EPrints Technical Mailing List Archive

See the EPrints wiki for instructions on how to join this mailing list and related information.

Message: #05129


< Previous (by date) | Next (by date) > | < Previous (in thread) | Next (in thread) > | Messages - Most Recent First | Threads - Most Recent First

[EP-tech] Re: How to create a private archive ?



Very useful, indeed...
It does pretty much what we wanted.

I hope I'll be able to customize it to match all of our requirements, but it is already pretty close.
Thanks !

Cheers,
Gilles

Le 18/11/2015 13:06, John Salter a écrit :
Not sure what this http://bazaar.eprints.org/230/ does - may or may not be useful (or contain useful clues)!

Cheers,
John

________________________________________
From: eprints-tech-bounces@ecs.soton.ac.uk <eprints-tech-bounces@ecs.soton.ac.uk> on behalf of Gilles Fournié <gilles.fournie@cirad.fr>
Sent: 18 November 2015 10:29
To: eprints-tech@ecs.soton.ac.uk
Subject: [EP-tech] Re: How to create a private archive ?

Hi George and John,

Thanks for your ideas.

We will first try to restrict access through network config. It's a
little more difficult than adding a "Deny from All; Allow from cirad.fr"
because all of our researchers are not 'on site'. Many are abroad hosted
by partner institutions. But, we hope our technical staff will be able
to protect the site this way.

About roles, I think that our public_roles has default rights and none
of them seem to be about reading archive. Anyway, I didn't try to remove
any right to public-roles. I will do that to see if it may help...

$c->{public_roles} = [qw{
          +eprint/archive/rest/get
          +subject/rest/get
          +user/public_saved_search/view
}];

As for minuser, I thought it was an "example" role to show how to create
users with minimal rights. And as such i thought it should be assigned
to some user to be taken into account. I will try to disable it also.

I didn't know about template/default.xml. I will have a look !

Thanks again,

Cheers
Gilles



Le 18/11/2015 10:49, John Salter a écrit :
Possible alternative approach:
When you say 'employees only', do you have any form of 'on site' IP address, or VPN that could be used to control access?

As each archive runs in its own vhost, you can restrict access at the Apache layer by adding rules into ~/cfg/apache/ARCHIVEID.conf

Cheers,
John

-----Original Message-----
From: eprints-tech-bounces@ecs.soton.ac.uk [mailto:eprints-tech-bounces@ecs.soton.ac.uk] On Behalf Of George Mamalakis
Sent: 18 November 2015 09:22
To: eprints-tech@ecs.soton.ac.uk
Subject: [EP-tech] Re: How to create a private archive ?

Hi Gilles,

I think that if you played with cfg.d/user_roles.pl you'd accomplish
want you want. I think that if you removed any read privileges from the
default role (I'm not sure which one it is, but it could be
$c->{public_roles} or probably $c->{user_roles}->{minuser}), or even if
you removed this role (minuser) totally from the archive it maybe could
do the job. But I tried it in one of my repos, and it didn't work, so
maybe I'm doing something wrong. Maybe it would be wiser if I removed
some privileges from these roles instead of removing the roles totally.

Maybe another approach would be to alter cfg/templates/default.xml to
conditionally allow to view items (which would allow access to
hand-coded urls to views, which you wouldn't disire), or to change views
and searches to return results only on authenticated users (somehow).

I know I didn't help enough, but I'm trying to give you some ideas where
to start from.

Good luck!

On 16/11/2015 06:52 μμ, Gilles Fournié wrote:
Hi,

We would like to use EPrints to manage a database of items not related
to publications nor documents.

For practical reasons, we would like to install this eprints
pseudo-archive on the same server used for our open archive repository.
So, it would be accessible from internet.

But we need to control access (even for reading) to our employees only.

I have found no way to prevent visitors to access views or even to view
eprints.
I hoped that overriding EPrints::Repository::allow_anybody to make it
always return 0 would work, but it doesn't.

Any advices or suggestions on how to make this "close archive" would be
greatly appreciated.

Best regards,
Gilles

*** Options: http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-tech
*** Archive: http://www.eprints.org/tech.php/
*** EPrints community wiki: http://wiki.eprints.org/
*** EPrints developers Forum: http://forum.eprints.org/

*** Options: http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-tech
*** Archive: http://www.eprints.org/tech.php/
*** EPrints community wiki: http://wiki.eprints.org/
*** EPrints developers Forum: http://forum.eprints.org/

*** Options: http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-tech
*** Archive: http://www.eprints.org/tech.php/
*** EPrints community wiki: http://wiki.eprints.org/
*** EPrints developers Forum: http://forum.eprints.org/