Dear Hraban, In data lunedì 27 gennaio 2014 12:23:40, Henning Hraban Ramm ha scritto: > is there any documentation on access permissions? I couldn’t find anything > helpful.
The official documentation is available in every installation of Invenio: <http://invenio-demo.cern.ch/help/admin/webaccess-admin-guide> > I’d like to know > - how to check for permissions within web templates (show some parts only to > some groups/roles) That's often not possible. In current Invenio master, templates are typically implemented in a way that minimize the business logic, and therefore they always receive the minimal amount of parameters: most of the time this means that the "req" object (containing all the information about the current HTTP request) or the "user_info" dictionary (containing all the details of the current user are not passed. If you are lucky and the templates at hand actually has the req or user_info dictionary what you can do is: [...] ## if you want to use regular RBAC model or you can use: from invenio.access_control_engine import acc_authorize_action auth_code, auth_message = acc_authorize_action(req (or user_info), action, **args) ## if you want to just check membership to a role from invenio.webuser import collect_user_info from invenio.access_control_admin import acc_is_user_in_role, acc_get_role_id ## the following is necessary if you had only req and not user_info user_info = collect_user_info(req) if acc_is_user_in_role(user_info, acc_get_role_id(role_name)): [...] [...] If the template does not receive any req or user_info object you will have to patch the code that calls the given template (typically some method in a _webinterface.py file) in order to pass them. Feel free to contribute such a patch for integration. >- how to restrict access to full records and especially > „fulltext“ (i.e. downloads) to logged in users (or some groups/roles) Restriction in Invenio are at the level of a whole collection (through the "viewrestcoll" WebAccess action) or at the level of the single document (meaning a BibDoc, i.e. all the given formats and revision of the same document), through the "viewrestrdoc" action. More on this at: <http://invenio-demo.cern.ch/help/admin/bibupload-admin-guide#3.6> See the section about FFT $r > A tutorial about how to create/configure users, roles and permissions would > be really nice: What can/must I do in WebAccess Admin, what can I do in > text files or with cli scripts. Indeed such a documentation is currently missing... Hope these links help! Best regards, Samuele -- Samuele Kaplun Invenio Developer ** <http://invenio-software.org/> INSPIRE Service Manager ** <http://inspirehep.net/>
