Authentication is now done using a signed token provided by the Django
server, sent by the JS client and checked by the WebSocket server.
The token contains a `permissions` key that's checked to ensure the user
has access to the map "room", where events will be shared by the peers.
This is the same as "map new", but it is not in edit mode. This
allow to click on the elements and see the popups instead of editing
it when using a `dataUrl` query string.
This way of using uMap is not documented, but it's used by some
partners (Deveco recently, data.gouv.fr historicaly).
In the same time, this PR adds two things:
- possibility to pass data direclty in querystring (instead of an URL):
in the case of Deveco, they have pages where only point is shown (for
each company)
- possibility to pass style options directly from query string: may
allow for example to control the `popupTemplate`, eg. to use a table
one that will display all properties of the clicked feature
Note: dataUrl and such also works in normal "map new" view. There are
two use cases around those parameters, from external sites:
- see this data on uMap (should point on map preview)
- create a map with those data (should point on map new)
Instead of dealing with in JavaScript, let's do a more classic
HTTP flow.
The main flows work, but there is still at least one to deal with:
when editing a map without being logged in, the server may ask for
login, and in this case we should login THEN reissue the request,
so we need to interrupt the first request in some way,
otherwise the server will still answer with a 403, which is what
happens after this commit.
This also replaced pg_index with a simple builting seach
based on tsvector, as pg_index is not compliant with Django 1.8,
and as some old dependencies that would need to be upgrade too.
