EPrints Technical Mailing List Archive

Message: #07635

< Previous (by date) | Next (by date) > | < Previous (in thread) | Next (in thread) > | Messages - Most Recent First | Threads - Most Recent First

Re: [EP-tech] Error whilst depositing via SWORD

Hi David,

Excellent!

I had a bit of a look at this last night - and was trying to get my head round what was newer code, what was older code, and whether anything needed to be elevated into the handler / new methods. It looks like what you've got is all good!

 

One thought about the mediation (with a bit of a GDPR / allow the minimum access needed to do what needs to be done hat on), would it make sense to allow a finer-grained mediate rule e.g.

+user/mediate                 #allow mediation of any user

+user/mediate/bob       #allow mediation of user 'bob'

Or possibly

+user/mediate/username/bob                 #allow mediation of user 'bob'

+user/mediate/usertype/editor                               #allow mediation of editor users

 

I haven't read the SWORD specs on a while - and don't know whether this is allowed.

I think this is an extension of the current functionality - and possibly should be treated as an enhancement.

 

Cheers,

John

 

 

From: eprints-tech-bounces@ecs.soton.ac.uk [mailto:eprints-tech-bounces@ecs.soton.ac.uk] On Behalf Of Newman D.R. via Eprints-tech
Sent: 07 January 2019 17:36
To: eprints-tech@ecs.soton.ac.uk; John Salter <J.Salter@leeds.ac.uk>; Fran Callaghan <fran.callaghan@dcu.ie>
Subject: Re: [EP-tech] Error whilst depositing via SWORD

 

Hi John / Fran,

 

I believe I have made the appropriate tweaks needed in EPrints 3.4's perl_lib/EPrints/Apache/CRUD.pm and this seems to fix the issue from my testing.  You will need to set an extra role for the user that is going to submit "on behalf of" other users.  This permission is:

 

+user/mediate

 

I will endeavour to post the updated version to GitHub soon, assuming it is not too different to the version I was working against.  However, if you want to make the changes yourself, there are only three places in CRUD.pm that need fixed (see below).  I am assuming this is on a development instance you are working on, as I would not be 100% confident this will not have any side effects.  John thoughts?

 

Regards

 

David Newman

 

# 1. sub handler

- my( $rc, $owner ) = on_behalf_of( $repo, $r, $user );

+ my( $rc, $owner ) = $self->on_behalf_of( $user );

 

 

# 2. sub on_behalf_of

- my( $repo, $r, $user ) = @_;

+ my( $self, $user ) = @_;

 

- my $err = {

- status => HTTP_FORBIDDEN,

- summary => "Target user unknown or no permission to act on-behalf-of",

- };

+ my $r = $self->request;

+       my $repo = $self->repository;

 

  my $_on_behalf_of_ =

  $r->headers_in->{'On-Behalf-Of'} || # SWORD 2.0

$r->headers_in->{'X-On-Behalf-Of'}; # SWORD 1.3

 

        return( OK, $user ) if !$on_behalf_of;

 

  my $owner = $repo->user_by_username( $on_behalf_of );

 

- return sword_error($repo, $r, %$err )

+ return ( HTTP_FORBIDDEN, undef )

  if !defined $owner;

- return sword_error($repo, $r, %$err ) 

+ return ( HTTP_FORBIDDEN, undef )

  if !$user->allow( "user/mediate", $owner );

 

  return( OK, $owner );

 

 

# 3. sub servicedocument

  my $user = $repo->current_user;

  EPrints->abort( "unprotected" ) if !defined $user; # Rewrite foobar

- my $_on_behalf_of_ = on_behalf_of( $repo, $r, $user );

- if( $on_behalf_of->{status} != OK )

+ my ( $status, $on_behalf_of ) = $self->on_behalf_of( $user );

+ if( $status != OK )

  {

- return sword_error( $repo, $r, %$on_behalf_of );

+ return $self->sword_error( 

+ status => HTTP_FORBIDDEN,

+                        summary => "Target user unknown or no permission to act on-behalf-of",

+ );

  }

- $_on_behalf_of_ = $on_behalf_of->{on_behalf_of};

 

 

 

On Mon, 2019-01-07 at 16:30 +0000, John Salter via Eprints-tech wrote:

Hi Fran,

It would depend on the CRIS system, and local policy: is knowing who the depositing author is from within EPrints important?

