ICA-AtoM - User contributions [en]

User:Lite

2016-04-04T16:51:19Z

David: Creating user page for new user.

Private genealogist, interested in finding ancestors and descendants as well as in history.

Edit permissions

2013-07-10T17:26:22Z

David: /* Scenario five: Add the ability to translate to a specified language */ close note

[[Main Page]] > [[User manual]] > [[Administer]] > Edit permissions

<div class="note">
* You should have two or more archival institutions in your system, with several hierarchical descriptions attached and some digital objects uploaded, in order to fully test the scenarios on this page
* You can only modify the user's settings if you are logged in as an administrator. After completing the steps in each scenario, log out and log back in as the user you've been creating and modifying in order to see the results of your modifications
</div>

== Scenario one: Allow the public to view and download master digital objects ==

<div class="note">

The default permissions in '''ICA-AtoM''' prevent the public ("anonymous" group) from viewing or download master digital objects (e.g. original TIFF images, original video files, original audio files). By default the public ''can'' view the "reference" representation (e.g. derivative JPEG image, derivative flash video or audio file via in-browser flash player) and thumbnail version of any digital object.

</div>

[[Image:Allow access to master representation.png|300px|right|thumb|Fig.3 View permissions by repository.]]

This will allow the public to view or download the master objects in addition to viewing the thumbnail and reference display copies of digital objects.

# Click Admin > Groups > Anonymous in the administrator's menu
# Click the "Archival description permissions" tab
# Click "Edit"
# Under ''All Archival description > Access master'' click the "Grant" radio button
# Click "Save"

<br style="clear:both" />

== Scenario two: In a multi-repository system, add a user who can create, update, edit, delete and publish archival descriptions belonging to one archival institution only (or whatever preferences the Administrator wants to set for the User) ==
<div class=clear fix>
<ol>

[[Image:singlerep_user01.png|300px|right|thumb|Fig.1. Leave group field blank. User automatically becomes an authenticated user.]]
<li> When refining user permissions you can begin by creating a User, but do not assign them to a unique User group. Leave this blank and it will automatically assign the User to the parent group of authenticated (which is all users who have successfully logged-in)(See fig.1)</li>
<br style="clear:both" />
[[Image:singlerep_user02.png|300px|right|thumb|Fig.2.View User permissions screen]]
<li>
In order to restrict permissions to descriptions of a particular institution, we need to go to Admin menu > Users. Select the User you want to restrict to specific repository permissions.(See fig.2)</li>
<br style="clear:both" />
[[Image:singlerep_user03.png|300px|right|thumb|Fig.3 View permissions by repository.]]
<li>Select information object permissions. Click Edit. Select Permissions by Repository and click Add Repository. Select Repository name from list. Click on Submit.(See fig.3)</li>
<br style="clear:both" />
[[Image:singlerep_user04.png|300px|right|thumb|Fig.4]]
<li>Click on the circles to Grant Permissions to read, create, update, delete, view draft, publish, access master and access reference.(See fig.4)</li>
<br style="clear:both" />
[[Image:singlerep_user05.png|300px|right|thumb|Fig.5 View permissions for User]]
<li>Click on Save.The Administrator can now view the User and their permissions in relation to a specific Repository.(See fig.5)</li>
<br style="clear:both" />
<li>To test your permissions, try logging out and logging back in as the user you created. You should be able to create, edit, delete and publish descriptions belonging to the specified institution only.If you want this User to have permissions to create, update and delete Authority Records and create, update and delete Taxonomies you must "grant" those as well.The default for authenticated group does not grant those permissions.</li>

</ol>
</div>

== Scenario three: Add user to the contributor group as an alternative approach ==

<div class="note">

When refining user permissions, it is often useful to start with the group to which the user belongs. You can refine permissions for the group, then add users to the group, all of whom will inherit the modified permissions. Any permission that has not been "granted" by the current group (e.g., contributor, editor) or its parent group (authenticated) is considered "denied" by default. In other words the default for the system is to deny permission unless a rule explicitly grants it.

</div>

In the main menu bar, go to admin > groups > contributor. Click on Archival description permissions in the grey menu above the title bar. Your screen will show the default "Grant" permissions for the contributor group - i.e. it shows you everything the user is permitted to do. The contributor group inherits some of its settings from its parent group, authenticated (which is all users who have successfully logged-in).

Click Edit. In the edit screen, you will get a better sense of the group's permission settings. The contributor has the following permissions:
* Read: Grant (inherited from authenticated group)
* Create: Grant
* Update: Grant
* Delete: Deny (default deny)
* View draft: Grant
* Publish: Deny (default deny)
* Access master digital object: Grant
* Access reference digital object: Grant (inherited from authenticated group).

In other words, any user belonging to the contributor group automatically has been ''granted'' the ability to read, create and update descriptions, view draft descriptions, and access digital objects. However, the user has been ''denied'' the ability to delete or publish descriptions.

</div>

== Scenario four: Remove the ability to create and update authority records ==
</div class="note">
Permissions for authority records can be refined in some of the same ways they can be refined for archival descriptions. In a multi-repository setting it may be desirable to prevent users from creating and/or updating authority records, because one authority record may be linked to archival descriptions belonging to more than one archival institution.

</div>

== Scenario five: Add the ability to translate to a specified language ==

<div class="note">
There are two ways to grant translate permissions to non-administrators:

* Make the user a translator by adding them to the translator group (the same way that you added a user to the contributor group). This means that they will be able to translate to any language.
* Instead of making the user a translator, which would allow them to translate to any language, add a language to which a user can translate. This means that they will be able to translate only to the specified language, and only those archival descriptions and authority records they are allowed to update. In this scenario, we will add the ability of the user to translate to Dutch.

</div>

Go to admin > users > "UserName". You should be in looking at the View user profile screen; if not, click Profile (to the left of Archival description permissions). Click Edit, then click on the blue "Access control" link. In allowed languages for translation, select Dutch. Click Save. The user will now be able to translate from any source language to Dutch. Note that the list of languages is derived from the languages added in the settings menu. See [[add/remove languages]]. Note also that you can add more languages from this list as needed.
</div>

== Scenario six: Remove the ability to view and download master digital objects ==

<div class="note">

Users belonging to the contributor group automatically inherit the ability to view and download master digital objects.

</div>

Go to admin > users > "UserName". Click on Archival description permissions. Click Edit. Under ''All archival descriptions'' next to Access master click Deny. Save the record. This will allow the user to view thumbnail and reference display copies of digital objects, but not to view or download the master objects. Note that if you do not wish to have any users belonging to the Contributor group viewing or downloading masters digital objects, deny permission for this activity at the level of the group - i.e. go to admin > groups > contributor and make the change at that level instead of the level of the individual user.

== Scenario seven: Add ability to create, update, and delete subject terms ==

<div class="note">

Users belonging to the contributor group do not automatically inherit the ability to create, update, and delete taxonomy terms. You can change these permissions for either the contributor group or an individual user. In this case, we will add the ability to create, update and delete subject terms to our individual user.

</div>

Go to admin > users > "UserName". Click on Taxonomy permissions (next to Authority record permissions). Click Edit. Click the blue link "Permissions by taxonomy", then click "Add taxonomy". Select Subjects as the taxonomy name from the auto-complete list. Next to Create, Update and Delete select Grant, then save the record. The user should now be able to create, update and delete subject terms but not other kinds of taxonomy terms.

