[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[EP-tech] Re: How to create a private archive ?



Hi George and John,

Thanks for your ideas.

We will first try to restrict access through network config. It's a 
little more difficult than adding a "Deny from All; Allow from cirad.fr" 
because all of our researchers are not 'on site'. Many are abroad hosted 
by partner institutions. But, we hope our technical staff will be able 
to protect the site this way.

About roles, I think that our public_roles has default rights and none 
of them seem to be about reading archive. Anyway, I didn't try to remove 
any right to public-roles. I will do that to see if it may help...

$c->{public_roles} = [qw{
         +eprint/archive/rest/get
         +subject/rest/get
         +user/public_saved_search/view
}];

As for minuser, I thought it was an "example" role to show how to create 
users with minimal rights. And as such i thought it should be assigned 
to some user to be taken into account. I will try to disable it also.

I didn't know about template/default.xml. I will have a look !

Thanks again,

Cheers
Gilles



Le 18/11/2015 10:49, John Salter a ?crit :
> Possible alternative approach:
> When you say 'employees only', do you have any form of 'on site' IP address, or VPN that could be used to control access?
>
> As each archive runs in its own vhost, you can restrict access at the Apache layer by adding rules into ~/cfg/apache/ARCHIVEID.conf
>
> Cheers,
> John
>
> -----Original Message-----
> From: eprints-tech-bounces at ecs.soton.ac.uk [mailto:eprints-tech-bounces at ecs.soton.ac.uk] On Behalf Of George Mamalakis
> Sent: 18 November 2015 09:22
> To: eprints-tech at ecs.soton.ac.uk
> Subject: [EP-tech] Re: How to create a private archive ?
>
> Hi Gilles,
>
> I think that if you played with cfg.d/user_roles.pl you'd accomplish
> want you want. I think that if you removed any read privileges from the
> default role (I'm not sure which one it is, but it could be
> $c->{public_roles} or probably $c->{user_roles}->{minuser}), or even if
> you removed this role (minuser) totally from the archive it maybe could
> do the job. But I tried it in one of my repos, and it didn't work, so
> maybe I'm doing something wrong. Maybe it would be wiser if I removed
> some privileges from these roles instead of removing the roles totally.
>
> Maybe another approach would be to alter cfg/templates/default.xml to
> conditionally allow to view items (which would allow access to
> hand-coded urls to views, which you wouldn't disire), or to change views
> and searches to return results only on authenticated users (somehow).
>
> I know I didn't help enough, but I'm trying to give you some ideas where
> to start from.
>
> Good luck!
>
> On 16/11/2015 06:52 ??, Gilles Fourni? wrote:
>> Hi,
>>
>> We would like to use EPrints to manage a database of items not related
>> to publications nor documents.
>>
>> For practical reasons, we would like to install this eprints
>> pseudo-archive on the same server used for our open archive repository.
>> So, it would be accessible from internet.
>>
>> But we need to control access (even for reading) to our employees only.
>>
>> I have found no way to prevent visitors to access views or even to view
>> eprints.
>> I hoped that overriding EPrints::Repository::allow_anybody to make it
>> always return 0 would work, but it doesn't.
>>
>> Any advices or suggestions on how to make this "close archive" would be
>> greatly appreciated.
>>
>> Best regards,
>> Gilles
>>
>> *** Options: http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-tech
>> *** Archive: http://www.eprints.org/tech.php/
>> *** EPrints community wiki: http://wiki.eprints.org/
>> *** EPrints developers Forum: http://forum.eprints.org/
>