[Dspace-devel] [DuraSpace JIRA] Commented: (DS-740) Allow media filter to set non-default permissions on derivative bitstreams
[ https://jira.duraspace.org/browse/DS-740?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=19592#action_19592 ] Mark H. Wood commented on DS-740: - So then each Bundle needs a model ACL to be inherited by bitstreams added to it, and the Collection needs a set of model ACLs tagged with bundle names to be inherited by new Bundles. Probably passed down from Collection to Item (so an Item could be adjusted to have nondefault default bundle ACLs, so to speak) to Bundle. Gah, it really should go all the way up to the Site. All this needs UI support. Allow media filter to set non-default permissions on derivative bitstreams -- Key: DS-740 URL: https://jira.duraspace.org/browse/DS-740 Project: DSpace Issue Type: New Feature Components: DSpace API Reporter: Stuart Lewis At present, derivative bitstreams created by filter-media all take on the authZ policies of their parent item. In some cases, such as locked images, the thumbnail could still be open. From a recent thread on dspace-tech. It seems as if this would make a useful feature if we can agree on a set of requirements: Hi George, Thanks for your reply. Do you have open access to any of your content or is it all restricted? We have a mix which makes running the filter-media etc scripts interesting. Ideally the solution would be to set permissions at a collection level for each of the types of bundles. The item permissions would then inherit from the collection, or override if policies are set on individual items.. I don't seem to be able to do that (1.5). For reference, heres the (cutdown) SQL. This will update all thumbnail bitstream policies and set them to anonymous. We only had to do it for one group though. If you want to update intermediates, change THUMBNAIL to BRANDED_PREVIEW. update resourcepolicy set epersongroup_id=0 where policy_id in ( select rp.policy_id from resourcepolicy rp, bundle2bitstream bb, bundle b where b.name='THUMBNAIL' and b.bundle_id=bb.bundle_id and bb.bitstream_id=rp.resource_id ); cheers, Steve On 04/11/2010, at 11:59 PM, George Stanley Kozak wrote: Steve: This is the way that thumbnails have worked for me at my site (we have been using DSpace since 2003). It can be frustrating. Your solution is interesting. I never thought about going into SQL to update the policies on the thumbnail bundles. I am not sure if there are any other solutions. George Kozak Digital Library Specialist Cornell University Library Information Technologies (CUL-IT) 501 Olin Library Cornell University Ithaca, NY 14853 607-255-8924 -Original Message- From: Steve Swinsburg [mailto:steve.swinsb...@gmail.com] Sent: Wednesday, November 03, 2010 9:39 PM To: dspace-t...@lists.sourceforge.net Subject: Re: [Dspace-tech] thumbnails restricted if main item is restricted We've fixed this up with some carefully crafted SQL to update the policies to the Anonymous group for the bitstreams in the thumbnail bundles, but it would be interesting to know if this is actually how things are meant to work, ie inherit the permissions from the parent item when generating the thumbnails. regards, Steve On 04/11/2010, at 10:53 AM, Steve Swinsburg wrote: Hi, We have a situation where some items in a collection are restricted, ie you need to login to access the full version. However we want the thumbnails and branded previews to still show up for the general public. When we run the thumbnail generator, it seems to inherit the permissions from the main bitstream, which means if the bitstream is protected, the thumbnail doesn't show up unless you are logged in and have the appropriate permission. Is this a common situation? We've inherited this instance so it might be a change made by people before us, but if anyone has addressed this, it would be great to hear from you. thanks, Steve -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://jira.duraspace.org/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira -- Enable your software for Intel(R) Active Management Technology to meet the growing manageability and security demands of your customers. Businesses are taking advantage of Intel(R) vPro (TM) technology - will your software be a part of the solution? Download the Intel(R) Manageability Checker today! http://p.sf.net/sfu/intel-dev2devmar ___ Dspace-devel mailing list Dspace-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-devel
[Dspace-devel] We need commitment on Services
