[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[EP-tech] Error whilst depositing via SWORD



Hi John,

That would not be too difficult to implement but would require a
further core change.  I think I will just leave put the patch to fix
the issue for now and this can be improved if people find it necessary
to do so.

Regards

David Newman

On Tue, 2019-01-08 at 10:04 +0000, John Salter wrote:
> Hi David,
> Excellent!
> I had a bit of a look at this last night - and was trying to get my
> head round what was newer code, what was older code, and whether
> anything needed to be elevated into the handler / new methods. It
> looks like what you've got is all good!
>
> One thought about the mediation (with a bit of a GDPR / allow the
> minimum access needed to do what needs to be done hat on), would it
> make sense to allow a finer-grained mediate rule e.g.
> +user/mediate                 #allow mediation of any user
> +user/mediate/bob       #allow mediation of user 'bob'
> Or possibly
> +user/mediate/username/bob                 #allow mediation of user
> 'bob'
> +user/mediate/usertype/editor                               #allow
> mediation of editor users
>
> I haven't read the SWORD specs on a while - and don't know whether
> this is allowed.
> I think this is an extension of the current functionality - and
> possibly should be treated as an enhancement.
>
> Cheers,
> John
>
>
> From: eprints-tech-bounces at ecs.soton.ac.uk [mailto:eprints-tech-bounc
> es at ecs.soton.ac.uk] On Behalf Of Newman D.R. via Eprints-tech
> Sent: 07 January 2019 17:36
> To: eprints-tech at ecs.soton.ac.uk; John Salter <J.Salter at leeds.ac.uk>;
> Fran Callaghan <fran.callaghan at dcu.ie>
> Subject: Re: [EP-tech] Error whilst depositing via SWORD
>
> Hi John / Fran,
>
> I believe I have made the appropriate tweaks needed in EPrints 3.4's
> perl_lib/EPrints/Apache/CRUD.pm and this seems to fix the issue from
> my testing.  You will need to set an extra role for the user that is
> going to submit "on behalf of" other users.  This permission is:
>
> +user/mediate
>
> I will endeavour to post the updated version to GitHub soon, assuming
> it is not too different to the version I was working against.
>  However, if you want to make the changes yourself, there are only
> three places in CRUD.pm that need fixed (see below).  I am assuming
> this is on a development instance you are working on, as I would not
> be 100% confident this will not have any side effects.  John
> thoughts?
>
> Regards
>
> David Newman
>
> # 1. sub handler
> - my( $rc, $owner ) = on_behalf_of( $repo, $r, $user );
> + my( $rc, $owner ) = $self->on_behalf_of( $user );
>
>
> # 2. sub on_behalf_of
> - my( $repo, $r, $user ) = @_;
> + my( $self, $user ) = @_;
>
> - my $err = {
> - status => HTTP_FORBIDDEN,
> - href => "https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fpurl.org%2Fnet%2Fsword%2Ferror%2FTargetOwnerUnknown&amp;data=01%7C01%7C%7C7b13152ca70b4015095f08d675574f7f%7C4a5378f929f44d3ebe89669d03ada9d8%7C1&amp;sdata=WpVAvyokKjpHQGRDkvOn2ss87WO8ZvoueC31BPY0YfI%3D&amp;reserved=0";,
> - summary => "Target user unknown or no permission to act on-behalf-
> of",
> - };
> + my $r = $self->request;
> +       my $repo = $self->repository;
>
>   my $on_behalf_of =
>   $r->headers_in->{'On-Behalf-Of'} || # SWORD 2.0
> $r->headers_in->{'X-On-Behalf-Of'}; # SWORD 1.3
>
>         return( OK, $user ) if !$on_behalf_of;
>
>   my $owner = $repo->user_by_username( $on_behalf_of );