[[Category:User manual]]

__NOTOC__

Edit permissions

2013-07-10T17:25:57Z

David: /* Scenario three: Add user to the contributor group as an alternative approach */ close note

[[Main Page]] > [[User manual]] > [[Administer]] > Edit permissions

<div class="note">
* You should have two or more archival institutions in your system, with several hierarchical descriptions attached and some digital objects uploaded, in order to fully test the scenarios on this page
* You can only modify the user's settings if you are logged in as an administrator. After completing the steps in each scenario, log out and log back in as the user you've been creating and modifying in order to see the results of your modifications
</div>

== Scenario one: Allow the public to view and download master digital objects ==

<div class="note">

The default permissions in '''ICA-AtoM''' prevent the public ("anonymous" group) from viewing or download master digital objects (e.g. original TIFF images, original video files, original audio files). By default the public ''can'' view the "reference" representation (e.g. derivative JPEG image, derivative flash video or audio file via in-browser flash player) and thumbnail version of any digital object.

</div>

[[Image:Allow access to master representation.png|300px|right|thumb|Fig.3 View permissions by repository.]]

This will allow the public to view or download the master objects in addition to viewing the thumbnail and reference display copies of digital objects.

# Click Admin > Groups > Anonymous in the administrator's menu
# Click the "Archival description permissions" tab
# Click "Edit"
# Under ''All Archival description > Access master'' click the "Grant" radio button
# Click "Save"

<br style="clear:both" />

== Scenario two: In a multi-repository system, add a user who can create, update, edit, delete and publish archival descriptions belonging to one archival institution only (or whatever preferences the Administrator wants to set for the User) ==
<div class=clear fix>
<ol>

[[Image:singlerep_user01.png|300px|right|thumb|Fig.1. Leave group field blank. User automatically becomes an authenticated user.]]
<li> When refining user permissions you can begin by creating a User, but do not assign them to a unique User group. Leave this blank and it will automatically assign the User to the parent group of authenticated (which is all users who have successfully logged-in)(See fig.1)</li>
<br style="clear:both" />
[[Image:singlerep_user02.png|300px|right|thumb|Fig.2.View User permissions screen]]
<li>
In order to restrict permissions to descriptions of a particular institution, we need to go to Admin menu > Users. Select the User you want to restrict to specific repository permissions.(See fig.2)</li>
<br style="clear:both" />
[[Image:singlerep_user03.png|300px|right|thumb|Fig.3 View permissions by repository.]]
<li>Select information object permissions. Click Edit. Select Permissions by Repository and click Add Repository. Select Repository name from list. Click on Submit.(See fig.3)</li>
<br style="clear:both" />
[[Image:singlerep_user04.png|300px|right|thumb|Fig.4]]
<li>Click on the circles to Grant Permissions to read, create, update, delete, view draft, publish, access master and access reference.(See fig.4)</li>
<br style="clear:both" />
[[Image:singlerep_user05.png|300px|right|thumb|Fig.5 View permissions for User]]
<li>Click on Save.The Administrator can now view the User and their permissions in relation to a specific Repository.(See fig.5)</li>
<br style="clear:both" />
<li>To test your permissions, try logging out and logging back in as the user you created. You should be able to create, edit, delete and publish descriptions belonging to the specified institution only.If you want this User to have permissions to create, update and delete Authority Records and create, update and delete Taxonomies you must "grant" those as well.The default for authenticated group does not grant those permissions.</li>

</ol>
</div>

== Scenario three: Add user to the contributor group as an alternative approach ==

<div class="note">

When refining user permissions, it is often useful to start with the group to which the user belongs. You can refine permissions for the group, then add users to the group, all of whom will inherit the modified permissions. Any permission that has not been "granted" by the current group (e.g., contributor, editor) or its parent group (authenticated) is considered "denied" by default. In other words the default for the system is to deny permission unless a rule explicitly grants it.

</div>

In the main menu bar, go to admin > groups > contributor. Click on Archival description permissions in the grey menu above the title bar. Your screen will show the default "Grant" permissions for the contributor group - i.e. it shows you everything the user is permitted to do. The contributor group inherits some of its settings from its parent group, authenticated (which is all users who have successfully logged-in).

Click Edit. In the edit screen, you will get a better sense of the group's permission settings. The contributor has the following permissions:
* Read: Grant (inherited from authenticated group)
* Create: Grant
* Update: Grant
* Delete: Deny (default deny)
* View draft: Grant
* Publish: Deny (default deny)
* Access master digital object: Grant
* Access reference digital object: Grant (inherited from authenticated group).

In other words, any user belonging to the contributor group automatically has been ''granted'' the ability to read, create and update descriptions, view draft descriptions, and access digital objects. However, the user has been ''denied'' the ability to delete or publish descriptions.

</div>

== Scenario four: Remove the ability to create and update authority records ==
</div class="note">
Permissions for authority records can be refined in some of the same ways they can be refined for archival descriptions. In a multi-repository setting it may be desirable to prevent users from creating and/or updating authority records, because one authority record may be linked to archival descriptions belonging to more than one archival institution.

</div>

== Scenario five: Add the ability to translate to a specified language ==

<div class="note">
There are two ways to grant translate permissions to non-administrators:

* Make the user a translator by adding them to the translator group (the same way that you added a user to the contributor group). This means that they will be able to translate to any language.
* Instead of making the user a translator, which would allow them to translate to any language, add a language to which a user can translate. This means that they will be able to translate only to the specified language, and only those archival descriptions and authority records they are allowed to update. In this scenario, we will add the ability of the user to translate to Dutch.

Go to admin > users > "UserName". You should be in looking at the View user profile screen; if not, click Profile (to the left of Archival description permissions). Click Edit, then click on the blue "Access control" link. In allowed languages for translation, select Dutch. Click Save. The user will now be able to translate from any source language to Dutch. Note that the list of languages is derived from the languages added in the settings menu. See [[add/remove languages]]. Note also that you can add more languages from this list as needed.
</div>

== Scenario six: Remove the ability to view and download master digital objects ==

<div class="note">

Users belonging to the contributor group automatically inherit the ability to view and download master digital objects.

</div>

Go to admin > users > "UserName". Click on Archival description permissions. Click Edit. Under ''All archival descriptions'' next to Access master click Deny. Save the record. This will allow the user to view thumbnail and reference display copies of digital objects, but not to view or download the master objects. Note that if you do not wish to have any users belonging to the Contributor group viewing or downloading masters digital objects, deny permission for this activity at the level of the group - i.e. go to admin > groups > contributor and make the change at that level instead of the level of the individual user.

== Scenario seven: Add ability to create, update, and delete subject terms ==

<div class="note">

Users belonging to the contributor group do not automatically inherit the ability to create, update, and delete taxonomy terms. You can change these permissions for either the contributor group or an individual user. In this case, we will add the ability to create, update and delete subject terms to our individual user.

</div>

Go to admin > users > "UserName". Click on Taxonomy permissions (next to Authority record permissions). Click Edit. Click the blue link "Permissions by taxonomy", then click "Add taxonomy". Select Subjects as the taxonomy name from the auto-complete list. Next to Create, Update and Delete select Grant, then save the record. The user should now be able to create, update and delete subject terms but not other kinds of taxonomy terms.

[[Category:User manual]]

__NOTOC__

Edit permissions

2013-07-09T17:21:50Z

David: /* Scenario one: Allow the public to view and download master digital objects */ fix name of "Grant" button

[[Main Page]] > [[User manual]] > [[Administer]] > Edit permissions

<div class="note">
* You should have two or more archival institutions in your system, with several hierarchical descriptions attached and some digital objects uploaded, in order to fully test the scenarios on this page
* You can only modify the user's settings if you are logged in as an administrator. After completing the steps in each scenario, log out and log back in as the user you've been creating and modifying in order to see the results of your modifications
</div>

== Scenario one: Allow the public to view and download master digital objects ==

<div class="note">

The default permissions in '''ICA-AtoM''' prevent the public ("anonymous" group) from viewing or download master digital objects (e.g. original TIFF images, original video files, original audio files). By default the public ''can'' view the "reference" representation (e.g. derivative JPEG image, derivative flash video or audio file via in-browser flash player) and thumbnail version of any digital object.

