Closed kenoir closed 1 month ago
jcateswellcome
commented
5 months ago Just moved this to the 'digital collections' board, as I think we will discuss in our planning session. I'd like to have this resolved this quarter, I think, as it relates to work in the previous quarter and the Digirati work package.
jcateswellcome
commented
5 months ago Link to notion page placeholder to update: https://www.notion.so/wellcometrust/Restricted-items-access-via-wellcomecollection-bc55baf9a896490d956666515958d2a5?pvs=4
jamieparkinson
commented
4 months ago I believe this will also need a change to the OpenAthens config so that staff can continue to log in using wc.org as an identity provider
kenoir
commented
4 months ago I believe this will also need a change to the OpenAthens config so that staff can continue to log in using wc.org as an identity provider
@jamieparkinson can you expand on this? I'm unsure on how a new Role here would impact the OpenAthens login?
jcateswellcome
commented
3 months ago Collections information have confirmed they are happy with the proposed approach of adding a new patron type. I'll confirm the next steps with product lines for doing that, then we can update the mapping.
jamieparkinson
commented
3 months ago Missed the q above - my memory is that journal access for Wellcome staff can be via AD, but we also configured OpenAthens to map the Staff patron type so that they can log in via wc.org. That mapping also makes it so that the self-registered patron type can't access journals at all.
jcateswellcome
commented
2 months ago Just an update that Elizabeth in product lines has started the work to create a new p type. Once I have word on progress against that then we can move this forward.
jcateswellcome
commented
2 months ago Is part of restricted items access for staff epic
In order to better distinguish user roles when offering access to restricted images we should:
Update our mapping from patron type to role to be more granular
https://github.com/wellcomecollection/identity/blob/main/packages/shared/sierra-client/src/patron.ts#L29,
We think the user data will get updated when someone logs in the next time, we should confirm this is the case. If so we can decide how to map the patron type to role our side and communicate the appropriate role to role mapping in the style of the example in this RFC: https://github.com/dlcs/protagonist/blob/main/docs/rfcs/008-more-access-control-oidc-oauth.md#role-provider---oidc
Part of: https://github.com/wellcomecollection/platform/issues/5747
See: https://wellcome.slack.com/archives/CBT40CMKQ/p1707148320736249
And: https://wellcome.slack.com/archives/C06P577NUSW/p1710260335832819