[
https://jira.duraspace.org/browse/DS-1193?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=26251#comment-26251
]
Tim Donohue commented on DS-1193:
---------------------------------
Ivan, can you create a sub-task / ticket for Problem A)?
We should make sure that this change is logged into the DSpace 3.0
History/Changes, and in order to do that we need to have a ticket that
describes what was added in Pull #74, so we can close that ticket & mark it as
having been fixed in 3.0.
As it is, this DS-1193 ticket is describing two tasks, one of which is fixed
and one of which is not. It should be split into two tickets.
- Tim
> display bitstream read access permissions on item page
> ------------------------------------------------------
>
> Key: DS-1193
> URL: https://jira.duraspace.org/browse/DS-1193
> Project: DSpace
> Issue Type: Improvement
> Components: XMLUI
> Reporter: Ivan Masár
> Assignee: Ivan Masár
> Labels: has-pull-request
> Fix For: 3.0
>
> Attachments: DS-1193-A.png
>
>
> This is an issue to track problems related with displaying accessibility of a
> bitstream on the item page. This is for XMLUI only. JSPUI would benefit from
> the same functionality, but the code would be disjunct, so I'll leave that
> for separate issue.
> Currently, there is no indication on the item page which users have
> permissions to access a bitstream or whether the current user can access a
> bitstream. The user has to try to access it, which will either download the
> bitstream if he has read rights or display an information that he doesn't
> have the permission along with a login form.
> Problem A)
> Currently, the information about access permissions is accessible by adding
> "?rightsMDTypes=METSRIGHTS" to the item's METS URL, which will embed
> permission information from METSRightsCrosswalk to METS. E.g.:
> http://demo.dspace.org/xmlui/metadata/handle/10673/3/mets.xml?rightsMDTypes=METSRIGHTS
> It was pointed out that this might be an unintended feature. For the full
> conversation, see the "bitstream access rights in DRI?" thread:
> http://www.mail-archive.com/[email protected]/msg17312.html
> I suggest that access to this information should be accessible to the XMLUI
> themes, so it should be accessible from localhost and this could possibly be
> configurable to allow access from other hosts, for example for debugging
> reasons. So we could have something like:
> crosswalk.dissemination.METSRightsCrosswalk.accessible-from = 127.0.0.1,
> 1.2.3.4/24
> Can anyone give any pointers how to implement this kind of access restriction?
> I'd hate to see this implemented as an aspect. Like Tim pointed out, this
> information is a very powerful tool for theme developers and I already have
> other uses for it in mind (namely various implementations of DS-1021). So it
> should be accessible from XSLT.
> Problem B)
> Sorting out problem A gives us access to information for all users, so we can
> display the access rights. But it would be useful to display, whether
> bitstream is accessible for _current user_. We currently don't have
> information about current user's group membership in DRI. Including it in DRI
> would of course also be useful for other things.
> This information is provided by the
> org.dspace.app.xmlui.aspect.eperson.EditProfile, currently only for the
> profile page (look at id="aspect.eperson.EditProfile.list.memberships" a the
> /DRI/profile URL while logged in). I suggest to add this information to
> userMeta for all pages.
> UPDATE: Filed a separate issue for "restrict access to access permissions in
> mets.xml" - DS-1258
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Dspace-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/dspace-devel
