In data mercoledì, 22 agosto 2012 15.54:21, Alexander Wagner ha scritto:
> > Unfortunately :-)
>
> ?
Was a leftover. I meant, unfortunately, with that patch things become more
complex as we have introduced a new degree of freedom :-)
> So, if I understand it correctly, I would have to restrict C such that
> "guest" have access (sort of a restriction but not hard to meet). Then
> the bibliographic records are viewable by guests even though they are
> furthermore part of A and B.
Good point yes. In that case though it's like A and B are not restricted at
all. And to allow to guest, just have a role with firewall definition "allow
any".
> But(!) then I again need to restrict the docs as mentioned above to be
> viewable for A and B only (e.g. if there is a legal restriction on them)
> or otherwise they'd be open to world.
Yes. Mmh to my undestanding of your complex situation, I believe in the end,
if what you need is only to restrict download off fulltext (but not the
metadata), is to relay on FFT$r and set there a firerole rule dynamically
generated based on all the complex rules you described...
> I fear this is a bit over simplified, but actually what we try to do. ;)
Sure... over simplified... I see... :-)
Cheers!
Sam
--
Samuele Kaplun
Invenio Developer ** <http://invenio-software.org/>
