| ID |
Date |
Icon |
Author |
Author Email |
Category |
OS |
ELOG Version |
Subject |
|
65879
|
Tue May 13 16:58:40 2008 |
 | Yoshio Imai | | Question | | 2.7.3-1024 | Re: Access Control |
| Grant Jeffcote wrote: | | At present we can give others a full view by adding them to the 'Users' list for each individual logbook, this unfortunately also gives them 'write' access. |
I think the solution to your problem would be to use Deny statements in the configuration sections for the logbooks.
Assume user1, user2 and user3 are in the "owners'" group of logbook1, and user4 and user5 only have "privileged read" access. Then a configuration as follows might help:
Login user = user1, user2, user3, user4, user5
Deny New = user4, user5
Deny Reply = user4, user5
Deny Duplicate = user4, user5
Deny Edit = user4, user5
Deny Delete = user4, user5
Deny Select = user4, user5
Deny CSV Import = user4, user5
This should give them the same read permissions as the logbook owners but should deny any writing operations. I recognize that this is a little bit of admin work if the lists of such "privileged readers" gets long, but each user would have his/her individual password (even the same as for access to his/her "own" logbook).
Perhaps you can give it a try. |
|
65880
|
Tue May 13 21:56:30 2008 |
| Grant Jeffcote | grant@jeffcote.org | Question | | 2.7.3-1024 | Re: Access Control |
| Yoshio Imai wrote: |
| Grant Jeffcote wrote: | | At present we can give others a full view by adding them to the 'Users' list for each individual logbook, this unfortunately also gives them 'write' access. |
I think the solution to your problem would be to use Deny statements in the configuration sections for the logbooks.
Assume user1, user2 and user3 are in the "owners'" group of logbook1, and user4 and user5 only have "privileged read" access. Then a configuration as follows might help:
Login user = user1, user2, user3, user4, user5
Deny New = user4, user5
Deny Reply = user4, user5
Deny Duplicate = user4, user5
Deny Edit = user4, user5
Deny Delete = user4, user5
Deny Select = user4, user5
Deny CSV Import = user4, user5
This should give them the same read permissions as the logbook owners but should deny any writing operations. I recognize that this is a little bit of admin work if the lists of such "privileged readers" gets long, but each user would have his/her individual password (even the same as for access to his/her "own" logbook).
Perhaps you can give it a try. |
What a great solution, thanks Yoshio, it works a treat. |
|
65882
|
Thu May 15 17:45:44 2008 |
| Grant Jeffcote | grant@jeffcote.org | Question | | 2.7.3-1024 | Re: Access Control |
| Grant Jeffcote wrote: |
| Yoshio Imai wrote: |
| Grant Jeffcote wrote: | | At present we can give others a full view by adding them to the 'Users' list for each individual logbook, this unfortunately also gives them 'write' access. |
I think the solution to your problem would be to use Deny statements in the configuration sections for the logbooks.
Assume user1, user2 and user3 are in the "owners'" group of logbook1, and user4 and user5 only have "privileged read" access. Then a configuration as follows might help:
Login user = user1, user2, user3, user4, user5
Deny New = user4, user5
Deny Reply = user4, user5
Deny Duplicate = user4, user5
Deny Edit = user4, user5
Deny Delete = user4, user5
Deny Select = user4, user5
Deny CSV Import = user4, user5
This should give them the same read permissions as the logbook owners but should deny any writing operations. I recognize that this is a little bit of admin work if the lists of such "privileged readers" gets long, but each user would have his/her individual password (even the same as for access to his/her "own" logbook).
Perhaps you can give it a try. |
What a great solution, thanks Yoshio, it works a treat. |
Is there any way to give a logged in user a 'Guest' view on certain logbooks?
Unfortunately at the moment if they are not in the 'login users = ' group they are automatically logged out and have to re-log back into their own logbook. |
|
66312
|
Tue Apr 14 20:00:08 2009 |
| Hal Proctor | hproctor@mpm.com | Question | Windows | 2.7.3-1024 | Re: Access Control |
| Grant Jeffcote wrote: |
| Grant Jeffcote wrote: |
| Yoshio Imai wrote: |
| Grant Jeffcote wrote: | | At present we can give others a full view by adding them to the 'Users' list for each individual logbook, this unfortunately also gives them 'write' access. |
I think the solution to your problem would be to use Deny statements in the configuration sections for the logbooks.