</div>

[[Image:Allow access to master representation.png|300px|right|thumb|Fig.3 View permissions by repository.]]

This will allow the public to view or download the master objects in addition to viewing the thumbnail and reference display copies of digital objects.

# Click Admin > Groups > Anonymous in the administrator's menu
# Click the "Archival description permissions" tab
# Click "Edit"
# Under ''All Archival description > Access master'' click the "Grant" radio button
# Click "Save"

<br style="clear:both" />

== Scenario two: In a multi-repository system, add a user who can create, update, edit, delete and publish archival descriptions belonging to one archival institution only (or whatever preferences the Administrator wants to set for the User) ==
<div class=clear fix>
<ol>

[[Image:singlerep_user01.png|300px|right|thumb|Fig.1. Leave group field blank. User automatically becomes an authenticated user.]]
<li> When refining user permissions you can begin by creating a User, but do not assign them to a unique User group. Leave this blank and it will automatically assign the User to the parent group of authenticated (which is all users who have successfully logged-in)(See fig.1)</li>
<br style="clear:both" />
[[Image:singlerep_user02.png|300px|right|thumb|Fig.2.View User permissions screen]]
<li>
In order to restrict permissions to descriptions of a particular institution, we need to go to Admin menu > Users. Select the User you want to restrict to specific repository permissions.(See fig.2)</li>
<br style="clear:both" />
[[Image:singlerep_user03.png|300px|right|thumb|Fig.3 View permissions by repository.]]
<li>Select information object permissions. Click Edit. Select Permissions by Repository and click Add Repository. Select Repository name from list. Click on Submit.(See fig.3)</li>
<br style="clear:both" />
[[Image:singlerep_user04.png|300px|right|thumb|Fig.4]]
<li>Click on the circles to Grant Permissions to read, create, update, delete, view draft, publish, access master and access reference.(See fig.4)</li>
<br style="clear:both" />
[[Image:singlerep_user05.png|300px|right|thumb|Fig.5 View permissions for User]]
<li>Click on Save.The Administrator can now view the User and their permissions in relation to a specific Repository.(See fig.5)</li>
<br style="clear:both" />
<li>To test your permissions, try logging out and logging back in as the user you created. You should be able to create, edit, delete and publish descriptions belonging to the specified institution only.If you want this User to have permissions to create, update and delete Authority Records and create, update and delete Taxonomies you must "grant" those as well.The default for authenticated group does not grant those permissions.</li>

</ol>
</div>

== Scenario three: Add user to the contributor group as an alternative approach ==

<div class="note">

When refining user permissions, it is often useful to start with the group to which the user belongs. You can refine permissions for the group, then add users to the group, all of whom will inherit the modified permissions. Any permission that has not been "granted" by the current group (e.g., contributor, editor) or its parent group (authenticated) is considered "denied" by default. In other words the default for the system is to deny permission unless a rule explicitly grants it.

In the main menu bar, go to admin > groups > contributor. Click on Archival description permissions in the grey menu above the title bar. Your screen will show the default "Grant" permissions for the contributor group - i.e. it shows you everything the user is permitted to do. The contributor group inherits some of its settings from its parent group, authenticated (which is all users who have successfully logged-in).

Click Edit. In the edit screen, you will get a better sense of the group's permission settings. The contributor has the following permissions:
* Read: Grant (inherited from authenticated group)
* Create: Grant
* Update: Grant
* Delete: Deny (default deny)
* View draft: Grant
* Publish: Deny (default deny)
* Access master digital object: Grant
* Access reference digital object: Grant (inherited from authenticated group).

In other words, any user belonging to the contributor group automatically has been ''granted'' the ability to read, create and update descriptions, view draft descriptions, and access digital objects. However, the user has been ''denied'' the ability to delete or publish descriptions.

</div>

== Scenario four: Remove the ability to create and update authority records ==
</div class="note">
Permissions for authority records can be refined in some of the same ways they can be refined for archival descriptions. In a multi-repository setting it may be desirable to prevent users from creating and/or updating authority records, because one authority record may be linked to archival descriptions belonging to more than one archival institution.

</div>

== Scenario five: Add the ability to translate to a specified language ==

<div class="note">
There are two ways to grant translate permissions to non-administrators:

* Make the user a translator by adding them to the translator group (the same way that you added a user to the contributor group). This means that they will be able to translate to any language.
* Instead of making the user a translator, which would allow them to translate to any language, add a language to which a user can translate. This means that they will be able to translate only to the specified language, and only those archival descriptions and authority records they are allowed to update. In this scenario, we will add the ability of the user to translate to Dutch.

Go to admin > users > "UserName". You should be in looking at the View user profile screen; if not, click Profile (to the left of Archival description permissions). Click Edit, then click on the blue "Access control" link. In allowed languages for translation, select Dutch. Click Save. The user will now be able to translate from any source language to Dutch. Note that the list of languages is derived from the languages added in the settings menu. See [[add/remove languages]]. Note also that you can add more languages from this list as needed.
</div>

== Scenario six: Remove the ability to view and download master digital objects ==

<div class="note">

Users belonging to the contributor group automatically inherit the ability to view and download master digital objects.

</div>

Go to admin > users > "UserName". Click on Archival description permissions. Click Edit. Under ''All archival descriptions'' next to Access master click Deny. Save the record. This will allow the user to view thumbnail and reference display copies of digital objects, but not to view or download the master objects. Note that if you do not wish to have any users belonging to the Contributor group viewing or downloading masters digital objects, deny permission for this activity at the level of the group - i.e. go to admin > groups > contributor and make the change at that level instead of the level of the individual user.

== Scenario seven: Add ability to create, update, and delete subject terms ==

<div class="note">

Users belonging to the contributor group do not automatically inherit the ability to create, update, and delete taxonomy terms. You can change these permissions for either the contributor group or an individual user. In this case, we will add the ability to create, update and delete subject terms to our individual user.

</div>

Go to admin > users > "UserName". Click on Taxonomy permissions (next to Authority record permissions). Click Edit. Click the blue link "Permissions by taxonomy", then click "Add taxonomy". Select Subjects as the taxonomy name from the auto-complete list. Next to Create, Update and Delete select Grant, then save the record. The user should now be able to create, update and delete subject terms but not other kinds of taxonomy terms.

[[Category:User manual]]

__NOTOC__

Edit permissions

2013-07-09T17:21:14Z

David: /* Scenario one: Allow the public to view and download master digital objects */ minor changes to text

[[Main Page]] > [[User manual]] > [[Administer]] > Edit permissions

<div class="note">
* You should have two or more archival institutions in your system, with several hierarchical descriptions attached and some digital objects uploaded, in order to fully test the scenarios on this page
* You can only modify the user's settings if you are logged in as an administrator. After completing the steps in each scenario, log out and log back in as the user you've been creating and modifying in order to see the results of your modifications
</div>

== Scenario one: Allow the public to view and download master digital objects ==

<div class="note">

The default permissions in '''ICA-AtoM''' prevent the public ("anonymous" group) from viewing or download master digital objects (e.g. original TIFF images, original video files, original audio files). By default the public ''can'' view the "reference" representation (e.g. derivative JPEG image, derivative flash video or audio file via in-browser flash player) and thumbnail version of any digital object.

</div>

[[Image:Allow access to master representation.png|300px|right|thumb|Fig.3 View permissions by repository.]]

This will allow the public to view or download the master objects in addition to viewing the thumbnail and reference display copies of digital objects.

