Difference between revisions of "User roles.pl"

User roles control various aspects of what a user can do in eprints. By default there are 4 categories of user: Administrator, Editor, User, and minimal User. user_roles.pl controls what each class of user can do. You can also make your own classes of user in this file.

A role in EPrints is made up of 1 or more privileges. Giving a user a role gives them all the privileges associated with that role. You can also give users additional privileges without giving them the full role.

Creating a role

To create the role approve-hat you would do the following:

$c->{roles}->{"approve-hat"} = [
       "eprint/buffer/view:editor",
       "eprint/buffer/summary:editor",
       "eprint/buffer/details:editor",
       "eprint/buffer/move_archive:editor",
];

The privileges listed above means the users given the approve-hat role can see the View, Summary, Details and Move to archive screen as an editor. Note because they cannot edit items in the buffer they can't correct any mistakes they find. However they do have the power to move items to the archive. This means the approve-hat allows a user to see the metadata of an item and if they think it is correct move it to the archive. They cannot return it to the user or edit the metadata themselves.

The quoting around the role name approve-hat is required, eprints will generate an error if the text is simply {approve-hat}.

Tip: Ensure the role is in {roles} not {user_roles}!

Creating a privilege

There is no special step to creating a privilege, simply define it where you would like it tested for. Equally, there is no specified format for privileges tying them to (for example) screens.

As a result the following are all valid:

• "eprint/coindoi"
• "eprint/coindoiffff"
• "eprint/coindoi:editor"

Assigning a role

Now that you have created a role you want to give that to class of users. To give every regular user of the repository the approve-hat you add it to the list of roles for the user.

$c->{user_roles}->{user} = [
        'general',
        'edit-own-record',
        'saved-searches',
        'set-password',
        'deposit',
        'change-email',
        'approve-hat',
],

Rather than giving every user the role you can give it to individual users. Administer a users profile and add the name of the role to their list of additional roles.

Assigning a user privilege

You do not have to give a user a full role you can give them a privilege. The syntax is slightly different. Add the name of the privilege prefixed with a '+' to the list of roles. You can remove a privilege by prefixing it with a '-'.

$c->{user_roles}->{user} = [
        'general',
        'edit-own-record',
        'saved-searches',
        'set-password',
        'deposit',
        'change-email',
        'approve-hat',
        '+eprint/archive/edit:owner',
],

You can also assign privileges to individual users through the web interface in the same way you can assign a role, remembering they will be listed as "roles". (remember the '+' or '-')

There is no need for users to log in again following a privilege change, eprints will pick it up automatically.

List of Roles and privileges

This is a full list of privileges defined in EPrints 3.3.15. They are just strings so you create your own when you create a role in user roles.pl

{

	general => 
	[
		"user/view:owner",
		"user/details:owner",
		"user/history:owner",
	],

	"edit-own-record" => 
	[
		"user/edit:owner",
	],
		
	"set-password" => 
	[
		"set-password",
	],

	"change-email" => 
	[
		# not done
	],

	"change-user" => 
	[
		# not done
	],

	"staff-view" => 
	[
		# still needs search tools

		"eprint/inbox/view",
		"eprint/inbox/summary",
		"eprint/inbox/export",
		"eprint/inbox/details",
		"eprint/inbox/history",

		"eprint/buffer/view",
		"eprint/buffer/summary",
		"eprint/buffer/export",
		"eprint/buffer/details",
		"eprint/buffer/history",

		"eprint/archive/view",
		"eprint/archive/export",
		"eprint/archive/details",
		"eprint/archive/history",

		"eprint/deletion/view",
		"eprint/deletion/summary",
		"eprint/deletion/export",
		"eprint/deletion/details",
		"eprint/deletion/history",

		"eprint/search/staff",
	],
	
	"view-status" => 
	[
		"status"
	],

	"admin" =>
	[
		"indexer/stop",
		"indexer/start",
		"indexer/force_start",
		"create_user",
		"subject/edit",
		"staff/user_search",
		"staff/history_search",
		"staff/issue_search",
		"config/view",
		"config/view/xml",
		"config/view/workflow",
		"config/view/citation",
		"config/view/phrase",
		"config/view/namedset",
		"config/view/template",
		"config/view/static",
		"config/view/autocomplete",
		"config/view/apache",
		"config/view/perl",
		"config/test_email",
		"config/imports",
		"config/add_field",
		"config/remove_field",
		"config/regen_abstracts",
		"config/regen_views",
		"config/edit/perl",

		"storage/manager",
		"repository/epm", #EPrints Package Manager

		"event_queue/destroy",
		"event_queue/details",
		"event_queue/edit",
		"event_queue/export",
		"event_queue/view",
		"eprint/destroy",
		"eprint/details",
		"eprint/edit",
		"eprint/export",
		"eprint/upsert",
		"eprint/view",
		"eprint/archive/remove",
		"eprint/archive/edit", # BatchEdit
		"file/destroy",
		"file/export",
		"file/view",
		"import/view",
		"import/edit",
		"saved_search/destroy",
		"saved_search/details",
		"saved_search/edit",
		"saved_search/export",
		"saved_search/view",
		"user/remove",
		"user/edit",
		"user/view",
		"user/details",
		"user/destroy",
		"user/history",
		"user/staff/edit",
		"repository/epm-submit", #EPrints Package Manager - Bazaar Package Submission
	],

