Feature #2714

Add digital object access control

Added by Peter Van Garderen about 13 years ago. Updated over 6 years ago.

Status:VerifiedStart date:04/07/2014
Priority:MediumDue date:
Assignee:Mike Gale% Done:

100%

Category:Access Control
Target version:Release 2.2.0
Google Code Legacy ID:atom-764 Tested version:2.2
Sponsored:Yes Requires documentation:

Description

access the digital objects via the appropriate digitalobject/actions. this
prevents users from accessing the uploads directory directly

[g] Legacy categories: User management

digi-object-thumbnail.png (69.3 KB) Dan Gillean, 02/27/2015 02:24 PM

rights-settings.png - 1. check the rights settings (44.3 KB) Dan Gillean, 03/20/2015 11:31 AM

rights-statements.png - 2. add a custom rights placeholder statement (10.1 KB) Dan Gillean, 03/20/2015 11:31 AM

rights-added.png - 3. upload an image and then associate rights with it (37.8 KB) Dan Gillean, 03/20/2015 11:31 AM

rights-placeholder.png - 4. log out and then navigate to the description. Rights placeholder statement not shown; generic icon instead of image icon used. (40.5 KB) Dan Gillean, 03/20/2015 11:32 AM


Related issues

Related to Access to Memory (AtoM) - Task #7463: Add PREMIS rights support into mainline AtoM Verified 11/03/2014
Related to Access to Memory (AtoM) - Bug #8108: Generic thumbnails shown during search/browse don't scale... Verified 03/16/2015
Related to Access to Memory (AtoM) - Bug #8126: PREMIS digital object access warning messages not showing up Verified 03/20/2015
Duplicated by Access to Memory (AtoM) - Bug #3205: Unauthenticated users can download master digital objects Duplicate

History

#1 Updated by Peter Van Garderen over 12 years ago

  • Priority changed from Medium to Critical

[g] Labels added: Priority-Critical, Component-User-Mgmt
[g] Labels removed: Priority-Medium

#3 Updated by David Juhasz almost 12 years ago

  • Priority changed from Critical to High

[g] Labels added: Priority-High
[g] Labels removed: Priority-Critical

#4 Updated by Anonymous almost 12 years ago

  • Priority set to Medium

[g] Labels added: Priority-Medium

#5 Updated by David Juhasz almost 12 years ago

[g] Labels added: Milestone-Release-Post-1.2
[g] Labels removed: Milestone-Release-1.1

#6 Updated by Anonymous almost 12 years ago

- Missing comment -

#7 Updated by Anonymous about 11 years ago

/p/qubit-toolkit/issues/detail?id=764/1255 is a security issue. Using the Symfony default configuration digital objects are currently posted to the /upload directory under the public web directory. We want to move the upload directory to a more secure /data directory outside of the public web directory. The reason that it has been delayed is that it is technically complex (namely digital files will now likely have to get serialized through PHP) and will require some time to implement and test. We haven't been able to secure funding for that time yet.

This comment is taken from an email exchange between Tim H. and Peter VG. on 2011.03.11

[g] New owner: David Juhasz

#8 Updated by David Juhasz almost 11 years ago

  • Priority set to Low

[g] Labels added: Priority-Low

#9 Updated by Anonymous over 10 years ago

  • Target version set to Release 1.3

[g] Labels added: Milestone-Release-1.3

#10 Updated by Jesús García Crespo over 10 years ago

  • Subject set to Add digital object access control

#11 Updated by David Juhasz almost 10 years ago

Reassign to David's new account.

[g] New owner: David Juhasz

#12 Updated by Redmine Admin over 9 years ago

  • Category set to Access Control

#13 Updated by David Juhasz about 9 years ago

  • Estimated time set to 40.00
  • Sponsored set to No

#14 Updated by David Juhasz over 7 years ago

  • Status changed from New to QA/Review
  • Assignee changed from David Juhasz to Sarah Romkey
  • Priority changed from Low to Medium
  • Target version set to Release 2.2.0
  • Sponsored changed from No to Yes
  • Requires documentation set to Yes

This enhancement has been added to the dev/2.2.x branch of AtoM, and will be included in the public AtoM 2.2.0 release. Deployment requires web server configuration which will need to be documented.

