EPrints Technical Mailing List Archive
Message: #04828
< Previous (by date) | Next (by date) > | < Previous (in thread) | Next (in thread) > | Messages - Most Recent First | Threads - Most Recent First
[EP-tech] Re: Creating a read-only (but read everyting in the archive) user (Field A.N.)
- To: "'eprints-tech@ecs.soton.ac.uk'" <eprints-tech@ecs.soton.ac.uk>
- Subject: [EP-tech] Re: Creating a read-only (but read everyting in the archive) user (Field A.N.)
- From: John Salter <J.Salter@leeds.ac.uk>
- Date: Thu, 1 Oct 2015 12:31:10 +0000
Hi,
If you look in ~/archives/ARCHIVEID/cfg/cfg.d/security.pl, you will see the code that checks document permissions.
I think that it's this block:
if( $security eq "staffonly" )
{
# If you want to finer tune this, you could create
# new privs and use them.
# people with priv editor can read this document...
if( $user->has_role( "editor" ) )
{
return "ALLOW";
}
if( $user->has_role( "admin" ) )
{
return "ALLOW";
}
# ...as can the user who deposited it...
if( $eprint->has_owner( $user ) )
{
return "ALLOW";
}
# ...but nobody else can
return "DENY";
}
That is denying your user the access.
You may want to re-use the staff-view role in these security checks by adding something like
if( $user->has_role( "staff-view" ) )
{
return "ALLOW";
}
NB This is untested - I'd check thoroughly before using it.
If you're interested in how EPrints gets to the methods in this file, this might be useful: http://wiki.eprints.org/w/Anatomy_of_a_request#EPrint_IDs.2C_Documents_and_EP_TRIGGER_DOC_URL_REWRITE
The Apache handlers are:
EPrints::Apache::Auth::authen_doc
EPrints::Apache::Auth::authz_doc
- which in turn call $doc->permit(...)
- which leads to
$c->{can_user_view_document} and/or $c->{can_request_view_document}
Hope that helps!
Cheers,
John
-----Original Message-----
From: eprints-tech-bounces@ecs.soton.ac.uk [mailto:eprints-tech-bounces@ecs.soton.ac.uk] On Behalf Of Andras Holl
Sent: 01 October 2015 13:08
To: eprints-tech@ecs.soton.ac.uk
Subject: [EP-tech] Re: Creating a read-only (but read everyting in the archive) user (Field A.N.)
Hi,
Unfortunately does not work either of those options, with or without the +.
What I would need is access to the full text - this gives
Forbidden
You don't have permission to access /29341/1/BorsosDevBiol.pdf on this server.
error message.
Andras
>
> Message: 4
> Date: Thu, 1 Oct 2015 10:57:56 +0100
> From: "Field A.N." <af05v@ecs.soton.ac.uk>
> Subject: [EP-tech] Re: Creating a read-only (but read everyting in
> the archive) user To: eprints-tech@ecs.soton.ac.uk Message-ID:
> <A5C4C686-599B-47ED-8BE9-03D708E5A83C@ecs.soton.ac.uk> Content-Type:
> text/plain; charset=us-ascii
>
> The 'staff-view' role appears to be what you're looking for (
>
https://github.com/eprints/eprints/blob/3.3/perl_lib/EPrints/DataObj/User.pm#L1088
)
>
> If you edit the user record in question, and add:
>
> +staff-view
>
> ...to the 'Roles' field. If that doesn't work, try again, but
> without the '+' and report back so that I now which one works.
>
> --
> Adam Field
> Business Relationship Manager and Community Lead
> EPrints Services
> +44 (0)23 8059 8814
>
> On 30 Sep 2015, at 05:28, Andras Holl wrote:
>
> >
> >
> > Dear Colleagues!
> >
> > How can I create an EPrints user who is capable of reading every
> > document in the archive (accepted, on-line documents), even those
> > restricted to "repository staff only", but can not change anything?
> > No upload, no delete, no moving items from review to archive, etc.
> >
> > With best regards, Andras Holl
> >
> > Library and Information Centre, Hungarian Academy of Sciences
> > *** Options: http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-tech
> > *** Archive: http://www.eprints.org/tech.php/
> > *** EPrints community wiki: http://wiki.eprints.org/
> > *** EPrints developers Forum: http://forum.eprints.org/
>
> ------------------------------
--------------------------------------------------------------------------------
Andras Holl / Holl Andras e-mail: holl@konkoly.hu
Konkoly Observatory / MTA CsFK CsI Tel.: +36 1 3919368 Fax: +36 1 2754668
IT advisor / Szamitastechn. koordinator Mail: H1525 POBox 67, Budapest, Hungary
--------------------------------------------------------------------------------
*** Options: http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-tech
*** Archive: http://www.eprints.org/tech.php/
*** EPrints community wiki: http://wiki.eprints.org/
*** EPrints developers Forum: http://forum.eprints.org/
- References:
- [EP-tech] Re: Creating a read-only (but read everyting in the archive) user (Field A.N.)
- From: "Andras Holl" <holl@konkoly.hu>
- [EP-tech] Re: Creating a read-only (but read everyting in the archive) user (Field A.N.)
- Prev by Date: [EP-tech] Re: Creating a read-only (but read everyting in the archive) user (Field A.N.)
- Next by Date: [EP-tech] Re: Creating a read-only (but read everyting in the archive) user (Field A.N.)
- Previous by thread: [EP-tech] Re: Creating a read-only (but read everyting in the archive) user (Field A.N.)
- Next by thread: [EP-tech] Re: Creating a read-only (but read everyting in the archive) user (Field A.N.)
- Index(es):