| ID |
Date |
Icon |
Author |
Author Email |
Category |
OS |
ELOG Version |
Subject |
|
65878
|
Mon May 12 10:16:21 2008 |
 | Grant Jeffcote | grant@jeffcote.org | Question | | 2.7.3-1024 | Access Control | Hi Stefan,
We have a configuration where different sites have their own logbooks all under the same server, these are accessed by relevant parties as you might expect by selecting the appropriate tab at the top of the page.
Everyone has visibility of everyone elses logbook as a guest but we have purposely limited the 'Guest' users view (hiding the text portion etc) for various reasons.
We would now like to allow certain parties to view certain logbooks in their entirety but with a 'Read Only' view, I see this can be done but only using a common password. (Read password = <encoded password>)
At present we can give others a full view by adding them to the 'Users' list for each individual logbook, this unfortunately also gives them 'write' access. Also if they click on the tab for a logbook that they are not a 'User' for they are logged out of their existing logbook forcing them to have to log back on. If they are designated in a 'Read Only' viewers list for that logbook then their existing password would presumably be read from the global password file and they wouldn't be logged out?
I would like to be able to implement a 'Read' access view for some parties but not have a common password (use the password file?) and not force the other party to re-logon to view the other logbook.
Something like the ability to add a "Read user = <user list>" in each logbook as can be done with 'Login User' and 'Admin User' at present would be great.
Could you let me know if this is feasible please?
Many thanks in advance. |
|
65879
|
Tue May 13 16:58:40 2008 |
 | Yoshio Imai | | Question | | 2.7.3-1024 | Re: Access Control |
| Grant Jeffcote wrote: | | At present we can give others a full view by adding them to the 'Users' list for each individual logbook, this unfortunately also gives them 'write' access. |
I think the solution to your problem would be to use Deny statements in the configuration sections for the logbooks.
Assume user1, user2 and user3 are in the "owners'" group of logbook1, and user4 and user5 only have "privileged read" access. Then a configuration as follows might help:
Login user = user1, user2, user3, user4, user5
Deny New = user4, user5
Deny Reply = user4, user5
Deny Duplicate = user4, user5
Deny Edit = user4, user5
Deny Delete = user4, user5
Deny Select = user4, user5
Deny CSV Import = user4, user5
This should give them the same read permissions as the logbook owners but should deny any writing operations. I recognize that this is a little bit of admin work if the lists of such "privileged readers" gets long, but each user would have his/her individual password (even the same as for access to his/her "own" logbook).
Perhaps you can give it a try. |
|
65880
|
Tue May 13 21:56:30 2008 |
| Grant Jeffcote | grant@jeffcote.org | Question | | 2.7.3-1024 | Re: Access Control |
| Yoshio Imai wrote: |
| Grant Jeffcote wrote: | | At present we can give others a full view by adding them to the 'Users' list for each individual logbook, this unfortunately also gives them 'write' access. |
I think the solution to your problem would be to use Deny statements in the configuration sections for the logbooks.
Assume user1, user2 and user3 are in the "owners'" group of logbook1, and user4 and user5 only have "privileged read" access. Then a configuration as follows might help:
Login user = user1, user2, user3, user4, user5
Deny New = user4, user5
Deny Reply = user4, user5
Deny Duplicate = user4, user5
Deny Edit = user4, user5
Deny Delete = user4, user5
Deny Select = user4, user5
Deny CSV Import = user4, user5
This should give them the same read permissions as the logbook owners but should deny any writing operations. I recognize that this is a little bit of admin work if the lists of such "privileged readers" gets long, but each user would have his/her individual password (even the same as for access to his/her "own" logbook).
Perhaps you can give it a try. |
What a great solution, thanks Yoshio, it works a treat. |
|
65882
|
Thu May 15 17:45:44 2008 |
| Grant Jeffcote | grant@jeffcote.org | Question | | 2.7.3-1024 | Re: Access Control |
| Grant Jeffcote wrote: |
| Yoshio Imai wrote: |
| Grant Jeffcote wrote: | | At present we can give others a full view by adding them to the 'Users' list for each individual logbook, this unfortunately also gives them 'write' access. |
I think the solution to your problem would be to use Deny statements in the configuration sections for the logbooks.
Assume user1, user2 and user3 are in the "owners'" group of logbook1, and user4 and user5 only have "privileged read" access. Then a configuration as follows might help:
Login user = user1, user2, user3, user4, user5
Deny New = user4, user5
Deny Reply = user4, user5
Deny Duplicate = user4, user5
Deny Edit = user4, user5
Deny Delete = user4, user5
Deny Select = user4, user5
Deny CSV Import = user4, user5
This should give them the same read permissions as the logbook owners but should deny any writing operations. I recognize that this is a little bit of admin work if the lists of such "privileged readers" gets long, but each user would have his/her individual password (even the same as for access to his/her "own" logbook).
Perhaps you can give it a try. |
What a great solution, thanks Yoshio, it works a treat. |
Is there any way to give a logged in user a 'Guest' view on certain logbooks?
Unfortunately at the moment if they are not in the 'login users = ' group they are automatically logged out and have to re-log back into their own logbook. |
|
65883
|
Thu May 15 18:36:55 2008 |
 | Devin Bougie | dab66@cornell.edu | Bug report | | | reset password link when using proxy | For heightened security, we allow access to our ELOG installation from offsite through an apache proxy. Therefore, the URL for our ELOG becomes http://www.lepp.cornell.edu/proxy/elog/ . Everything seems to work properly with this setup except for the "reset password" utility. When trying to reset ones password, the link sent in the "Password recovery" email becomes, for example:
http://www.lepp.cornell.edu/proxy/elog/ERL+W128/?redir=%3Fcmd%3DChange+password...
When using this link, the redirect redirects you to:
http://www.lepp.cornell.edu/ERL+W128/?cmd=Change%20password...
Which does not work. Instead, the redirect should point to:
http://www.lepp.cornell.edu/proxy/elog/ERL+W128/?cmd=Change%20password...
Any suggestions or workarounds would be greatly appreciated.
Many thanks,
Devin
|
|
65884
|
Thu May 15 19:57:23 2008 |
| Dennis Seitz | dseitz@cosmology.berkeley.edu | Question | | | Is there a way to indicate when an entry has been edited? | You've probably seen my other posts on this subject.
I want to be able to re-edit some entries but I need some way to know the dates entries were re-edited.
Am I just approaching this the wrong way? Should I disable re-editing of entries and use threads to follow changes by posting replies to an entry?
The only problem with that is that if I make a mistake I will have to submit a new entry to fix it.
Thank you for your advice. |
|
65886
|
Mon May 19 06:14:04 2008 |
| Grant Jeffcote | grant@jeffcote.org | Question | | 2.7.3-2104 | Conditional Attributes Boolean? | Hi Stefan,
After searching the manual and not finding (missing?) the answer is it possible to add conditional statements to a Boolean attribute? I would like a tick box to be able to trigger an event when submitted.
Many thx |
|
65890
|
Fri May 23 20:56:43 2008 |
| Bruno Serfass | serfass@berkeley.edu | Question | | | "preview attachement" flag not working on thumbnails ? | Hi,
I would like to turn off the display of attachements when editing an entry in some of our logbooks that contains big file.
So I did set the flag "preview attachements" to 0. It seems to work fine on text file attachment but
the thumbnails for PDF and images (very nice feature by the way!...) are still there...
How can I avoid displaying the thumbnails in the edit mode? This is very important when the attached file is big because
it almost makes it impossible to edit..
Thanks for your feedback!
Bruno |
|