	"toolbox" => 
	[
		"toolbox",
	],

	"edit-config" => 
	[
		"config/edit",
		"config/edit/xml",
		"config/edit/workflow",
		"config/edit/citation",
		"config/edit/phrase",
		"config/edit/namedset",
		"config/edit/template",
		"config/edit/static",
		"config/edit/autocomplete",
		# not editing perl files or apache files!
		"config/reload",
	],

	"saved-searches" => 
	[
		"saved_search",
		"create_saved_search",
		"saved_search/view:owner",
		"saved_search/edit:owner",
		"saved_search/destroy:owner",
	],

	deposit => 
	[
		"items",
		"create_eprint",
		"user/history:owner",
	
		"eprint/inbox/view:owner",
		"eprint/inbox/export:owner",
		"eprint/inbox/summary:owner",
		"eprint/inbox/destroy:owner",
		"eprint/inbox/deposit:owner",
		"eprint/inbox/edit:owner",
		"eprint/inbox/remove:owner",
		"eprint/inbox/details:owner",
		"eprint/inbox/history:owner",
		"eprint/inbox/messages:owner",
		"eprint/inbox/issues:owner",
	
		"eprint/inbox/deposit:owner",
		"eprint/inbox/use_as_template:owner",
		"eprint/inbox/derive_version:owner",
	
	
		"eprint/buffer/view:owner",
		"eprint/buffer/export:owner",
		"eprint/buffer/summary:owner",
		"eprint/buffer/move_inbox:owner",
		"eprint/buffer/details:owner",
		"eprint/buffer/history:owner",
		"eprint/buffer/messages:owner",
	
		"eprint/buffer/request_removal:owner",
		"eprint/buffer/use_as_template:owner",
		"eprint/buffer/derive_version:owner",
	
	
		"eprint/archive/view:owner",
		"eprint/archive/export:owner",
		"eprint/archive/summary:owner",
		"eprint/archive/details:owner",
		"eprint/archive/history:owner",
		"eprint/archive/messages:owner",
	
		"eprint/archive/request_removal:owner",
		"eprint/archive/use_as_template:owner",
		"eprint/archive/derive_version:owner",
	

		"eprint/deletion/view:owner",
		"eprint/deletion/export:owner",
		"eprint/deletion/summary:owner",
		"eprint/deletion/details:owner",
		"eprint/deletion/history:owner",
		"eprint/deletion/messages:owner",
	
		"eprint/deletion/use_as_template:owner",
		"eprint/deletion/derive_version:owner",
	],

	editor => 
	[
		"datasets",

		"editorial_review",

		"eprint/inbox/view:editor",
		"eprint/inbox/export:editor",
		"eprint/inbox/summary:editor",
		"eprint/inbox/export:editor",
		"eprint/inbox/details:editor",
		"eprint/inbox/history:editor",
		"eprint/inbox/messages:editor",

		"eprint/inbox/remove_with_email:editor",
		"eprint/inbox/move_archive:editor",
		"eprint/inbox/move_buffer:editor",
		"eprint/inbox/use_as_template:editor",
		"eprint/inbox/derive_version:editor",
		"eprint/inbox/edit:editor",
		"eprint/inbox/takelock:editor",


		"eprint/buffer/view:editor",
		"eprint/buffer/export:editor",
		"eprint/buffer/summary:editor",
		"eprint/buffer/export:editor",
		"eprint/buffer/details:editor",
		"eprint/buffer/history:editor",
		"eprint/buffer/messages:editor",
		"eprint/buffer/issues:editor",

		"eprint/buffer/remove_with_email:editor",
		"eprint/buffer/reject_with_email:editor",
		"eprint/buffer/move_inbox:editor",
		"eprint/buffer/move_archive:editor",
		"eprint/buffer/use_as_template:editor",
		"eprint/buffer/derive_version:editor",
		"eprint/buffer/edit:editor",
		"eprint/buffer/takelock:editor",


		"eprint/archive/view:editor",
		"eprint/archive/export:editor",
		"eprint/archive/details:editor",
		"eprint/archive/history:editor",
		"eprint/archive/messages:editor",
		"eprint/archive/issues:editor",

		"eprint/archive/move_buffer:editor",
		"eprint/archive/move_deletion:editor",
		"eprint/archive/use_as_template:editor",
		"eprint/archive/derive_version:editor",
		"eprint/archive/edit:editor",
		"eprint/archive/takelock:editor",


		"eprint/deletion/view:editor",
		"eprint/deletion/export:editor",
		"eprint/deletion/summary:editor",
		"eprint/deletion/export:editor",
		"eprint/deletion/details:editor",
		"eprint/deletion/history:editor",
		"eprint/deletion/messages:editor",

		"eprint/deletion/move_archive:editor",
		"eprint/deletion/use_as_template:editor",
		"eprint/deletion/derive_version:editor",
		"eprint/deletion/takelock:editor",
	],

	rest => [
		"eprint/archive/rest/get:editor",
		"eprint/archive/rest/put:editor",
		"eprint/buffer/rest/get:editor",
		"eprint/buffer/rest/put:editor",
		"eprint/inbox/rest/get:editor",
		"eprint/inbox/rest/put:editor",
		"eprint/deletion/rest/get:editor",
		"eprint/deletion/rest/put:editor",

		"eprint/inbox/rest/get:owner",
		"eprint/inbox/rest/put:owner",
		"eprint/buffer/rest/get:owner",
		"eprint/archive/rest/get:owner",
		"eprint/deletion/rest/get:owner",

		"user/rest/get:owner",

		"subject/rest/get",
	],
	
};