# Click Admin > Groups > Anonymous in the administrator's menu
# Click the "Archival description permissions" tab
# Click "Edit"
# Under ''All Archival description > Access master'' click the "Allow" toggle
# Click "Save"

<br style="clear:both" />

== Scenario two: In a multi-repository system, add a user who can create, update, edit, delete and publish archival descriptions belonging to one archival institution only (or whatever preferences the Administrator wants to set for the User) ==
<div class=clear fix>
<ol>

[[Image:singlerep_user01.png|300px|right|thumb|Fig.1. Leave group field blank. User automatically becomes an authenticated user.]]
<li> When refining user permissions you can begin by creating a User, but do not assign them to a unique User group. Leave this blank and it will automatically assign the User to the parent group of authenticated (which is all users who have successfully logged-in)(See fig.1)</li>
<br style="clear:both" />
[[Image:singlerep_user02.png|300px|right|thumb|Fig.2.View User permissions screen]]
<li>
In order to restrict permissions to descriptions of a particular institution, we need to go to Admin menu > Users. Select the User you want to restrict to specific repository permissions.(See fig.2)</li>
<br style="clear:both" />
[[Image:singlerep_user03.png|300px|right|thumb|Fig.3 View permissions by repository.]]
<li>Select information object permissions. Click Edit. Select Permissions by Repository and click Add Repository. Select Repository name from list. Click on Submit.(See fig.3)</li>
<br style="clear:both" />
[[Image:singlerep_user04.png|300px|right|thumb|Fig.4]]
<li>Click on the circles to Grant Permissions to read, create, update, delete, view draft, publish, access master and access reference.(See fig.4)</li>
<br style="clear:both" />
[[Image:singlerep_user05.png|300px|right|thumb|Fig.5 View permissions for User]]
<li>Click on Save.The Administrator can now view the User and their permissions in relation to a specific Repository.(See fig.5)</li>
<br style="clear:both" />
<li>To test your permissions, try logging out and logging back in as the user you created. You should be able to create, edit, delete and publish descriptions belonging to the specified institution only.If you want this User to have permissions to create, update and delete Authority Records and create, update and delete Taxonomies you must "grant" those as well.The default for authenticated group does not grant those permissions.</li>

</ol>
</div>

== Scenario three: Add user to the contributor group as an alternative approach ==

<div class="note">

When refining user permissions, it is often useful to start with the group to which the user belongs. You can refine permissions for the group, then add users to the group, all of whom will inherit the modified permissions. Any permission that has not been "granted" by the current group (e.g., contributor, editor) or its parent group (authenticated) is considered "denied" by default. In other words the default for the system is to deny permission unless a rule explicitly grants it.

In the main menu bar, go to admin > groups > contributor. Click on Archival description permissions in the grey menu above the title bar. Your screen will show the default "Grant" permissions for the contributor group - i.e. it shows you everything the user is permitted to do. The contributor group inherits some of its settings from its parent group, authenticated (which is all users who have successfully logged-in).

Click Edit. In the edit screen, you will get a better sense of the group's permission settings. The contributor has the following permissions:
* Read: Grant (inherited from authenticated group)
* Create: Grant
* Update: Grant
* Delete: Deny (default deny)
* View draft: Grant
* Publish: Deny (default deny)
* Access master digital object: Grant
* Access reference digital object: Grant (inherited from authenticated group).

In other words, any user belonging to the contributor group automatically has been ''granted'' the ability to read, create and update descriptions, view draft descriptions, and access digital objects. However, the user has been ''denied'' the ability to delete or publish descriptions.

</div>

== Scenario four: Remove the ability to create and update authority records ==
</div class="note">
Permissions for authority records can be refined in some of the same ways they can be refined for archival descriptions. In a multi-repository setting it may be desirable to prevent users from creating and/or updating authority records, because one authority record may be linked to archival descriptions belonging to more than one archival institution.

</div>

== Scenario five: Add the ability to translate to a specified language ==

<div class="note">
There are two ways to grant translate permissions to non-administrators:

* Make the user a translator by adding them to the translator group (the same way that you added a user to the contributor group). This means that they will be able to translate to any language.
* Instead of making the user a translator, which would allow them to translate to any language, add a language to which a user can translate. This means that they will be able to translate only to the specified language, and only those archival descriptions and authority records they are allowed to update. In this scenario, we will add the ability of the user to translate to Dutch.

Go to admin > users > "UserName". You should be in looking at the View user profile screen; if not, click Profile (to the left of Archival description permissions). Click Edit, then click on the blue "Access control" link. In allowed languages for translation, select Dutch. Click Save. The user will now be able to translate from any source language to Dutch. Note that the list of languages is derived from the languages added in the settings menu. See [[add/remove languages]]. Note also that you can add more languages from this list as needed.
</div>

== Scenario six: Remove the ability to view and download master digital objects ==

<div class="note">

Users belonging to the contributor group automatically inherit the ability to view and download master digital objects.

</div>

Go to admin > users > "UserName". Click on Archival description permissions. Click Edit. Under ''All archival descriptions'' next to Access master click Deny. Save the record. This will allow the user to view thumbnail and reference display copies of digital objects, but not to view or download the master objects. Note that if you do not wish to have any users belonging to the Contributor group viewing or downloading masters digital objects, deny permission for this activity at the level of the group - i.e. go to admin > groups > contributor and make the change at that level instead of the level of the individual user.

== Scenario seven: Add ability to create, update, and delete subject terms ==

<div class="note">

Users belonging to the contributor group do not automatically inherit the ability to create, update, and delete taxonomy terms. You can change these permissions for either the contributor group or an individual user. In this case, we will add the ability to create, update and delete subject terms to our individual user.

</div>

Go to admin > users > "UserName". Click on Taxonomy permissions (next to Authority record permissions). Click Edit. Click the blue link "Permissions by taxonomy", then click "Add taxonomy". Select Subjects as the taxonomy name from the auto-complete list. Next to Create, Update and Delete select Grant, then save the record. The user should now be able to create, update and delete subject terms but not other kinds of taxonomy terms.

[[Category:User manual]]

__NOTOC__

File:Allow access to master representation.png

2013-07-09T17:19:40Z

David: David uploaded a new version of "File:Allow access to master representation.png": Change interface label from "Information object" to "Archival description"

Screenshot of administrator interface, highlighting ability to allow public (anonymous) users to view and download "master" representation (orginal file uploaded) of digital objects.

Edit permissions

2013-07-09T17:16:17Z

David: /* Scenario one: Allow the public to view and download master digital objects */ minor changes to text

[[Main Page]] > [[User manual]] > [[Administer]] > Edit permissions

<div class="note">
* You should have two or more archival institutions in your system, with several hierarchical descriptions attached and some digital objects uploaded, in order to fully test the scenarios on this page
* You can only modify the user's settings if you are logged in as an administrator. After completing the steps in each scenario, log out and log back in as the user you've been creating and modifying in order to see the results of your modifications
</div>

== Scenario one: Allow the public to view and download master digital objects ==

<div class="note">

The default permissions in '''ICA-AtoM''' prevent the public ("anonymous" group) from viewing or download master digital objects (e.g. original TIFF images, original video files, original audio files). By default the public ''can'' view the "reference" representation (e.g. derivative JPEG image, derivative flash video or audio file via in-browser flash player) and thumbnail version of any digital object.

</div>

[[Image:Allow access to master representation.png|300px|right|thumb|Fig.3 View permissions by repository.]]

This will allow the public to view or download the master objects in addition to viewing the thumbnail and reference display copies of digital objects.