There are several things going on here. o The dark side of greater modularity and Maven's magical behind-your-back dependency management is that we lose sight of some of the pieces. The Services Framework and core services have been In There for some time but we never notice them; DSpace is whatever you get when you check out svn/repo/dspace/trunk, plus some shadowy stuff that Maven takes care of (which now includes Services and will surely grow to encompass other parts of the product). o I don't believe there has ever been a completed call for consensus on Services. The developer community as a whole have not signed up to the notion that this is the way forward. Without a group commitment, inertia will rule and Services will languish. We've talked about it quite a lot but the talk has never advanced to a decision. We need to reach that decision and, assuming yes, mark the ConfigurationManager and PluginManager as @deprecated so we're constantly reminded, oh, yes, I should use the Whatsit Service now. If there are reservations then let's get them on the schedule and address them. We need to get beyond this point, one way or the other. -- Mark H. Wood, Lead System Programmer mw...@iupui.edu Asking whether markets are efficient is like asking whether people are smart. pgpOIn7PgZu79.pgp Description: PGP signature -- Create and publish websites with WebMatrix Use the most popular FREE web apps or write code yourself; WebMatrix provides all the features you need to develop and publish your website. http://p.sf.net/sfu/ms-webmatrix-sf ___ Dspace-devel mailing list Dspace-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-devel
[Dspace-devel] [DuraSpace JIRA] Updated: (DS-863) Still possible to register despite xmlui.user.registration set to false
[ https://jira.duraspace.org/browse/DS-863?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Kevin Van de Velde updated DS-863: -- Attachment: registration_disabled_bugfix.patch I created a possible fix for this issue. You can find it in the attached patch, each time the doRegister function is called upon in the flowscript an AuthorizeException will be thrown if the registration has been disabled. Still possible to register despite xmlui.user.registration set to false --- Key: DS-863 URL: https://jira.duraspace.org/browse/DS-863 Project: DSpace Issue Type: Bug Components: XMLUI Affects Versions: 1.7.1 Reporter: Samuel Ottenhoff Priority: Major Attachments: registration_disabled_bugfix.patch To replicate: 1) Set xmlui.user.registration=false in config/dspace.cfg 2) Restart Tomcat 3) Go to /register -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://jira.duraspace.org/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira -- Create and publish websites with WebMatrix Use the most popular FREE web apps or write code yourself; WebMatrix provides all the features you need to develop and publish your website. http://p.sf.net/sfu/ms-webmatrix-sf ___ Dspace-devel mailing list Dspace-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-devel
[Dspace-devel] [DuraSpace JIRA] Updated: (DS-864) Fix/cleanup code to ensure it is well documented
[ https://jira.duraspace.org/browse/DS-864?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Mark H. Wood updated DS-864: Documentation Status: (was: Needed) Status: Open (was: Received) Fix/cleanup code to ensure it is well documented Key: DS-864 URL: https://jira.duraspace.org/browse/DS-864 Project: DSpace Issue Type: Documentation Components: DSpace API, JSPUI, LNI, OAI-PMH, REST API (experimental), Solr, SWORD, XMLUI Reporter: Peter Dietz Fix For: 1.8.0 Some classes in DSpace code are undocumented, some have little documentation, and other sections have misleading documentation. This on occasion requires the programmer who is using a class as a client to Go To Source to find out how something is implemented so understand what it is expecting for valid input. There are other sections of code, particularly portions of code This ticket is a placeholder for improvements that improve the Javadoc comment blocks that are read by intelli-sense IDE's, or perhaps documenting areas of code frequented by user interface customizations. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://jira.duraspace.org/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira -- Create and publish websites with WebMatrix Use the most popular FREE web apps or write code yourself; WebMatrix provides all the features you need to develop and publish your website. http://p.sf.net/sfu/ms-webmatrix-sf ___ Dspace-devel mailing list Dspace-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-devel
Re: [Dspace-devel] We need commitment on Services