 

You could create a 'CRIS' account - and all deposits would be made by this account (if the CRIS system allows this).

 

I think both the Pure and the Symplectic connectors can do something similar to this - so it might be worth pursuing.

 

If I get a chance I'll take a look at the module tonight.

Would you be in a position to test a proposed update to the file this week?

 

Cheers,

John

From: eprints-tech-bounces@ecs.soton.ac.uk [mailto:eprints-tech-bounces@ecs.soton.ac.uk] On Behalf Of Fran Callaghan via Eprints-tech

Sent: 07 January 2019 16:08

Subject: Re: [EP-tech] Error whilst depositing via SWORD

 

Hi John,

 

The depositing system is our CRIS. Would this make sense in so far as it would be making deposits "on behalf of" genuine researchers? Does the depositing system need to make this explicit in the first place? Can't it just deposit with a different author name?

 

Thanks all,

 

Fran Callaghan

 

 

On Mon, 7 Jan 2019 at 15:38, John Salter <J.Salter@leeds.ac.uk> wrote:

Hi Fran,

Taking a quick look at the code, I think the issue is that in the CRUD module, there are a couple of instances where the 'sword_error' is called as a raw function , rather than an object method e.g.:

Normal working:

 

Function call in servicedocument function:

and 'on_behalf_of' function:

 

This issue will only become apparent when you're doing a SWORD deposit using the 'on-behalf-of' header.

I think it may have been present for ~7 years, when the first line of the sword_error function was changed from

my( $repo, $r, %opts ) = @_;

to

my( $self, %opts ) = @_;

 

I think it's more than a 5-minute job to fix properly - I need to get into the code a bit more to understand what was changed - and how to resolve it.

 

I'll log it in GitHub and let you know try and come up with a solution - unless anyone else fancies having a  go..?

 

Cheers,

John

 

 

From: eprints-tech-bounces@ecs.soton.ac.uk [mailto:eprints-tech-bounces@ecs.soton.ac.uk] On Behalf Of Fran Callaghan via Eprints-tech

Sent: 07 January 2019 14:50

Subject: [EP-tech] Error whilst depositing via SWORD

 

Hi All,

 

We have a third party depositing via SWORD. They're getting a generic 500 message back but when I lookup the error_log corresponding to the time of the test I can see this message...

 

[Mon Jan 07 13:46:18.179171 2019] [perl:error] [pid 10713] [client X.X.X.X] Can't locate object method "repository" via package "EPrints::Repository" at /opt/eprints3/perl_lib/EPrints/Apache/CRUD.pm line 1977.\n

 

Any ideas what's wrong with CRUD.pm? Or is it a problem with the syntax of the deposit? I had expected SWORD to be pretty much plug and play (actually not even 'plug' since the documentation says it is configured by default).

 

**NOTE: I have X'd out the client IP address, it's a genuine IP in the original message

 

Thanks all,

Fran Callaghan

 

 

Séanadh Ríomhphoist/Email Disclaimer

Tá an ríomhphost seo agus aon chomhad a sheoltar leis faoi rún agus is lena úsáid ag an seolaí agus sin amháin é. Is féidir tuilleadh a léamh anseo. 

This e-mail and any files transmitted with it are confidential and are intended solely for use by the addressee. Read more here.

 

 

 

 

 

 

Séanadh Ríomhphoist/Email Disclaimer

Tá an ríomhphost seo agus aon chomhad a sheoltar leis faoi rún agus is lena úsáid ag an seolaí agus sin amháin é. Is féidir tuilleadh a léamh anseo. 

This e-mail and any files transmitted with it are confidential and are intended solely for use by the addressee. Read more here.

 

 

 

 

 

*** EPrints community wiki: http://wiki.eprints.org/

*** EPrints developers Forum: http://forum.eprints.org/