>
> - return sword_error($repo, $r, %$err )
> + return ( HTTP_FORBIDDEN, undef )
>   if !defined $owner;
> - return sword_error($repo, $r, %$err )
> + return ( HTTP_FORBIDDEN, undef )
>   if !$user->allow( "user/mediate", $owner );
>
>   return( OK, $owner );
>
>
> # 3. sub servicedocument
>   my $user = $repo->current_user;
>   EPrints->abort( "unprotected" ) if !defined $user; # Rewrite foobar
> - my $on_behalf_of = on_behalf_of( $repo, $r, $user );
> - if( $on_behalf_of->{status} != OK )
> + my ( $status, $on_behalf_of ) = $self->on_behalf_of( $user );
> + if( $status != OK )
>   {
> - return sword_error( $repo, $r, %$on_behalf_of );
> + return $self->sword_error(
> + status => HTTP_FORBIDDEN,
> + href => "https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fpurl.org%2Fnet%2Fsword%2Ferror%2FTargetOwnerUnknown&amp;data=01%7C01%7C%7C7b13152ca70b4015095f08d675574f7f%7C4a5378f929f44d3ebe89669d03ada9d8%7C1&amp;sdata=WpVAvyokKjpHQGRDkvOn2ss87WO8ZvoueC31BPY0YfI%3D&amp;reserved=0";,
> +                        summary => "Target user unknown or no
> permission to act on-behalf-of",
> + );
>   }
> - $on_behalf_of = $on_behalf_of->{on_behalf_of};
>
>
>
> On Mon, 2019-01-07 at 16:30 +0000, John Salter via Eprints-tech
> wrote:
> Hi Fran,
> It would depend on the CRIS system, and local policy: is knowing who
> the depositing author is from within EPrints important?
>
> You could create a 'CRIS' account - and all deposits would be made by
> this account (if the CRIS system allows this).
>
> I think both the Pure and the Symplectic connectors can do something
> similar to this - so it might be worth pursuing.
>
> If I get a chance I'll take a look at the module tonight.
> Would you be in a position to test a proposed update to the file this
> week?
>
> Cheers,
> John
> From: eprints-tech-bounces at ecs.soton.ac.uk [mailto:eprints-tech-bounc
> es at ecs.soton.ac.uk] On Behalf Of Fran Callaghan via Eprints-tech
> Sent: 07 January 2019 16:08
> To: eprints-tech at ecs.soton.ac.uk
> Subject: Re: [EP-tech] Error whilst depositing via SWORD
>
> Hi John,
>
> The depositing system is our CRIS. Would this make sense in so far as
> it would be making deposits "on behalf of" genuine researchers? Does
> the depositing system need to make this explicit in the first place?
> Can't it just deposit with a different author name?
>
> Thanks all,
>
> Fran Callaghan
>
>
> On Mon, 7 Jan 2019 at 15:38, John Salter <J.Salter at leeds.ac.uk>
> wrote:
> Hi Fran,
> Taking a quick look at the code, I think the issue is that in the
> CRUD module, there are a couple of instances where the 'sword_error'
> is called as a raw function , rather than an object method e.g.:
> Normal working:
> https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Feprints%2Feprints%2Fblob%2F3.3%2Fperl_lib%2FEPrints%2FApache%2FC&amp;data=01%7C01%7C%7C7b13152ca70b4015095f08d675574f7f%7C4a5378f929f44d3ebe89669d03ada9d8%7C1&amp;sdata=DkyZg7qletk1t0zc6ZGqmJ981oxzPfs9WJpYMOi0Kcg%3D&amp;reserved=0
> RUD.pm#L432-L436
>
> Function call in servicedocument function:
> https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Feprints%2Feprints%2Fblob%2F3.3%2Fperl_lib%2FEPrints%2FApache%2FC&amp;data=01%7C01%7C%7C7b13152ca70b4015095f08d675574f7f%7C4a5378f929f44d3ebe89669d03ada9d8%7C1&amp;sdata=DkyZg7qletk1t0zc6ZGqmJ981oxzPfs9WJpYMOi0Kcg%3D&amp;reserved=0
> RUD.pm#L1742-L1745
> and 'on_behalf_of' function:
