[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[EP-tech] permission for "manage records"
CAUTION: This e-mail originated outside the University of Southampton.
Hi John and David,
Thank you, John! Yes, I confirm that adding "+datasets" worked. The "Manage Records" menu item showed up, and only the datasets for which the user has permissions shows up in the menu too. Nice work!
That page about permissions is very useful indeed, David, thank you for creating it. I also concur that I seem to have a difficult time finding it when I need it, for some reason, so adding some more cross-links to it would be good. I think it's probably because I search for "permissions" but the page is titled as "roles and "privileges", but not permissions?
Best wishes!
Tomasz
________________________________________________
Tomasz Neugebauer
Senior Librarian | Biblioth?caire titulaire
Digital Projects & Systems Development Librarian / Biblioth?caire des Projets Num?riques & D?veloppement de Syst?mes
Concordia University / Universit? Concordia
Tel. / T?l. 514-848-2424 ext. / poste 7738
Email / courriel: tomasz.neugebauer at concordia.ca<mailto:tomasz.neugebauer at concordia.ca>
Mailing address / adresse postale: 1455 De Maisonneuve Blvd. W., LB-540-03, Montreal, Quebec H3G 1M8
Street address / adresse municipale: 1400 De Maisonneuve Blvd. W., LB-540-03, Montreal, Quebec H3G 1M8
library.concordia.ca
________________________________
From: John Salter <J.Salter at leeds.ac.uk>
Sent: Wednesday, December 14, 2022 1:12 AM
To: Tomasz Neugebauer <Tomasz.Neugebauer at concordia.ca>; eprints-tech at ecs.soton.ac.uk <eprints-tech at ecs.soton.ac.uk>
Subject: Re: permission for "manage records"
Attention This email originates from outside the concordia.ca domain. // Ce courriel provient de l'ext?rieur du domaine de concordia.ca
If you give them '+datasets' as well as '+archivematica/view', I think they should get the link to that screen too.
________________________________
From: Tomasz Neugebauer <Tomasz.Neugebauer at concordia.ca>
Sent: 13 December 2022 22:47
To: John Salter <J.Salter at leeds.ac.uk>; eprints-tech at ecs.soton.ac.uk <eprints-tech at ecs.soton.ac.uk>
Subject: Re: permission for "manage records"
Hi John,
Thank you, yes, I was able to figure it out by looking at the code.
The solution was to add the following:
+DATASET_NAME/view
So in my case, since I wanted to grant access to view the listing of Archivematica dataset, it was:
+archivematica/view
The "Manage Records" link did not show up in the menu for the user, but knowing the link, the user gained access to the listing, so that solved my issue.
Tomasz
________________________________
From: John Salter <J.Salter at leeds.ac.uk>
Sent: Tuesday, December 13, 2022 1:30 PM
To: Tomasz Neugebauer <Tomasz.Neugebauer at concordia.ca>; eprints-tech at ecs.soton.ac.uk <eprints-tech at ecs.soton.ac.uk>
Subject: RE: permission for "manage records"
Attention This email originates from outside the concordia.ca domain. // Ce courriel provient de l'ext?rieur du domaine de concordia.ca
Hi Tomasz,
I think the screen you mean is EPrints::Plugin::Screen::DataSets*.
In that case, there is the 'datasets' permission:
https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Feprints%2Feprints3.4%2Fblob%2F00cf55a8de6193528ee50b55dd9db04b36245b78%2Fperl_lib%2FEPrints%2FPlugin%2FScreen%2FDataSets.pm%23L34&data=05%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C33004847c4664c1efa9c08daddf28c71%7C4a5378f929f44d3ebe89669d03ada9d8%7C0%7C0%7C638066331057246930%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=CXIeUr5y6Pb806RwLOvcOkKk2wm9XATFk9thaN5qkYI%3D&reserved=0<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Feprints%2Feprints3.4%2Fblob%2F00cf55a8de6193528ee50b55dd9db04b36245b78%2Fperl_lib%2FEPrints%2FPlugin%2FScreen%2FDataSets.pm%23L34&data=05%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C33004847c4664c1efa9c08daddf28c71%7C4a5378f929f44d3ebe89669d03ada9d8%7C0%7C0%7C638066331057246930%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=CXIeUr5y6Pb806RwLOvcOkKk2wm9XATFk9thaN5qkYI%3D&reserved=0>
This is included in the 'editor' role by default:
