EPrints Technical Mailing List Archive

Message: #05127

< Previous (by date) | Next (by date) > | < Previous (in thread) | Next (in thread) > | Messages - Most Recent First | Threads - Most Recent First

[EP-tech] Re: How to create a private archive ?

Hi George and John,

Thanks for your ideas.
We will first try to restrict access through network config. It's a little more difficult than adding a "Deny from All; Allow from cirad.fr" because all of our researchers are not 'on site'. Many are abroad hosted by partner institutions. But, we hope our technical staff will be able to protect the site this way.
About roles, I think that our public_roles has default rights and none of them seem to be about reading archive. Anyway, I didn't try to remove any right to public-roles. I will do that to see if it may help... 

$c->{public_roles} = [qw{
        +eprint/archive/rest/get
        +subject/rest/get
        +user/public_saved_search/view
}];
As for minuser, I thought it was an "example" role to show how to create users with minimal rights. And as such i thought it should be assigned to some user to be taken into account. I will try to disable it also. 

I didn't know about template/default.xml. I will have a look !

Thanks again,

Cheers
Gilles



Le 18/11/2015 10:49, John Salter a écrit :

Possible alternative approach:
When you say 'employees only', do you have any form of 'on site' IP address, or VPN that could be used to control access?

As each archive runs in its own vhost, you can restrict access at the Apache layer by adding rules into ~/cfg/apache/ARCHIVEID.conf

Cheers,
John

-----Original Message-----
From: eprints-tech-bounces@ecs.soton.ac.uk [mailto:eprints-tech-bounces@ecs.soton.ac.uk] On Behalf Of George Mamalakis
Sent: 18 November 2015 09:22
To: eprints-tech@ecs.soton.ac.uk
Subject: [EP-tech] Re: How to create a private archive ?

Hi Gilles,

I think that if you played with cfg.d/user_roles.pl you'd accomplish
want you want. I think that if you removed any read privileges from the
default role (I'm not sure which one it is, but it could be
$c->{public_roles} or probably $c->{user_roles}->{minuser}), or even if
you removed this role (minuser) totally from the archive it maybe could
do the job. But I tried it in one of my repos, and it didn't work, so
maybe I'm doing something wrong. Maybe it would be wiser if I removed
some privileges from these roles instead of removing the roles totally.

Maybe another approach would be to alter cfg/templates/default.xml to
conditionally allow to view items (which would allow access to
hand-coded urls to views, which you wouldn't disire), or to change views
and searches to return results only on authenticated users (somehow).

I know I didn't help enough, but I'm trying to give you some ideas where
to start from.

Good luck!

On 16/11/2015 06:52 μμ, Gilles Fournié wrote:

Hi,

We would like to use EPrints to manage a database of items not related
to publications nor documents.

For practical reasons, we would like to install this eprints
pseudo-archive on the same server used for our open archive repository.
So, it would be accessible from internet.

But we need to control access (even for reading) to our employees only.

I have found no way to prevent visitors to access views or even to view
eprints.
I hoped that overriding EPrints::Repository::allow_anybody to make it
always return 0 would work, but it doesn't.

Any advices or suggestions on how to make this "close archive" would be
greatly appreciated.

Best regards,
Gilles

*** Options: http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-tech
*** Archive: http://www.eprints.org/tech.php/
*** EPrints community wiki: http://wiki.eprints.org/
*** EPrints developers Forum: http://forum.eprints.org/