EPrints Technical Mailing List Archive
See the EPrints wiki for instructions on how to join this mailing list and related information.
Message: #04828
< Previous (by date) | Next (by date) > | < Previous (in thread) | Next (in thread) > | Messages - Most Recent First | Threads - Most Recent First
[EP-tech] Re: Creating a read-only (but read everyting in the archive) user (Field A.N.)
- To: "'eprints-tech@ecs.soton.ac.uk'" <eprints-tech@ecs.soton.ac.uk>
- Subject: [EP-tech] Re: Creating a read-only (but read everyting in the archive) user (Field A.N.)
- From: John Salter <J.Salter@leeds.ac.uk>
- Date: Thu, 1 Oct 2015 12:31:10 +0000
Hi, If you look in ~/archives/ARCHIVEID/cfg/cfg.d/security.pl, you will see the code that checks document permissions. I think that it's this block: if( $security eq "staffonly" ) { # If you want to finer tune this, you could create # new privs and use them. # people with priv editor can read this document... if( $user->has_role( "editor" ) ) { return "ALLOW"; } if( $user->has_role( "admin" ) ) { return "ALLOW"; } # ...as can the user who deposited it... if( $eprint->has_owner( $user ) ) { return "ALLOW"; } # ...but nobody else can return "DENY"; } That is denying your user the access. You may want to re-use the staff-view role in these security checks by adding something like if( $user->has_role( "staff-view" ) ) { return "ALLOW"; } NB This is untested - I'd check thoroughly before using it. If you're interested in how EPrints gets to the methods in this file, this might be useful: http://wiki.eprints.org/w/Anatomy_of_a_request#EPrint_IDs.2C_Documents_and_EP_TRIGGER_DOC_URL_REWRITE The Apache handlers are: EPrints::Apache::Auth::authen_doc EPrints::Apache::Auth::authz_doc - which in turn call $doc->permit(...) - which leads to $c->{can_user_view_document} and/or $c->{can_request_view_document} Hope that helps! Cheers, John -----Original Message----- From: eprints-tech-bounces@ecs.soton.ac.uk [mailto:eprints-tech-bounces@ecs.soton.ac.uk] On Behalf Of Andras Holl Sent: 01 October 2015 13:08 To: eprints-tech@ecs.soton.ac.uk Subject: [EP-tech] Re: Creating a read-only (but read everyting in the archive) user (Field A.N.) Hi, Unfortunately does not work either of those options, with or without the +. What I would need is access to the full text - this gives Forbidden You don't have permission to access /29341/1/BorsosDevBiol.pdf on this server. error message. Andras > > Message: 4 > Date: Thu, 1 Oct 2015 10:57:56 +0100 > From: "Field A.N." <af05v@ecs.soton.ac.uk> > Subject: [EP-tech] Re: Creating a read-only (but read everyting in > the archive) user To: eprints-tech@ecs.soton.ac.uk Message-ID: > <A5C4C686-599B-47ED-8BE9-03D708E5A83C@ecs.soton.ac.uk> Content-Type: > text/plain; charset=us-ascii > > The 'staff-view' role appears to be what you're looking for ( > https://github.com/eprints/eprints/blob/3.3/perl_lib/EPrints/DataObj/User.pm#L1088 ) > > If you edit the user record in question, and add: > > +staff-view > > ...to the 'Roles' field. If that doesn't work, try again, but > without the '+' and report back so that I now which one works. > > -- > Adam Field > Business Relationship Manager and Community Lead > EPrints Services > +44 (0)23 8059 8814 > > On 30 Sep 2015, at 05:28, Andras Holl wrote: > > > > > > > Dear Colleagues! > > > > How can I create an EPrints user who is capable of reading every > > document in the archive (accepted, on-line documents), even those > > restricted to "repository staff only", but can not change anything? > > No upload, no delete, no moving items from review to archive, etc. > > > > With best regards, Andras Holl > > > > Library and Information Centre, Hungarian Academy of Sciences > > *** Options: http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-tech > > *** Archive: http://www.eprints.org/tech.php/ > > *** EPrints community wiki: http://wiki.eprints.org/ > > *** EPrints developers Forum: http://forum.eprints.org/ > > ------------------------------ -------------------------------------------------------------------------------- Andras Holl / Holl Andras e-mail: holl@konkoly.hu Konkoly Observatory / MTA CsFK CsI Tel.: +36 1 3919368 Fax: +36 1 2754668 IT advisor / Szamitastechn. koordinator Mail: H1525 POBox 67, Budapest, Hungary -------------------------------------------------------------------------------- *** Options: http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-tech *** Archive: http://www.eprints.org/tech.php/ *** EPrints community wiki: http://wiki.eprints.org/ *** EPrints developers Forum: http://forum.eprints.org/
- References:
- [EP-tech] Re: Creating a read-only (but read everyting in the archive) user (Field A.N.)
- From: "Andras Holl" <holl@konkoly.hu>
- [EP-tech] Re: Creating a read-only (but read everyting in the archive) user (Field A.N.)
- Prev by Date: [EP-tech] Re: Creating a read-only (but read everyting in the archive) user (Field A.N.)
- Next by Date: [EP-tech] Re: Creating a read-only (but read everyting in the archive) user (Field A.N.)
- Previous by thread: [EP-tech] Re: Creating a read-only (but read everyting in the archive) user (Field A.N.)
- Next by thread: [EP-tech] Re: Creating a read-only (but read everyting in the archive) user (Field A.N.)
- Index(es):