https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Feprints%2Feprints3.4%2Fblob%2F00cf55a8de6193528ee50b55dd9db04b36245b78%2Fperl_lib%2FEPrints%2FDataObj%2FUser.pm%23L390&data=05%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C33004847c4664c1efa9c08daddf28c71%7C4a5378f929f44d3ebe89669d03ada9d8%7C0%7C0%7C638066331057246930%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=Fjcvm60W6dCCG1BoQTkeDlkNAE8Fuxm82lXfHuKQAvA%3D&reserved=0<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Feprints%2Feprints3.4%2Fblob%2F00cf55a8de6193528ee50b55dd9db04b36245b78%2Fperl_lib%2FEPrints%2FDataObj%2FUser.pm%23L390&data=05%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C33004847c4664c1efa9c08daddf28c71%7C4a5378f929f44d3ebe89669d03ada9d8%7C0%7C0%7C638066331057246930%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=Fjcvm60W6dCCG1BoQTkeDlkNAE8Fuxm82lXfHuKQAvA%3D&reserved=0>
The DataSets screen checks to see if the logged-in user has the rights to view the various datasets:
https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Feprints%2Feprints3.4%2Fblob%2F00cf55a8de6193528ee50b55dd9db04b36245b78%2Fperl_lib%2FEPrints%2FPlugin%2FScreen%2FDataSets.pm%23L73-L97&data=05%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C33004847c4664c1efa9c08daddf28c71%7C4a5378f929f44d3ebe89669d03ada9d8%7C0%7C0%7C638066331057246930%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=9OYKGDPdlcpcptAg4JzeyqLUHWLNwOVJmBu20682j3A%3D&reserved=0<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Feprints%2Feprints3.4%2Fblob%2F00cf55a8de6193528ee50b55dd9db04b36245b78%2Fperl_lib%2FEPrints%2FPlugin%2FScreen%2FDataSets.pm%23L73-L97&data=05%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C33004847c4664c1efa9c08daddf28c71%7C4a5378f929f44d3ebe89669d03ada9d8%7C0%7C0%7C638066331057246930%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=9OYKGDPdlcpcptAg4JzeyqLUHWLNwOVJmBu20682j3A%3D&reserved=0>
So you might want to give (or take away) some of those e.g. '-user/view'
Does that help a bit more?
Cheers,
John
* grep -r 'Manage records' lib/lang/
lib/lang/en/phrases/system.xml: <epp:phrase id="Plugin/Screen/DataSets:title">Manage records</epp:phrase>
From: Tomasz Neugebauer [mailto:Tomasz.Neugebauer at concordia.ca]
Sent: 13 December 2022 18:07
To: John Salter <J.Salter at leeds.ac.uk>; eprints-tech at ecs.soton.ac.uk
Subject: Re: permission for "manage records"
Hi John,
Yes, thank you, I was hoping I can do this in this way, but I don't see which actual permission I would need to add for the ability to "Manage Records"?
Tomasz
________________________________
From: John Salter <J.Salter at leeds.ac.uk<mailto:J.Salter at leeds.ac.uk>>
Sent: Tuesday, December 13, 2022 12:33 PM
To: eprints-tech at ecs.soton.ac.uk<mailto:eprints-tech at ecs.soton.ac.uk> <eprints-tech at ecs.soton.ac.uk<mailto:eprints-tech at ecs.soton.ac.uk>>; Tomasz Neugebauer <Tomasz.Neugebauer at concordia.ca<mailto:Tomasz.Neugebauer at concordia.ca>>
Subject: RE: permission for "manage records"
Attention This email originates from outside the concordia.ca domain. // Ce courriel provient de l'ext?rieur du domaine de concordia.ca
Hi Tomasz,
Not sure if this is the sort of thing you're looking for?
It defines a new user type (research_office) who can look at things in review (the 'staff-view' and 'editor' roles), but removes certain abilities from those roles.
If you want to apply this to one individual user, you can add the specific '+eprint/buffer/view:editor' privileges to their profile.
The '+' allows them to do something; the '-' prevents them doing something.
$c->{user_roles}->{'research_office'} = [qw{
general
edit-own-record
saved-searches
set-password
change-email
staff-view
editor
+eprint/buffer/view:editor
+eprint/buffer/move_inbox:editor
-eprint/buffer/move_archive:editor
-eprint/buffer/edit:editor
-eprint/buffer/remove:editor
-eprint/buffer/move_dark_archive:editor
-eprint/buffer/remove_with_email:editor
}];
Cheers,
John
From: eprints-tech-bounces at ecs.soton.ac.uk<mailto:eprints-tech-bounces at ecs.soton.ac.uk> [mailto:eprints-tech-bounces at ecs.soton.ac.uk] On Behalf Of Tomasz Neugebauer via Eprints-tech
Sent: 13 December 2022 17:05
To: eprints-tech at ecs.soton.ac.uk<mailto:eprints-tech at ecs.soton.ac.uk>
Subject: [EP-tech] permission for "manage records"
CAUTION: This e-mail originated outside the University of Southampton.
Is there a specific permission I could add to a user account so that they can view records through the "Manage Records" interface? Is there a way to give this permission without giving them full administrator access?
Tomasz
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ecs.soton.ac.uk/pipermail/eprints-tech/attachments/20221214/3af4d86e/attachment-0001.html