# Click Admin > Groups > Anonymous in the administrator's menu
# Click the "Archival description permissions" tab
# Click "Edit"
# Under ''All archival descriptions'' next to Access master click "Allow"
# Click "Save"

<br style="clear:both" />

== Scenario two: In a multi-repository system, add a user who can create, update, edit, delete and publish archival descriptions belonging to one archival institution only (or whatever preferences the Administrator wants to set for the User) ==
<div class=clear fix>
<ol>

[[Image:singlerep_user01.png|300px|right|thumb|Fig.1. Leave group field blank. User automatically becomes an authenticated user.]]
<li> When refining user permissions you can begin by creating a User, but do not assign them to a unique User group. Leave this blank and it will automatically assign the User to the parent group of authenticated (which is all users who have successfully logged-in)(See fig.1)</li>
<br style="clear:both" />
[[Image:singlerep_user02.png|300px|right|thumb|Fig.2.View User permissions screen]]
<li>
In order to restrict permissions to descriptions of a particular institution, we need to go to Admin menu > Users. Select the User you want to restrict to specific repository permissions.(See fig.2)</li>
<br style="clear:both" />
[[Image:singlerep_user03.png|300px|right|thumb|Fig.3 View permissions by repository.]]
<li>Select information object permissions. Click Edit. Select Permissions by Repository and click Add Repository. Select Repository name from list. Click on Submit.(See fig.3)</li>
<br style="clear:both" />
[[Image:singlerep_user04.png|300px|right|thumb|Fig.4]]
<li>Click on the circles to Grant Permissions to read, create, update, delete, view draft, publish, access master and access reference.(See fig.4)</li>
<br style="clear:both" />
[[Image:singlerep_user05.png|300px|right|thumb|Fig.5 View permissions for User]]
<li>Click on Save.The Administrator can now view the User and their permissions in relation to a specific Repository.(See fig.5)</li>
<br style="clear:both" />
<li>To test your permissions, try logging out and logging back in as the user you created. You should be able to create, edit, delete and publish descriptions belonging to the specified institution only.If you want this User to have permissions to create, update and delete Authority Records and create, update and delete Taxonomies you must "grant" those as well.The default for authenticated group does not grant those permissions.</li>

</ol>
</div>

== Scenario three: Add user to the contributor group as an alternative approach ==

<div class="note">

When refining user permissions, it is often useful to start with the group to which the user belongs. You can refine permissions for the group, then add users to the group, all of whom will inherit the modified permissions. Any permission that has not been "granted" by the current group (e.g., contributor, editor) or its parent group (authenticated) is considered "denied" by default. In other words the default for the system is to deny permission unless a rule explicitly grants it.

In the main menu bar, go to admin > groups > contributor. Click on Archival description permissions in the grey menu above the title bar. Your screen will show the default "Grant" permissions for the contributor group - i.e. it shows you everything the user is permitted to do. The contributor group inherits some of its settings from its parent group, authenticated (which is all users who have successfully logged-in).

Click Edit. In the edit screen, you will get a better sense of the group's permission settings. The contributor has the following permissions:
* Read: Grant (inherited from authenticated group)
* Create: Grant
* Update: Grant
* Delete: Deny (default deny)
* View draft: Grant
* Publish: Deny (default deny)
* Access master digital object: Grant
* Access reference digital object: Grant (inherited from authenticated group).

In other words, any user belonging to the contributor group automatically has been ''granted'' the ability to read, create and update descriptions, view draft descriptions, and access digital objects. However, the user has been ''denied'' the ability to delete or publish descriptions.

</div>

== Scenario four: Remove the ability to create and update authority records ==
</div class="note">
Permissions for authority records can be refined in some of the same ways they can be refined for archival descriptions. In a multi-repository setting it may be desirable to prevent users from creating and/or updating authority records, because one authority record may be linked to archival descriptions belonging to more than one archival institution.

</div>

== Scenario five: Add the ability to translate to a specified language ==

<div class="note">
There are two ways to grant translate permissions to non-administrators:

* Make the user a translator by adding them to the translator group (the same way that you added a user to the contributor group). This means that they will be able to translate to any language.
* Instead of making the user a translator, which would allow them to translate to any language, add a language to which a user can translate. This means that they will be able to translate only to the specified language, and only those archival descriptions and authority records they are allowed to update. In this scenario, we will add the ability of the user to translate to Dutch.

Go to admin > users > "UserName". You should be in looking at the View user profile screen; if not, click Profile (to the left of Archival description permissions). Click Edit, then click on the blue "Access control" link. In allowed languages for translation, select Dutch. Click Save. The user will now be able to translate from any source language to Dutch. Note that the list of languages is derived from the languages added in the settings menu. See [[add/remove languages]]. Note also that you can add more languages from this list as needed.
</div>

== Scenario six: Remove the ability to view and download master digital objects ==

<div class="note">

Users belonging to the contributor group automatically inherit the ability to view and download master digital objects.

</div>

Go to admin > users > "UserName". Click on Archival description permissions. Click Edit. Under ''All archival descriptions'' next to Access master click Deny. Save the record. This will allow the user to view thumbnail and reference display copies of digital objects, but not to view or download the master objects. Note that if you do not wish to have any users belonging to the Contributor group viewing or downloading masters digital objects, deny permission for this activity at the level of the group - i.e. go to admin > groups > contributor and make the change at that level instead of the level of the individual user.

== Scenario seven: Add ability to create, update, and delete subject terms ==

<div class="note">

Users belonging to the contributor group do not automatically inherit the ability to create, update, and delete taxonomy terms. You can change these permissions for either the contributor group or an individual user. In this case, we will add the ability to create, update and delete subject terms to our individual user.

</div>

Go to admin > users > "UserName". Click on Taxonomy permissions (next to Authority record permissions). Click Edit. Click the blue link "Permissions by taxonomy", then click "Add taxonomy". Select Subjects as the taxonomy name from the auto-complete list. Next to Create, Update and Delete select Grant, then save the record. The user should now be able to create, update and delete subject terms but not other kinds of taxonomy terms.

[[Category:User manual]]

__NOTOC__

Edit permissions

2013-07-09T17:14:55Z

David: /* Scenario one: Allow the public to view and download master digital objects */ Use numbered list for instructions

[[Main Page]] > [[User manual]] > [[Administer]] > Edit permissions

<div class="note">
* You should have two or more archival institutions in your system, with several hierarchical descriptions attached and some digital objects uploaded, in order to fully test the scenarios on this page
* You can only modify the user's settings if you are logged in as an administrator. After completing the steps in each scenario, log out and log back in as the user you've been creating and modifying in order to see the results of your modifications
</div>

== Scenario one: Allow the public to view and download master digital objects ==

<div class="note">

The default permissions in '''ICA-AtoM''' prevent the public ("anonymous" group) from viewing or download master digital objects (e.g. original TIFF images, original video files, original audio files). By default the public ''can'' view the "reference" representation (e.g. derivative JPEG image, derivative flash video or audio file via in-browser flash player) and thumbnail version of any digital object.

</div>

[[Image:Allow access to master representation.png|300px|right|thumb|Fig.3 View permissions by repository.]]

This will allow the public to view or download the master objects in addition to viewing the thumbnail and reference display copies of digital objects.

# Click admin > groups > anonymous.
# Click the "Archival description permissions" tab.
# Click Edit
# Under ''All archival descriptions'' next to Access master click "Allow".
# Save the record.

