EPrints Technical Mailing List Archive

Message: #09137

< Previous (by date) | Next (by date) > | < Previous (in thread) | Next (in thread) > | Messages - Most Recent First | Threads - Most Recent First

Re: [EP-tech] permission for "manage records"

CAUTION: This e-mail originated outside the University of Southampton.
Hi John and David,

Thank you, John!  Yes, I confirm that adding "+datasets" worked.  The "Manage Records" menu item showed up, and only the datasets for which the user has permissions shows up in the menu too.  Nice work!

That page about permissions is very useful indeed, David, thank you for creating it.  I also concur that I seem to have a difficult time finding it when I need it, for some reason, so adding some more cross-links to it would be good.  I think it's probably because I search for "permissions" but the page is titled  as "roles and "privileges", but not permissions?

Best wishes!

Tomasz



________________________________________________

Tomasz Neugebauer
Senior Librarian | Bibliothécaire titulaire
Digital Projects & Systems Development Librarian / Bibliothécaire des Projets Numériques & Développement de Systèmes
Concordia University / Université Concordia

Tel. / Tél. 514-848-2424 ext. / poste 7738
Email / courriel: tomasz.neugebauer@concordia.ca

Mailing address / adresse postale: 1455 De Maisonneuve Blvd. W., LB-540-03, Montreal, Quebec H3G 1M8
Street address / adresse municipale: 1400 De Maisonneuve Blvd. W., LB-540-03, Montreal, Quebec H3G 1M8

library.concordia.ca

From: John Salter <J.Salter@leeds.ac.uk>
Sent: Wednesday, December 14, 2022 1:12 AM
To: Tomasz Neugebauer <Tomasz.Neugebauer@concordia.ca>; eprints-tech@ecs.soton.ac.uk <eprints-tech@ecs.soton.ac.uk>
Subject: Re: permission for "manage records"
 

Attention This email originates from outside the concordia.ca domain. // Ce courriel provient de l'extérieur du domaine de concordia.ca




If you give them  '+datasets' as well as '+archivematica/view', I think they should get the link to that screen too.

From: Tomasz Neugebauer <Tomasz.Neugebauer@concordia.ca>
Sent: 13 December 2022 22:47
To: John Salter <J.Salter@leeds.ac.uk>; eprints-tech@ecs.soton.ac.uk <eprints-tech@ecs.soton.ac.uk>
Subject: Re: permission for "manage records"
 
Hi John,

Thank you, yes, I was able to figure it out by looking at the code.
The solution was to add the following:
+DATASET_NAME/view
So in my case, since I wanted to grant access to view the listing of Archivematica dataset, it was:
+archivematica/view
The "Manage Records" link did not show up in the menu for the user, but knowing the link, the user gained access to the listing, so that solved my issue.

Tomasz



From: John Salter <J.Salter@leeds.ac.uk>
Sent: Tuesday, December 13, 2022 1:30 PM
To: Tomasz Neugebauer <Tomasz.Neugebauer@concordia.ca>; eprints-tech@ecs.soton.ac.uk <eprints-tech@ecs.soton.ac.uk>
Subject: RE: permission for "manage records"
 

Attention This email originates from outside the concordia.ca domain. // Ce courriel provient de l'extérieur du domaine de concordia.ca




Hi Tomasz,

I think the screen you mean is EPrints::Plugin::Screen::DataSets*.

 

In that case, there is the 'datasets' permission:

https://github.com/eprints/eprints3.4/blob/00cf55a8de6193528ee50b55dd9db04b36245b78/perl_lib/EPrints/Plugin/Screen/DataSets.pm#L34

 

This is included in the 'editor' role by default:
https://github.com/eprints/eprints3.4/blob/00cf55a8de6193528ee50b55dd9db04b36245b78/perl_lib/EPrints/DataObj/User.pm#L390

 

The DataSets screen checks to see if the logged-in user has the rights to view the various datasets:
https://github.com/eprints/eprints3.4/blob/00cf55a8de6193528ee50b55dd9db04b36245b78/perl_lib/EPrints/Plugin/Screen/DataSets.pm#L73-L97

So you might want to give (or take away) some of those e.g. '-user/view'

 

Does that help a bit more?

 

Cheers,

John

 

* grep -r 'Manage records' lib/lang/

lib/lang/en/phrases/system.xml: <epp:phrase id="Plugin/Screen/DataSets:title">Manage records</epp:phrase>

 

From: Tomasz Neugebauer [mailto:Tomasz.Neugebauer@concordia.ca]
Sent: 13 December 2022 18:07
To: John Salter <J.Salter@leeds.ac.uk>; eprints-tech@ecs.soton.ac.uk
Subject: Re: permission for "manage records"

 

Hi John,

 

Yes, thank you, I was hoping I can do this in this way, but I don't see which actual permission I would need to add for the ability to "Manage Records"?

 

Tomasz

 

 

 

From: John Salter <J.Salter@leeds.ac.uk>
Sent: Tuesday, December 13, 2022 12:33 PM
To: eprints-tech@ecs.soton.ac.uk <eprints-tech@ecs.soton.ac.uk>; Tomasz Neugebauer <Tomasz.Neugebauer@concordia.ca>
Subject: RE: permission for "manage records"

 

Attention This email originates from outside the concordia.ca domain. // Ce courriel provient de l'extérieur du domaine de concordia.ca

 

 

Hi Tomasz,

Not sure if this is the sort of thing you're looking for?

It defines a new user type (research_office) who can look at things in review (the 'staff-view' and 'editor' roles), but removes certain abilities from those roles.

 

If you want to apply this to one individual user, you can add the specific '+eprint/buffer/view:editor' privileges to their profile.

The '+' allows them to do something; the '-' prevents them doing something.

 

$c->{user_roles}->{'research_office'} = [qw{

        general

        edit-own-record

        saved-searches

        set-password

        change-email

        staff-view

        editor

        +eprint/buffer/view:editor

        +eprint/buffer/move_inbox:editor

        -eprint/buffer/move_archive:editor

        -eprint/buffer/edit:editor

        -eprint/buffer/remove:editor

        -eprint/buffer/move_dark_archive:editor

        -eprint/buffer/remove_with_email:editor

}];

 

Cheers,

John

 

From: eprints-tech-bounces@ecs.soton.ac.uk [mailto:eprints-tech-bounces@ecs.soton.ac.uk] On Behalf Of Tomasz Neugebauer via Eprints-tech
Sent: 13 December 2022 17:05
To: eprints-tech@ecs.soton.ac.uk
Subject: [EP-tech] permission for "manage records"

 

CAUTION: This e-mail originated outside the University of Southampton.

Is there a specific permission I could add to a user account so that they can view records through the "Manage Records" interface?  Is there a way to give this permission without giving them full administrator access?

 

Tomasz