EPrints Technical Mailing List Archive

Message: #09135


< Previous (by date) | Next (by date) > | < Previous (in thread) | Next (in thread) > | Messages - Most Recent First | Threads - Most Recent First

Re: [EP-tech] permission for "manage records"


CAUTION: This e-mail originated outside the University of Southampton.

Thanks David.

That looks like quite a comprehensive page J

I couldn't find much explanation of 'can_be_viewed'.

I've just restructured this: https://wiki.eprints.org/w/How_to_make_a_Screen_for_the_Admin_Section slightly so we can link to the specific 'Making the page appear' section.

 

https://wiki.eprints.org/w/User_Roles_and_Privileges already links to your listing, but I'll try and cross-link the above resources - I think they are useful together.

 

Cheers,

John

 

 

From: eprints-tech-bounces@ecs.soton.ac.uk [mailto:eprints-tech-bounces@ecs.soton.ac.uk] On Behalf Of David R Newman via Eprints-tech
Sent: 14 December 2022 01:12
To: eprints-tech@ecs.soton.ac.uk; Tomasz Neugebauer <Tomasz.Neugebauer@concordia.ca>; John Salter <J.Salter@leeds.ac.uk>
Subject: Re: [EP-tech] permission for "manage records"

 

Hi Tomasz and John,

I wrote a wiki page listing all user roles and privileges a while back:

https://wiki.eprints.org/w/Listings_of_User_Roles_and_Privileges

I think this pretty much confirms what you asserted but may contain other useful information.

Regards

David Newman

On 13/12/2022 10:47 pm, Tomasz Neugebauer via Eprints-tech wrote:

CAUTION: This e-mail originated outside the University of Southampton.

Hi John,



Thank you, yes, I was able to figure it out by looking at the code.

The solution was to add the following:

+DATASET_NAME/view

So in my case, since I wanted to grant access to view the listing of Archivematica dataset, it was:

+archivematica/view

The "Manage Records" link did not show up in the menu for the user, but knowing the link, the user gained access to the listing, so that solved my issue.

 

Tomasz

 

 

 


From: John Salter <J.Salter@leeds.ac.uk>
Sent: Tuesday, December 13, 2022 1:30 PM
To: Tomasz Neugebauer <Tomasz.Neugebauer@concordia.ca>; eprints-tech@ecs.soton.ac.uk <eprints-tech@ecs.soton.ac.uk>
Subject: RE: permission for "manage records"

 

Attention This email originates from outside the concordia.ca domain. // Ce courriel provient de l'extérieur du domaine de concordia.ca

 

 

Hi Tomasz,

I think the screen you mean is EPrints::Plugin::Screen::DataSets*.

 

In that case, there is the 'datasets' permission:

https://github.com/eprints/eprints3.4/blob/00cf55a8de6193528ee50b55dd9db04b36245b78/perl_lib/EPrints/Plugin/Screen/DataSets.pm#L34

 

This is included in the 'editor' role by default:
https://github.com/eprints/eprints3.4/blob/00cf55a8de6193528ee50b55dd9db04b36245b78/perl_lib/EPrints/DataObj/User.pm#L390

 

The DataSets screen checks to see if the logged-in user has the rights to view the various datasets:
https://github.com/eprints/eprints3.4/blob/00cf55a8de6193528ee50b55dd9db04b36245b78/perl_lib/EPrints/Plugin/Screen/DataSets.pm#L73-L97

So you might want to give (or take away) some of those e.g. '-user/view'

 

Does that help a bit more?

 

Cheers,

John

 

* grep -r 'Manage records' lib/lang/

lib/lang/en/phrases/system.xml: <epp:phrase id="Plugin/Screen/DataSets:title">Manage records</epp:phrase>

 

From: Tomasz Neugebauer [mailto:Tomasz.Neugebauer@concordia.ca]
Sent: 13 December 2022 18:07
To: John Salter <J.Salter@leeds.ac.uk>; eprints-tech@ecs.soton.ac.uk
Subject: Re: permission for "manage records"

 

Hi John,

 

Yes, thank you, I was hoping I can do this in this way, but I don't see which actual permission I would need to add for the ability to "Manage Records"?

 

Tomasz

 

 

 


From: John Salter <J.Salter@leeds.ac.uk>
Sent: Tuesday, December 13, 2022 12:33 PM
To: eprints-tech@ecs.soton.ac.uk <eprints-tech@ecs.soton.ac.uk>; Tomasz Neugebauer <Tomasz.Neugebauer@concordia.ca>
Subject: RE: permission for "manage records"

 

Attention This email originates from outside the concordia.ca domain. // Ce courriel provient de l'extérieur du domaine de concordia.ca

 

 

Hi Tomasz,

Not sure if this is the sort of thing you're looking for?

It defines a new user type (research_office) who can look at things in review (the 'staff-view' and 'editor' roles), but removes certain abilities from those roles.

 

If you want to apply this to one individual user, you can add the specific '+eprint/buffer/view:editor' privileges to their profile.

The '+' allows them to do something; the '-' prevents them doing something.

 

$c->{user_roles}->{'research_office'} = [qw{

        general

        edit-own-record

        saved-searches

        set-password

        change-email

        staff-view

        editor

        +eprint/buffer/view:editor

        +eprint/buffer/move_inbox:editor

        -eprint/buffer/move_archive:editor

        -eprint/buffer/edit:editor

        -eprint/buffer/remove:editor

        -eprint/buffer/move_dark_archive:editor

        -eprint/buffer/remove_with_email:editor

}];

 

Cheers,

John

 

From: eprints-tech-bounces@ecs.soton.ac.uk [mailto:eprints-tech-bounces@ecs.soton.ac.uk] On Behalf Of Tomasz Neugebauer via Eprints-tech
Sent: 13 December 2022 17:05
To: eprints-tech@ecs.soton.ac.uk
Subject: [EP-tech] permission for "manage records"

 

CAUTION: This e-mail originated outside the University of Southampton.

Is there a specific permission I could add to a user account so that they can view records through the "Manage Records" interface?  Is there a way to give this permission without giving them full administrator access?

 

Tomasz

 



*** Options: http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-tech
*** Archive: http://www.eprints.org/tech.php/
*** EPrints community wiki: http://wiki.eprints.org/