Opened 17 years ago
Closed 16 years ago
#29 closed defect (fixed)
determining who is atnf
Reported by: | DavidSmith | Owned by: | MatthewWhiting |
---|---|---|---|
Priority: | minor | Component: | web archive |
Version: | Keywords: | ||
Cc: |
Description
Currently we have a function in security.php called atnf_staff() which tests the username against a hard coded list of names. This could be easily replaced with a query to see if the intitution was/contained ATNF, however institution is a free form textfield on the registration page, ie anyone could enter ATNF and get access to files newer than 2 years old.
Is restricting them to ATNF a legal thing? or would we want to give some people out there access?
I suggest, the only way to correctly restrict access is to have a field in users indicating if they have access to the new files, and to allow administrators the ability to grant that access, via a form.
Thoughts?
Change History (6)
comment:1 Changed 17 years ago by
Status: | new → assigned |
---|
comment:2 Changed 16 years ago by
Owner: | changed from DavidSmith to MatthewWhiting |
---|---|
Status: | assigned → new |
comment:3 Changed 16 years ago by
Owner: | changed from MatthewWhiting to anonymous |
---|---|
Status: | new → assigned |
comment:4 Changed 16 years ago by
Owner: | changed from anonymous to MatthewWhiting |
---|---|
Status: | assigned → new |
comment:5 Changed 16 years ago by
Status: | new → assigned |
---|
comment:6 Changed 16 years ago by
Resolution: | → fixed |
---|---|
Status: | assigned → closed |
logging is implemented as anonymous with email, and logging in through opal database for propriatary access period.
When the OPAL authentication is enabled, this will become redundant. Currently, only those involved in the development of the archive are listed as "ATNF" people -- this could be changed via the database for new people should the need arise, but hopefully will become unnecessary with the use of OPAL authentication.