> https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Feprints%2Feprints%2Fblob%2F3.3%2Fperl_lib%2FEPrints%2FApache%2FC&amp;data=01%7C01%7C%7C7b13152ca70b4015095f08d675574f7f%7C4a5378f929f44d3ebe89669d03ada9d8%7C1&amp;sdata=DkyZg7qletk1t0zc6ZGqmJ981oxzPfs9WJpYMOi0Kcg%3D&amp;reserved=0
> RUD.pm#L1838-L1862
>
> This issue will only become apparent when you're doing a SWORD
> deposit using the 'on-behalf-of' header.
> I think it may have been present for ~7 years, when the first line of
> the sword_error function was changed from
> my( $repo, $r, %opts ) = @_;
> to
> my( $self, %opts ) = @_;
>
> I think it's more than a 5-minute job to fix properly - I need to get
> into the code a bit more to understand what was changed - and how to
> resolve it.
>
> I'll log it in GitHub and let you know try and come up with a
> solution - unless anyone else fancies having a  go..?
>
> Cheers,
> John
>
>
> From: eprints-tech-bounces at ecs.soton.ac.uk [mailto:eprints-tech-bounc
> es at ecs.soton.ac.uk] On Behalf Of Fran Callaghan via Eprints-tech
> Sent: 07 January 2019 14:50
> To: eprints-tech at ecs.soton.ac.uk
> Subject: [EP-tech] Error whilst depositing via SWORD
>
> Hi All,
>
> We have a third party depositing via SWORD. They're getting a generic
> 500 message back but when I lookup the error_log corresponding to the
> time of the test I can see this message...
>
> [Mon Jan 07 13:46:18.179171 2019] [perl:error] [pid 10713] [client
> X.X.X.X] Can't locate object method "repository" via package
> "EPrints::Repository" at
> /opt/eprints3/perl_lib/EPrints/Apache/CRUD.pm line 1977.\n
>
> Any ideas what's wrong with CRUD.pm? Or is it a problem with the
> syntax of the deposit? I had expected SWORD to be pretty much plug
> and play (actually not even 'plug' since the documentation says it is
> configured by default).
>
> **NOTE: I have X'd out the client IP address, it's a genuine IP in
> the original message
>
> Thanks all,
> Fran Callaghan
>
>
> S?anadh R?omhphoist/Email Disclaimer
> T? an r?omhphost seo agus aon chomhad a sheoltar leis faoi r?n agus
> is lena ?s?id ag an seola? agus sin amh?in ?. Is f?idir tuilleadh a
> l?amh anseo.
> This e-mail and any files transmitted with it are confidential and
> are intended solely for use by the addressee. Read more here.
>
>
>
>
>
>
> S?anadh R?omhphoist/Email Disclaimer
> T? an r?omhphost seo agus aon chomhad a sheoltar leis faoi r?n agus
> is lena ?s?id ag an seola? agus sin amh?in ?. Is f?idir tuilleadh a
> l?amh anseo.
> This e-mail and any files transmitted with it are confidential and
> are intended solely for use by the addressee. Read more here.
>
>
>
>
>
> *** Options: http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-
> tech
> *** Archive: https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.eprints.org%2Ftech.php%2F&amp;data=01%7C01%7C%7C7b13152ca70b4015095f08d675574f7f%7C4a5378f929f44d3ebe89669d03ada9d8%7C1&amp;sdata=obV29mbfPZWRNcoOpVmU5kkMONeTxZ4%2BeLxcqYh3sac%3D&amp;reserved=0
> *** EPrints community wiki: https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwiki.eprints.org%2F&amp;data=01%7C01%7C%7C7b13152ca70b4015095f08d675574f7f%7C4a5378f929f44d3ebe89669d03ada9d8%7C1&amp;sdata=NZPfCh6nrKc%2F607ACxVCseA6YDHbKgSJo9RE9SckdAw%3D&amp;reserved=0
> *** EPrints developers Forum: https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fforum.eprints.org%2F&amp;data=01%7C01%7C%7C7b13152ca70b4015095f08d675574f7f%7C4a5378f929f44d3ebe89669d03ada9d8%7C1&amp;sdata=GxydCLLhzl03dvzWVQwYi%2F%2FqYYDZXm0%2F4nQ8lFjDSRg%3D&amp;reserved=0