EPrints Technical Mailing List Archive
See the EPrints wiki for instructions on how to join this mailing list and related information.
Message: #04829
< Previous (by date) | Next (by date) > | < Previous (in thread) | Next (in thread) > | Messages - Most Recent First | Threads - Most Recent First
[EP-tech] Re: Creating a read-only (but read everyting in the archive) user (Field A.N.)
- To: eprints-tech@ecs.soton.ac.uk
- Subject: [EP-tech] Re: Creating a read-only (but read everyting in the archive) user (Field A.N.)
- From: "Andras Holl" <holl@konkoly.hu>
- Date: Fri, 2 Oct 2015 08:30:52 +0200
Hi John, Thanks a lot, it works! I have added the if( $user->has_role( "staff-view" ) ) { return "ALLOW"; } part to security.pl, and set the staff-view role to the user (without the "+") and it works! Thank You! Andras Andras Holl Library and Information Centre, Hungarian Academy of Sciences >Hi, >If you look in ~/archives/ARCHIVEID/cfg/cfg.d/security.pl, you will see the ↵ >code that checks document permissions. >I think that it's this block: > if( $security eq "staffonly" ) > { > # If you want to finer tune this, you could create > # new privs and use them. > > # people with priv editor can read this document... > if( $user->has_role( "editor" ) ) > { > return "ALLOW"; > } > > if( $user->has_role( "admin" ) ) > { > return "ALLOW"; > } > > # ...as can the user who deposited it... > if( $eprint->has_owner( $user ) ) > { > return "ALLOW"; > } > > # ...but nobody else can > return "DENY"; > > } > >That is denying your user the access. >You may want to re-use the staff-view role in these security checks by adding ↵ >something like > if( $user->has_role( "staff-view" ) ) > { > return "ALLOW"; > } > >NB This is untested - I'd check thoroughly before using it. > >If you're interested in how EPrints gets to the methods in this file, this ↵ >might be useful: ↵ >http://wiki.eprints.org/w/Anatomy_of_a_request#EPrint_IDs.2C_Documents_and_EP_TRIGGER_DOC_URL_REWRITE >The Apache handlers are: >EPrints::Apache::Auth::authen_doc >EPrints::Apache::Auth::authz_doc >- which in turn call $doc->permit(...) > - which leads to >$c->{can_user_view_document} and/or $c->{can_request_view_document} > > >Hope that helps! >Cheers, >John
- Follow-Ups:
- [EP-tech] Re: Creating a read-only (but read everyting in the archive) user (Field A.N.)
- From: "Field A.N." <af05v@ecs.soton.ac.uk>
- [EP-tech] Re: Creating a read-only (but read everyting in the archive) user (Field A.N.)
- Prev by Date: [EP-tech] Re: Creating a read-only (but read everyting in the archive) user (Field A.N.)
- Next by Date: [EP-tech] Re: Creating a read-only (but read everyting in the archive) user (Field A.N.)
- Previous by thread: [EP-tech] Re: Creating a read-only (but read everyting in the archive) user (Field A.N.)
- Next by thread: [EP-tech] Re: Creating a read-only (but read everyting in the archive) user (Field A.N.)
- Index(es):