It should be possible to discover a layer [table] schema and restrict access to the fields by roles.

Currently requests for layer data, eg. wkt, geojson, mvt do not restrict which fields are accessible.

I can send a wkt request with any fields as fields param.

http://localhost:3000/api/query?geom=geom_p_4326&layer=retailpoints&locale=locale&srid=4326&table=geodata.uk_glx_open_retail_points&template=wkt&fields=retailer,store_name,open_date

Request params fields should be restricted to the fields in the json layer. These can be restricted with the current roles model.

This will work in a similar fashion to restrictions for table param.

Any layer query method should return an access error if fields are requested that are not available to a user.