace Layer/Map saves role names mentioned in access_rights.read and access_rights.write parameters into prime DB schema.
• #165 Many requests respect roles in access rights:
  • GET/PATCH/DELETE Workspace Layer
  • GET Workspace Layer Thumbnail/Style/Metadata Comparison/Chunk
  • GET/PATCH/DELETE Workspace Map
  • GET Workspace Map File/Thumbnail/Metadata Comparison
  • GET Workspace Layers/Maps
  • GET Layers/Maps/Publications
  • DELETE Workspace Layers/Maps
  • requests to WMS and WFS endpoints
• #165 POST Workspace Layers/Maps respects roles in GRANT_CREATE_PUBLIC_WORKSPACE and GRANT_PUBLISH_IN_PUBLIC_WORKSPACE
• #165 Many endpoints return previously associated role names in access_rights.read and access_rights.write keys:
  • GET/PATCH Workspace Layer
  • GET/PATCH Workspace Map
  • GET Workspace Layers/Maps
  • GET Layers/Maps/Publications
• #165 Name of users and public workspaces are from now on restricted to a maximum length of 59 characters.
• 940 Use userId as OAuth2 "sub" instead of username. This is suitable for Wagtail.
• 940 Stop supporting Liferay as OAuth2 provider.
• 941 Wagtail database is now persistent when restarting Layman or Wagtail.
• All changes from v1.22.1, v1.22.2 and v1.22.3.
• #960 Handle WMS requests with HTTP error more efficiently in timgen.
• #962 Make values of layman_metadata.publication_status and status key(s) more consistent in responses of PATCH Workspace Layer/Map and GET Workspace Layer/Map.
• Timgen handles better some edge cases:
  • If map's internal layer points to non-existent workspace, Timgen is faster and does not fail.
  • If map's file was not obtained from Layman, Timgen fails quickly.
• Upgrade Python dependencies
  • werkzeug 2.3.7 -> 3.0.7 (suggested by dependabot)
  • urllib3 1.26.16 -> 1.26.18 (suggested by dependabot)
  • pillow 10.0.0 -> 10.1.0 (suggested by dependabot)
  • cacheout 0.14.1 -> 0.15.0
  • flask 2.3.3 -> 3.0.0
  • jsonschema 4.19.0 -> 4.20.0
  • owslib 0.29.2 -> 0.29.3
  • importlib-metadata 6.8.0 -> 7.0.0
  • psycopg2-binary 2.9.7 -> 2.9.9
  • redis 5.0.0 -> 5.0.1
  • unidecode 1.3.6 -> 1.3.7
  • platformdirs 3.10.0 -> 4.1.0
  • pycodestyle 2.11.0 -> 2.11.1
  • pytest 7.4.2 -> 7.4.3
  • pytest-rerunfailures 12.0 -> 13.0
  • pytest-timeout 2.1.0 -> 2.2.0
• Add development dependency plantuml/plantuml for rendering PlantUML diagrams.

v1.22.3

Known issues

• #1022 Login not working in demo configuration with authentication
  • Fixed in v1.23.2.

Upgrade requirements

• Change environment variable LAYMAN_CLIENT_VERSION:

  LAYMAN_CLIENT_VERSION=v1.17.2
  

Changes

• Improve logging in Layman Test Client related to Passport.js.
• 968 Enable to use not-so-secure SSL communication (UnsafeLegacyRenegotiation) in Layman Test Client. It can be activated by environment variable NODE_OPTIONS:

  NODE_OPTIONS="--openssl-config=/code/unsafe_openssl.cnf"
  

v1.22.2

Known issues

• #1022 Login not working in demo configuration with authentication
  • Fixed in v1.23.2.

Upgrade requirements

• Change environment variable LAYMAN_CLIENT_VERSION:

  LAYMAN_CLIENT_VERSION=v1.17.1
  

Changes

• #958 Fix X-Forwarded-Proto on LTC proxy with https protocol in demo environment.
• #956 Fix login to GeoServer with https protocol.
• #952 Fix patch saving publication files before access right validation.

v1.22.1

Known issues

• #956 Unable to login into GeoServer with https protocol
  • Fixed in v1.22.2.
• #958 Request through LTC proxy returns URLs with http although request came to https
  • Fixed in v1.22.2.
• #1022 Login not working in demo configuration with authentication
  • Fixed in v1.23.2.

Changes

• #949 Fix reading map-layer relations from map composition that includes also other than WMS and Vector layers.