EPrints Technical Mailing List Archive
See the EPrints wiki for instructions on how to join this mailing list and related information.
Message: #04830
< Previous (by date) | Next (by date) > | < Previous (in thread) | Next (in thread) > | Messages - Most Recent First | Threads - Most Recent First
[EP-tech] Re: Creating a read-only (but read everyting in the archive) user (Field A.N.)
- To: eprints-tech@ecs.soton.ac.uk
- Subject: [EP-tech] Re: Creating a read-only (but read everyting in the archive) user (Field A.N.)
- From: "Field A.N." <af05v@ecs.soton.ac.uk>
- Date: Fri, 2 Oct 2015 10:32:28 +0100
You should submit this on github as a feature request. It makes sense as a permission to give someone. -- Adam Field Business Relationship Manager and Community Lead EPrints Services +44 (0)23 8059 8814 On 2 Oct 2015, at 07:30, Andras Holl wrote: > > Hi John, > > Thanks a lot, it works! > > I have added the > > if( $user->has_role( "staff-view" ) ) > { > return "ALLOW"; > } > > part to security.pl, > and set the > > staff-view role to the user (without the "+") > > and it works! Thank You! > > Andras > > Andras Holl > Library and Information Centre, > Hungarian Academy of Sciences > >> Hi, >> If you look in ~/archives/ARCHIVEID/cfg/cfg.d/security.pl, you will see the ↵ >> code that checks document permissions. >> I think that it's this block: >> if( $security eq "staffonly" ) >> { >> # If you want to finer tune this, you could create >> # new privs and use them. >> >> # people with priv editor can read this document... >> if( $user->has_role( "editor" ) ) >> { >> return "ALLOW"; >> } >> >> if( $user->has_role( "admin" ) ) >> { >> return "ALLOW"; >> } >> >> # ...as can the user who deposited it... >> if( $eprint->has_owner( $user ) ) >> { >> return "ALLOW"; >> } >> >> # ...but nobody else can >> return "DENY"; >> >> } >> >> That is denying your user the access. >> You may want to re-use the staff-view role in these security checks by adding ↵ >> something like >> if( $user->has_role( "staff-view" ) ) >> { >> return "ALLOW"; >> } >> >> NB This is untested - I'd check thoroughly before using it. >> >> If you're interested in how EPrints gets to the methods in this file, this ↵ >> might be useful: ↵ >> http://wiki.eprints.org/w/Anatomy_of_a_request#EPrint_IDs.2C_Documents_and_EP_TRIGGER_DOC_URL_REWRITE >> The Apache handlers are: >> EPrints::Apache::Auth::authen_doc >> EPrints::Apache::Auth::authz_doc >> - which in turn call $doc->permit(...) >> - which leads to >> $c->{can_user_view_document} and/or $c->{can_request_view_document} >> >> >> Hope that helps! >> Cheers, >> John > > > *** Options: http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-tech > *** Archive: http://www.eprints.org/tech.php/ > *** EPrints community wiki: http://wiki.eprints.org/ > *** EPrints developers Forum: http://forum.eprints.org/
- References:
- [EP-tech] Re: Creating a read-only (but read everyting in the archive) user (Field A.N.)
- From: "Andras Holl" <holl@konkoly.hu>
- [EP-tech] Re: Creating a read-only (but read everyting in the archive) user (Field A.N.)
- Prev by Date: [EP-tech] Re: Creating a read-only (but read everyting in the archive) user (Field A.N.)
- Next by Date: [EP-tech] Help: New Bazaar Accolades
- Previous by thread: [EP-tech] Re: Creating a read-only (but read everyting in the archive) user (Field A.N.)
- Next by thread: [EP-tech] Help: New Bazaar Accolades
- Index(es):