Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

documents: improve files permissions #329

Merged
merged 1 commit into from
Nov 12, 2020
Merged

documents: improve files permissions #329

merged 1 commit into from
Nov 12, 2020

Conversation

sebdeleze
Copy link
Contributor

@sebdeleze sebdeleze commented Oct 2, 2020
edited
Loading

This PR improves files permissions to match what is currently implemented in RERO DOC.

  • Installs netaddr library to check if an IP is in a specific range.
  • Adds a function to check if an IP is in a list of ranges.
  • Refactors get_file_restriction function, to apply the right rules for adding restriction to file.
  • Refactors command for importing permissions from RERO DOC.
  • Adds a new property access in files metadata in order to specify the access type and modify restricted property to be more explicit.
  • Adds a new property allowedIps to organisation JSON schema, to store allowed IPs for the organisation.
  • Adds a new property allowedIps to organisation elasticsearch mapping.
  • Serializes allowedIps to get this property in API calls.
  • Displays embargo date only if file is not restricted.
  • Closes Check files permissions #328.

Co-Authored-by: Sébastien Délèze sebastien.deleze@rero.ch

@sebdeleze sebdeleze marked this pull request as ready for review October 2, 2020 13:01
@pronguen
Copy link
Contributor

  • For the field "restricted" in the file management, I would put these two labels "Access only from the organisation's IP addresses", "No access". The code can be anything.
  • The field "restricted" should not be displayed if I choose for "access=c_abf2" (open access). In general, the fields "access" and "restricted" are difficult to understand. Ideally we would have only one list with subfields that appear according to the chosen option. Suggestion (see if it is easily feasible):
    • open access
    • open access with embargo
      • embargo date
      • toggle "Access only from the organisation's IP addresses"
    • no access
      • toggle "Access only from the organisation's IP addresses"
  • I put my RERO IP address in the organisation (153.109.157.100) and uploaded a file with "restricted=outside_organisation". But I cannot access the file. It is this document.

@sebdeleze sebdeleze mentioned this pull request Oct 28, 2020
Merged
@sebdeleze
Copy link
Contributor Author

sebdeleze commented Nov 6, 2020
edited by pronguen
Loading

  • For the field "restricted" in the file management, I would put these two labels "Access only from the organisation's IP addresses", "No access". The code can be anything.

  • The field "restricted" should not be displayed if I choose for "access=c_abf2" (open access). In general, the fields "access" and "restricted" are difficult to understand. Ideally we would have only one list with subfields that appear according to the chosen option. Suggestion (see if it is easily feasible):

    • open access

    • open access with embargo

      • embargo date
      • toggle "Access only from the organisation's IP addresses"

    • no access

      • toggle "Access only from the organisation's IP addresses"

Done
Nico: The new structure is good! The toggle should be rather "Access allowed from the organisation's IP addresses" (sorry for the wrong proposal 😬 )

  • I put my RERO IP address in the organisation (153.109.157.100) and uploaded a file with "restricted=outside_organisation". But I cannot access the file. It is this document.

Done
Nico: I am still not able to test it. It does not seem to work. Check IP inserted here with this document. Probably due to VPN. Not prioritary.

documents: improve files permissions
ae2c74c 
This PR improves files permissions to match what is currently implemented in RERO DOC.

* Installs `netaddr` library to check if an IP is in a specific range.
* Adds a function to check if an IP is in a list of ranges.
* Refactors `get_file_restriction` function, to apply the right rules for adding restriction to file.
* Refactors command for importing permissions from RERO DOC.
* Adds a new property `access` in files metadata in order to specify the access type and modify `restricted` property to be more explicit.
* Adds a new property `allowedIps` to organisation JSON schema, to store allowed IPs for the organisation.
* Adds a new property `allowedIps` to organisation elasticsearch mapping.
* Serializes `allowedIps` to get this property in API calls.
* Displays embargo date only if file is not restricted.
* Closes #328.

Co-Authored-by: Sébastien Délèze <sebastien.deleze@rero.ch>
@sebdeleze sebdeleze merged commit d91cfb0 into rero:dev Nov 12, 2020
@sebdeleze sebdeleze deleted the sed-files-permissions branch November 12, 2020 11:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Check files permissions
2 participants
@sebdeleze @pronguen