<br style="clear:both" />

== Scenario two: In a multi-repository system, add a user who can create, update, edit, delete and publish archival descriptions belonging to one archival institution only (or whatever preferences the Administrator wants to set for the User) ==
<div class=clear fix>
<ol>

[[Image:singlerep_user01.png|300px|right|thumb|Fig.1. Leave group field blank. User automatically becomes an authenticated user.]]
<li> When refining user permissions you can begin by creating a User, but do not assign them to a unique User group. Leave this blank and it will automatically assign the User to the parent group of authenticated (which is all users who have successfully logged-in)(See fig.1)</li>
<br style="clear:both" />
[[Image:singlerep_user02.png|300px|right|thumb|Fig.2.View User permissions screen]]
<li>
In order to restrict permissions to descriptions of a particular institution, we need to go to Admin menu > Users. Select the User you want to restrict to specific repository permissions.(See fig.2)</li>
<br style="clear:both" />
[[Image:singlerep_user03.png|300px|right|thumb|Fig.3 View permissions by repository.]]
<li>Select information object permissions. Click Edit. Select Permissions by Repository and click Add Repository. Select Repository name from list. Click on Submit.(See fig.3)</li>
<br style="clear:both" />
[[Image:singlerep_user04.png|300px|right|thumb|Fig.4]]
<li>Click on the circles to Grant Permissions to read, create, update, delete, view draft, publish, access master and access reference.(See fig.4)</li>
<br style="clear:both" />
[[Image:singlerep_user05.png|300px|right|thumb|Fig.5 View permissions for User]]
<li>Click on Save.The Administrator can now view the User and their permissions in relation to a specific Repository.(See fig.5)</li>
<br style="clear:both" />
<li>To test your permissions, try logging out and logging back in as the user you created. You should be able to create, edit, delete and publish descriptions belonging to the specified institution only.If you want this User to have permissions to create, update and delete Authority Records and create, update and delete Taxonomies you must "grant" those as well.The default for authenticated group does not grant those permissions.</li>

</ol>
</div>

== Scenario three: Add user to the contributor group as an alternative approach ==

<div class="note">

When refining user permissions, it is often useful to start with the group to which the user belongs. You can refine permissions for the group, then add users to the group, all of whom will inherit the modified permissions. Any permission that has not been "granted" by the current group (e.g., contributor, editor) or its parent group (authenticated) is considered "denied" by default. In other words the default for the system is to deny permission unless a rule explicitly grants it.

In the main menu bar, go to admin > groups > contributor. Click on Archival description permissions in the grey menu above the title bar. Your screen will show the default "Grant" permissions for the contributor group - i.e. it shows you everything the user is permitted to do. The contributor group inherits some of its settings from its parent group, authenticated (which is all users who have successfully logged-in).

Click Edit. In the edit screen, you will get a better sense of the group's permission settings. The contributor has the following permissions:
* Read: Grant (inherited from authenticated group)
* Create: Grant
* Update: Grant
* Delete: Deny (default deny)
* View draft: Grant
* Publish: Deny (default deny)
* Access master digital object: Grant
* Access reference digital object: Grant (inherited from authenticated group).

In other words, any user belonging to the contributor group automatically has been ''granted'' the ability to read, create and update descriptions, view draft descriptions, and access digital objects. However, the user has been ''denied'' the ability to delete or publish descriptions.

</div>

== Scenario four: Remove the ability to create and update authority records ==
</div class="note">
Permissions for authority records can be refined in some of the same ways they can be refined for archival descriptions. In a multi-repository setting it may be desirable to prevent users from creating and/or updating authority records, because one authority record may be linked to archival descriptions belonging to more than one archival institution.

</div>

== Scenario five: Add the ability to translate to a specified language ==

<div class="note">
There are two ways to grant translate permissions to non-administrators:

* Make the user a translator by adding them to the translator group (the same way that you added a user to the contributor group). This means that they will be able to translate to any language.
* Instead of making the user a translator, which would allow them to translate to any language, add a language to which a user can translate. This means that they will be able to translate only to the specified language, and only those archival descriptions and authority records they are allowed to update. In this scenario, we will add the ability of the user to translate to Dutch.

Go to admin > users > "UserName". You should be in looking at the View user profile screen; if not, click Profile (to the left of Archival description permissions). Click Edit, then click on the blue "Access control" link. In allowed languages for translation, select Dutch. Click Save. The user will now be able to translate from any source language to Dutch. Note that the list of languages is derived from the languages added in the settings menu. See [[add/remove languages]]. Note also that you can add more languages from this list as needed.
</div>

== Scenario six: Remove the ability to view and download master digital objects ==

<div class="note">

Users belonging to the contributor group automatically inherit the ability to view and download master digital objects.

</div>

Go to admin > users > "UserName". Click on Archival description permissions. Click Edit. Under ''All archival descriptions'' next to Access master click Deny. Save the record. This will allow the user to view thumbnail and reference display copies of digital objects, but not to view or download the master objects. Note that if you do not wish to have any users belonging to the Contributor group viewing or downloading masters digital objects, deny permission for this activity at the level of the group - i.e. go to admin > groups > contributor and make the change at that level instead of the level of the individual user.

== Scenario seven: Add ability to create, update, and delete subject terms ==

<div class="note">

Users belonging to the contributor group do not automatically inherit the ability to create, update, and delete taxonomy terms. You can change these permissions for either the contributor group or an individual user. In this case, we will add the ability to create, update and delete subject terms to our individual user.

</div>

Go to admin > users > "UserName". Click on Taxonomy permissions (next to Authority record permissions). Click Edit. Click the blue link "Permissions by taxonomy", then click "Add taxonomy". Select Subjects as the taxonomy name from the auto-complete list. Next to Create, Update and Delete select Grant, then save the record. The user should now be able to create, update and delete subject terms but not other kinds of taxonomy terms.

[[Category:User manual]]

__NOTOC__

Edit permissions

2013-07-09T17:13:28Z

David: Add screenshot for /* Scenario one: Allow the public to view and download master digital objects */

[[Main Page]] > [[User manual]] > [[Administer]] > Edit permissions

<div class="note">
* You should have two or more archival institutions in your system, with several hierarchical descriptions attached and some digital objects uploaded, in order to fully test the scenarios on this page
* You can only modify the user's settings if you are logged in as an administrator. After completing the steps in each scenario, log out and log back in as the user you've been creating and modifying in order to see the results of your modifications
</div>

== Scenario one: Allow the public to view and download master digital objects ==

<div class="note">

The default permissions in '''ICA-AtoM''' prevent the public ("anonymous" group) from viewing or download master digital objects (e.g. original TIFF images, original video files, original audio files). By default the public ''can'' view the "reference" representation (e.g. derivative JPEG image, derivative flash video or audio file via in-browser flash player) and thumbnail version of any digital object.

</div>

[[Image:Allow access to master representation.png|300px|right|thumb|Fig.3 View permissions by repository.]]