Assume user1, user2 and user3 are in the "owners'" group of logbook1, and user4 and user5 only have "privileged read" access. Then a configuration as follows might help:
Login user = user1, user2, user3, user4, user5
Deny New = user4, user5
Deny Reply = user4, user5
Deny Duplicate = user4, user5
Deny Edit = user4, user5
Deny Delete = user4, user5
Deny Select = user4, user5
Deny CSV Import = user4, user5
This should give them the same read permissions as the logbook owners but should deny any writing operations. I recognize that this is a little bit of admin work if the lists of such "privileged readers" gets long, but each user would have his/her individual password (even the same as for access to his/her "own" logbook).
Perhaps you can give it a try. |
What a great solution, thanks Yoshio, it works a treat. |
Is there any way to give a logged in user a 'Guest' view on certain logbooks?
Unfortunately at the moment if they are not in the 'login users = ' group they are automatically logged out and have to re-log back into their own logbook. |
I have this same issue. People come and go from one logbook to the other but I still want them to maintain logged in status to the logbook they have rights to. |
|
65728
|
Mon Feb 11 17:28:33 2008 |
| Stefan Ritt | stefan.ritt@psi.ch | Bug report | All | 2.7.2-2 | Re: Absolut links for images in FCK Editor |
| Jochen Krempel wrote: |
|
We use ELOG inside a local network, but we want to allow access also from outside the firewall.
The suggested solution from Elog Admin Guide worked fine until version ELOG V2.6.5-1844 (essentially without FCK Editor):
ssh -L 1234:your.server.name:8080 your.firewall.name
firefox http://localhost:1234/
Howerver, since the update to ELOG V2.7.1-2002 the FCK Editor uses absolute links to insert images.
An image uploaded from the local network will have an address like:
http://your.server.name:8080/logbookname/080207_101110/Picture.jpg
while the same image uploaded through the firewall tunnel will have a link like:
http://localhost:1234/logbookname/080207_101110/Picture.jpg
Obviously images uploaded from outside are not visible from inside and vice versa.
Is it possible to convince FCK Editor to use relative links?
PS
ELOG is great!!
|
I fixed this in SVN revision #2038. |
|
65739
|
Tue Feb 12 23:57:52 2008 |
| Jochen Krempel | krempel@ill.fr | Comment | All | 2.7.2-2 | Re: Absolut links for images in FCK Editor |
| Stefan Ritt wrote: |
|
| Jochen Krempel wrote: |
|
We use ELOG inside a local network, but we want to allow access also from outside the firewall.
The suggested solution from Elog Admin Guide worked fine until version ELOG V2.6.5-1844 (essentially without FCK Editor):
ssh -L 1234:your.server.name:8080 your.firewall.name
firefox http://localhost:1234/
Howerver, since the update to ELOG V2.7.1-2002 the FCK Editor uses absolute links to insert images.
An image uploaded from the local network will have an address like:
http://your.server.name:8080/logbookname/080207_101110/Picture.jpg
while the same image uploaded through the firewall tunnel will have a link like:
http://localhost:1234/logbookname/080207_101110/Picture.jpg
Obviously images uploaded from outside are not visible from inside and vice versa.
Is it possible to convince FCK Editor to use relative links?
PS
ELOG is great!!
|
I fixed this in SVN revision #2038.
|
Thank you for the quick support! |
|
2137
|
Fri Feb 16 17:01:45 2007 |
| Stefan Ritt | stefan.ritt@psi.ch | Question | Linux | Windows | V2.6.3-177 | Re: About Extendable |
| bob wrote: | Hi,
I have a problem and I do not understand why
my config is
"
{tdl} Show Attributes = De, He, Auteur, Ten, TDL
{tdl} Options TDL = de, fr, gt
{tdl} Extendable Options = TDL
"
I play with {tdl}, i add TDL (toto),
and after that, i open my config:
"{tdl} Show Attributes = De, He, Auteur, Ten, TDL
{tdl} Options TDL = de, fr, gt, toto, toto
{tdl} Extendable Options = TDL
"
And my preview is wrong !!
why 2 * toto thus?
thanks a lot
Bob |
I tried it myself and did not get two "toto"'s. Maybe you hit "Submit" twice or so? One thing I would recommend however is not to name an attribute "TDL" and a condition {tdl} the same. And also make sure you have the newest version of elog. I remember there was once a problem with the "Preview" button adding extended attributes more than once. |
|
1268
|
Thu Jul 14 17:29:42 2005 |
| Stefan Ritt | stefan.ritt@psi.ch | Comment | All | | Re: A new ELOG user wants to register on "127.0.0.1" |
| Emiliano Gabrielli wrote: | A new ELOG user wants to register on "127.0.0.1"
the scenario is:
- elog on localhost
- stunnel on the external interface
I dont want elog to listen on external interface, so.. why do not use the URL cfg attribute for this issue ? |
You can specify the interface to liste on with the "-n <interface>" parameter of elogd. |
|