#15 Updated by Sarah Romkey over 7 years ago

  • Status changed from QA/Review to Document

#16 Updated by Sarah Romkey over 7 years ago

  • Status changed from Document to QA/Review
  • Tested version 2.2 added

#17 Updated by Sarah Romkey over 7 years ago

  • Start date set to 04/07/2014
  • % Done changed from 0 to 100
  • Estimated time changed from 40.00 to 460.00

In version 2.2, access control for digital objects will be facilitated through the use of PREMIS rights. Administrators have the option of choosing one PREMIS act/granted right to make "actionable" throughout the database on the digital objects. The administrator can also set whether thumbnails, reference copies, and/or master copies are viewable/downloadable by public users based on Allow, Disallow or Conditional rights applied to the archival description. Note that unlike previous version, rights records are no longer associated directly with digital objects, rather they are associated with the archival description and then actions are placed on the digital objects attached to those archival descriptions.

Included in the development of this feature:

- The replacement of thumbnails with generic icons when viewing thumbnail is disallowed.
- The replacement of reference representations with text (cutomizeable through the user interface by administrators) when viewing reference representations is disallowed.
- Users are unable to navigate directly to restricted digital objects (e.g. by entering the URL directly).
- Rights can be set to inherit or be combined from parent to child, either throughout all child descriptions, or only those with digital objects.
- PREMIS rights template has been upgraded to 2.2.

#18 Updated by Dan Gillean about 7 years ago

One small thought. Would be nice if we could adjust/resize/reposition the default thumbnail settings when access is denied, so they are not clipped/cropped in the thumbnail preview. See attached screenshot, digi-object-thumbnail.png

#19 Updated by Mike Cantelon about 7 years ago

I've created an issue for the scaling bug: #8108.

#20 Updated by Dan Gillean about 7 years ago

  • Related to Bug #8108: Generic thumbnails shown during search/browse don't scale properly during display added

#21 Updated by Dan Gillean about 7 years ago

Rights statements added in #7339 are not working - and the reference placeholder seems to be showing a generic fallback icon, instead of a mimetype specific one as used for the thumbnail placeholder.

Testing steps
  • In Admin > Settings > Permissions, set Display as the Act basis, and make sure all Disallow conditions are set to "Disallowed" - see rights-settings.png
  • In Admin > Settings > User interface labels, add some custom text to the access_disallow_warning - see rights-statements.png
  • Upload or link an image to an archival description
  • Add rights to the description via the More button in the button block. Make sure that the act in the rights is Display, and the condition is set to Disallow. Save. See rights-added.png Make sure your description is published as well so you can find it as a public user.
  • Log out of the application.
  • Go to Browse > Archival descriptions and locate your description. Confirm that the correct placeholder is there instead of the thumbnail (works - cropping issue filed in #8108)
  • Navigate to the description
Error encountered
  • Instead of displaying the image placeholder icon, a default generic icon is shown
  • The disallow statement added to the access_disallow_warning field in the User inteface labels is not displayed
  • see: rights-placeholder.png
Expected result
  • User should see the help text added to the access_disallow_warning in the User inteface labels, instead of the image...
  • If a placeholder icon is shown, it should be specific to the media - e.g. the image placeholder for an image, as shown for the thumbnail.

#22 Updated by Dan Gillean about 7 years ago

  • Related to Bug #8126: PREMIS digital object access warning messages not showing up added

#23 Updated by Dan Gillean about 7 years ago

  • Status changed from Feedback to Verified

The above-described problem has been resolved on #8126. Since we also have #8108 for the thumbnail scaling, and the main functionality seems to work as expected now, I am verifying this issue - any further problems encountered during intensive release Q/A testing can be filed as new issues.

#24 Updated by Jesús García Crespo about 7 years ago

  • Estimated time deleted (460.00)

#25 Updated by Dan Gillean over 6 years ago

  • Requires documentation deleted (Yes)

Also available in: Atom PDF