Go to admin > groups > anonymous. Click on Archival description permissions. Click Edit. Under ''All archival descriptions'' next to Access master click "Allow". Save the record. This will allow the public to view or download the master objects in addition to viewing the thumbnail and reference display copies of digital objects.
<br style="clear:both" />

== Scenario two: In a multi-repository system, add a user who can create, update, edit, delete and publish archival descriptions belonging to one archival institution only (or whatever preferences the Administrator wants to set for the User) ==
<div class=clear fix>
<ol>

[[Image:singlerep_user01.png|300px|right|thumb|Fig.1. Leave group field blank. User automatically becomes an authenticated user.]]
<li> When refining user permissions you can begin by creating a User, but do not assign them to a unique User group. Leave this blank and it will automatically assign the User to the parent group of authenticated (which is all users who have successfully logged-in)(See fig.1)</li>
<br style="clear:both" />
[[Image:singlerep_user02.png|300px|right|thumb|Fig.2.View User permissions screen]]
<li>
In order to restrict permissions to descriptions of a particular institution, we need to go to Admin menu > Users. Select the User you want to restrict to specific repository permissions.(See fig.2)</li>
<br style="clear:both" />
[[Image:singlerep_user03.png|300px|right|thumb|Fig.3 View permissions by repository.]]
<li>Select information object permissions. Click Edit. Select Permissions by Repository and click Add Repository. Select Repository name from list. Click on Submit.(See fig.3)</li>
<br style="clear:both" />
[[Image:singlerep_user04.png|300px|right|thumb|Fig.4]]
<li>Click on the circles to Grant Permissions to read, create, update, delete, view draft, publish, access master and access reference.(See fig.4)</li>
<br style="clear:both" />
[[Image:singlerep_user05.png|300px|right|thumb|Fig.5 View permissions for User]]
<li>Click on Save.The Administrator can now view the User and their permissions in relation to a specific Repository.(See fig.5)</li>
<br style="clear:both" />
<li>To test your permissions, try logging out and logging back in as the user you created. You should be able to create, edit, delete and publish descriptions belonging to the specified institution only.If you want this User to have permissions to create, update and delete Authority Records and create, update and delete Taxonomies you must "grant" those as well.The default for authenticated group does not grant those permissions.</li>

</ol>
</div>

== Scenario three: Add user to the contributor group as an alternative approach ==

<div class="note">

When refining user permissions, it is often useful to start with the group to which the user belongs. You can refine permissions for the group, then add users to the group, all of whom will inherit the modified permissions. Any permission that has not been "granted" by the current group (e.g., contributor, editor) or its parent group (authenticated) is considered "denied" by default. In other words the default for the system is to deny permission unless a rule explicitly grants it.

In the main menu bar, go to admin > groups > contributor. Click on Archival description permissions in the grey menu above the title bar. Your screen will show the default "Grant" permissions for the contributor group - i.e. it shows you everything the user is permitted to do. The contributor group inherits some of its settings from its parent group, authenticated (which is all users who have successfully logged-in).

Click Edit. In the edit screen, you will get a better sense of the group's permission settings. The contributor has the following permissions:
* Read: Grant (inherited from authenticated group)
* Create: Grant
* Update: Grant
* Delete: Deny (default deny)
* View draft: Grant
* Publish: Deny (default deny)
* Access master digital object: Grant
* Access reference digital object: Grant (inherited from authenticated group).

In other words, any user belonging to the contributor group automatically has been ''granted'' the ability to read, create and update descriptions, view draft descriptions, and access digital objects. However, the user has been ''denied'' the ability to delete or publish descriptions.

</div>

== Scenario four: Remove the ability to create and update authority records ==
</div class="note">
Permissions for authority records can be refined in some of the same ways they can be refined for archival descriptions. In a multi-repository setting it may be desirable to prevent users from creating and/or updating authority records, because one authority record may be linked to archival descriptions belonging to more than one archival institution.

</div>

== Scenario five: Add the ability to translate to a specified language ==

<div class="note">
There are two ways to grant translate permissions to non-administrators:

* Make the user a translator by adding them to the translator group (the same way that you added a user to the contributor group). This means that they will be able to translate to any language.
* Instead of making the user a translator, which would allow them to translate to any language, add a language to which a user can translate. This means that they will be able to translate only to the specified language, and only those archival descriptions and authority records they are allowed to update. In this scenario, we will add the ability of the user to translate to Dutch.

Go to admin > users > "UserName". You should be in looking at the View user profile screen; if not, click Profile (to the left of Archival description permissions). Click Edit, then click on the blue "Access control" link. In allowed languages for translation, select Dutch. Click Save. The user will now be able to translate from any source language to Dutch. Note that the list of languages is derived from the languages added in the settings menu. See [[add/remove languages]]. Note also that you can add more languages from this list as needed.
</div>

== Scenario six: Remove the ability to view and download master digital objects ==

<div class="note">

Users belonging to the contributor group automatically inherit the ability to view and download master digital objects.

</div>

Go to admin > users > "UserName". Click on Archival description permissions. Click Edit. Under ''All archival descriptions'' next to Access master click Deny. Save the record. This will allow the user to view thumbnail and reference display copies of digital objects, but not to view or download the master objects. Note that if you do not wish to have any users belonging to the Contributor group viewing or downloading masters digital objects, deny permission for this activity at the level of the group - i.e. go to admin > groups > contributor and make the change at that level instead of the level of the individual user.

== Scenario seven: Add ability to create, update, and delete subject terms ==

<div class="note">

Users belonging to the contributor group do not automatically inherit the ability to create, update, and delete taxonomy terms. You can change these permissions for either the contributor group or an individual user. In this case, we will add the ability to create, update and delete subject terms to our individual user.

</div>

Go to admin > users > "UserName". Click on Taxonomy permissions (next to Authority record permissions). Click Edit. Click the blue link "Permissions by taxonomy", then click "Add taxonomy". Select Subjects as the taxonomy name from the auto-complete list. Next to Create, Update and Delete select Grant, then save the record. The user should now be able to create, update and delete subject terms but not other kinds of taxonomy terms.

[[Category:User manual]]

__NOTOC__

File:Allow access to master representation.png

2013-07-09T17:11:49Z

David: Screenshot of administrator interface, highlighting ability to allow public (anonymous) users to view and download "master" representation (orginal file uploaded) of digital objects.

Screenshot of administrator interface, highlighting ability to allow public (anonymous) users to view and download "master" representation (orginal file uploaded) of digital objects.

Edit permissions

2013-07-09T17:05:15Z

David: Add /* Scenario one: Allow the public to view and download master digital objects */

[[Main Page]] > [[User manual]] > [[Administer]] > Edit permissions

<div class="note">
* You should have two or more archival institutions in your system, with several hierarchical descriptions attached and some digital objects uploaded, in order to fully test the scenarios on this page
* You can only modify the user's settings if you are logged in as an administrator. After completing the steps in each scenario, log out and log back in as the user you've been creating and modifying in order to see the results of your modifications
</div>

== Scenario one: Allow the public to view and download master digital objects ==

<div class="note">

The default permissions in '''ICA-AtoM''' prevent the public ("anonymous" group) from viewing or download master digital objects (e.g. original TIFF images, original video files, original audio files). By default the public ''can'' view the "reference" representation (e.g. derivative JPEG image, derivative flash video or audio file via in-browser flash player) and thumbnail version of any digital object.

</div>

Go to admin > groups > anonymous. Click on Archival description permissions. Click Edit. Under ''All archival descriptions'' next to Access master click "Allow". Save the record. This will allow the public to view or download the master objects in addition to viewing the thumbnail and reference display copies of digital objects.

== Scenario two: In a multi-repository system, add a user who can create, update, edit, delete and publish archival descriptions belonging to one archival institution only (or whatever preferences the Administrator wants to set for the User) ==
<div class=clear fix>
<ol>

[[Image:singlerep_user01.png|300px|right|thumb|Fig.1. Leave group field blank. User automatically becomes an authenticated user.]]
<li> When refining user permissions you can begin by creating a User, but do not assign them to a unique User group. Leave this blank and it will automatically assign the User to the parent group of authenticated (which is all users who have successfully logged-in)(See fig.1)</li>
<br style="clear:both" />
[[Image:singlerep_user02.png|300px|right|thumb|Fig.2.View User permissions screen]]
<li>
In order to restrict permissions to descriptions of a particular institution, we need to go to Admin menu > Users. Select the User you want to restrict to specific repository permissions.(See fig.2)</li>
<br style="clear:both" />
[[Image:singlerep_user03.png|300px|right|thumb|Fig.3 View permissions by repository.]]
<li>Select information object permissions. Click Edit. Select Permissions by Repository and click Add Repository. Select Repository name from list. Click on Submit.(See fig.3)</li>
<br style="clear:both" />
[[Image:singlerep_user04.png|300px|right|thumb|Fig.4]]
<li>Click on the circles to Grant Permissions to read, create, update, delete, view draft, publish, access master and access reference.(See fig.4)</li>
<br style="clear:both" />
[[Image:singlerep_user05.png|300px|right|thumb|Fig.5 View permissions for User]]
<li>Click on Save.The Administrator can now view the User and their permissions in relation to a specific Repository.(See fig.5)</li>
<br style="clear:both" />
<li>To test your permissions, try logging out and logging back in as the user you created. You should be able to create, edit, delete and publish descriptions belonging to the specified institution only.If you want this User to have permissions to create, update and delete Authority Records and create, update and delete Taxonomies you must "grant" those as well.The default for authenticated group does not grant those permissions.</li>