Mark W, Thanks for getting down to the heart of the issue/question. I agree completely, that we should officially vote on our commitment to DSpace Services, and officially mark all classes that will be replaced with @deprecated notes. I've added a note about this to today's DSpace Developer Meeting agenda. I cannot guarantee we'll get to it today (as we have a lot of topics already), but I'll make sure to carry it over to next week's agenda as necessary. https://wiki.duraspace.org/display/DSPACE/DevMtg+2011-03-30 Personally, I feel we should commit to Services Framework for all new code additions, and deprecating the older ways of doing things. However, I'd like to also hear any concerns others may have around going this route, and whether there are ways to alleviate those concerns. For instance, is there a way we can bring Services more into the light, rather than being in the shadows, as Mark W puts it. https://wiki.duraspace.org/display/DSDOC/DSpace+Services+Framework So, if anyone has concerns/questions to pose around the Services Framework, please feel free to do so in this email thread. To get this issue behind us, I'd like to call for an official 'vote' on deprecating older classes in very near future (likely in our meeting next week, April 6, if we can fit it in). So, I ask that we please try to discuss any concerns/questions via email, if possible. - Tim On 3/30/2011 9:03 AM, Mark H. Wood wrote: There are several things going on here. o The dark side of greater modularity and Maven's magical behind-your-back dependency management is that we lose sight of some of the pieces. The Services Framework and core services have been In There for some time but we never notice them; DSpace is whatever you get when you check out svn/repo/dspace/trunk, plus some shadowy stuff that Maven takes care of (which now includes Services and will surely grow to encompass other parts of the product). o I don't believe there has ever been a completed call for consensus on Services. The developer community as a whole have not signed up to the notion that this is the way forward. Without a group commitment, inertia will rule and Services will languish. We've talked about it quite a lot but the talk has never advanced to a decision. We need to reach that decision and, assuming yes, mark the ConfigurationManager and PluginManager as @deprecated so we're constantly reminded, oh, yes, I should use the Whatsit Service now. If there are reservations then let's get them on the schedule and address them. We need to get beyond this point, one way or the other. -- Create and publish websites with WebMatrix Use the most popular FREE web apps or write code yourself; WebMatrix provides all the features you need to develop and publish your website. http://p.sf.net/sfu/ms-webmatrix-sf ___ Dspace-devel mailing list Dspace-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-devel -- Create and publish websites with WebMatrix Use the most popular FREE web apps or write code yourself; WebMatrix provides all the features you need to develop and publish your website. http://p.sf.net/sfu/ms-webmatrix-sf ___ Dspace-devel mailing list Dspace-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-devel
[Dspace-devel] [DuraSpace JIRA] Updated: (DS-861) Salt PasswordAuthentication
[ https://jira.duraspace.org/browse/DS-861?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Mark H. Wood updated DS-861: Status: Open (was: Received) Salt PasswordAuthentication --- Key: DS-861 URL: https://jira.duraspace.org/browse/DS-861 Project: DSpace Issue Type: Improvement Components: DSpace API Affects Versions: 1.7.0 Reporter: Alex Lemann DSpace does not store and use salted hash passwords for local database based authentication (PasswordAuthentication). This constitutes a security risk in that given a database dump an attacker can more easily crack passwords using a rainbow table. For more information see the wikipedia article on salting password hashes: http://en.wikipedia.org/wiki/Salt_(cryptography) Possible Tasks: Create new configuration parameter for the salt value Automatically generate a securely random hash for new projects Document new configuration option install information Store salted hashes in passwords in DB Use salt for authentication -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://jira.duraspace.org/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira -- Create and publish websites with WebMatrix Use the most popular FREE web apps or write code yourself; WebMatrix provides all the features you need to develop and publish your website. http://p.sf.net/sfu/ms-webmatrix-sf ___ Dspace-devel mailing list Dspace-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-devel