</ol>
</div>

== Scenario three: Add user to the contributor group as an alternative approach ==

<div class="note">

When refining user permissions, it is often useful to start with the group to which the user belongs. You can refine permissions for the group, then add users to the group, all of whom will inherit the modified permissions. Any permission that has not been "granted" by the current group (e.g., contributor, editor) or its parent group (authenticated) is considered "denied" by default. In other words the default for the system is to deny permission unless a rule explicitly grants it.

In the main menu bar, go to admin > groups > contributor. Click on Archival description permissions in the grey menu above the title bar. Your screen will show the default "Grant" permissions for the contributor group - i.e. it shows you everything the user is permitted to do. The contributor group inherits some of its settings from its parent group, authenticated (which is all users who have successfully logged-in).

Click Edit. In the edit screen, you will get a better sense of the group's permission settings. The contributor has the following permissions:
* Read: Grant (inherited from authenticated group)
* Create: Grant
* Update: Grant
* Delete: Deny (default deny)
* View draft: Grant
* Publish: Deny (default deny)
* Access master digital object: Grant
* Access reference digital object: Grant (inherited from authenticated group).

In other words, any user belonging to the contributor group automatically has been ''granted'' the ability to read, create and update descriptions, view draft descriptions, and access digital objects. However, the user has been ''denied'' the ability to delete or publish descriptions.

</div>

== Scenario four: Remove the ability to create and update authority records ==
</div class="note">
Permissions for authority records can be refined in some of the same ways they can be refined for archival descriptions. In a multi-repository setting it may be desirable to prevent users from creating and/or updating authority records, because one authority record may be linked to archival descriptions belonging to more than one archival institution.

</div>

== Scenario five: Add the ability to translate to a specified language ==

<div class="note">
There are two ways to grant translate permissions to non-administrators:

* Make the user a translator by adding them to the translator group (the same way that you added a user to the contributor group). This means that they will be able to translate to any language.
* Instead of making the user a translator, which would allow them to translate to any language, add a language to which a user can translate. This means that they will be able to translate only to the specified language, and only those archival descriptions and authority records they are allowed to update. In this scenario, we will add the ability of the user to translate to Dutch.

Go to admin > users > "UserName". You should be in looking at the View user profile screen; if not, click Profile (to the left of Archival description permissions). Click Edit, then click on the blue "Access control" link. In allowed languages for translation, select Dutch. Click Save. The user will now be able to translate from any source language to Dutch. Note that the list of languages is derived from the languages added in the settings menu. See [[add/remove languages]]. Note also that you can add more languages from this list as needed.
</div>

== Scenario six: Remove the ability to view and download master digital objects ==

<div class="note">

Users belonging to the contributor group automatically inherit the ability to view and download master digital objects.

</div>

Go to admin > users > "UserName". Click on Archival description permissions. Click Edit. Under ''All archival descriptions'' next to Access master click Deny. Save the record. This will allow the user to view thumbnail and reference display copies of digital objects, but not to view or download the master objects. Note that if you do not wish to have any users belonging to the Contributor group viewing or downloading masters digital objects, deny permission for this activity at the level of the group - i.e. go to admin > groups > contributor and make the change at that level instead of the level of the individual user.

== Scenario seven: Add ability to create, update, and delete subject terms ==

<div class="note">

Users belonging to the contributor group do not automatically inherit the ability to create, update, and delete taxonomy terms. You can change these permissions for either the contributor group or an individual user. In this case, we will add the ability to create, update and delete subject terms to our individual user.

</div>

Go to admin > users > "UserName". Click on Taxonomy permissions (next to Authority record permissions). Click Edit. Click the blue link "Permissions by taxonomy", then click "Add taxonomy". Select Subjects as the taxonomy name from the auto-complete list. Next to Create, Update and Delete select Grant, then save the record. The user should now be able to create, update and delete subject terms but not other kinds of taxonomy terms.

[[Category:User manual]]

__NOTOC__

Global settings

2013-06-06T18:03:15Z

David: Move first screenshot so it appears at top right of page

[[Image:globalSettings.png|500px|right|thumb|Edit global settings]]

[[Main Page]] > [[User manual]] > [[Administer]] > [[Settings]] > Global settings

Global settings allow [[Glossary#Administrator|administrators]] to control certain aspects of how ICA-AtoM appears and behaves.

# Click the "Admin > Settings" menu
# Click the "Global" [[Glossary#Information area|information area]] to display global settings

== Application version ==

This field shows the current version of the software.

The value is pre-set, ships with the application, and cannot be edited.

The version number is automatically updated when you upgrade ICA-AtoM to a newer release.

== Check for updates ==

If yes is selected, an administrator will automatically receive a notification if a newer version of the software has been released.

<div class="clearfix">

== Maximum image width (pixels) ==

[[Image:imageWidth.png|500px|right|thumb|Archival description view page showing reference display copy]]

One of ICA-AtoM's design assumptions is that the display dimensions of files users upload typically will be too large to fit into the [[Glossary#View page|view page]] for an [[Glossary#Archival description|archival description]]. Therefore, when you upload a file, ICA-AtoM creates a [[Glossary#Reference display copy|reference display copy]] for displaying in the [[Glossary#View page|view page]].

ICA-AtoM ships with a default setting specifying the maximum width of the [[Glossary#Reference display copy|reference display copy]] at 480 pixels. This is the optimized width given ICA-AtoM's [[Glossary#Field|field]] width. [[Glossary#Administrator|Administrators]], however, can increase or decrease the maximum reference image width to suit the requirements of their institution or [[Glossary#Network|network]].

</div>

<div class="clearfix">

== Results per page ==

By default, ICA-AtoM lists objects in list pages and [[Page types#Search results|search results]] ten at a time, with a pager at the bottom of the page to allow users to navigate through long lists of objects.

[[Glossary#Administrator|Administrators]] can increase or decrease this default number.

</div>

== Accession mask ==

By default, ICA-AtoM creates the accession record identifier as a unique number compiled from [YEAR MONTH DAY Incremental#]

== Accession counter ==

ICA-AtoM provides you with the number of accessions created. If you delete an accession, it will still be included in the Accession counter total value.

== Inherit reference code (information object) ==

When this is set to "yes", the reference code string will be built using the [[Glossary#Archival description|archival description]] identifier plus the identifier of all its ancestors ([[Glossary#Parent record|parent records]]). For more information about how the reference code works, see [[ISAD#Reference_code|Reference code]].

== Sort tree view (information object) ==

This setting determines how lower-level descriptions are sorted in an [[Glossary#Archival description|archival description's]] [[Glossary#Context menu|context menu]].

Selecting "manual" means the descriptions will appear in the order in which they were entered into ICA-AtoM.

Selecting "title" sorts the descriptions by title.

Selecting "identifier - title" sorts the descriptions by identifier, then by title.

== Sort Browser (users) ==

Admin can configure default sort order for the browse display as either "alphabetic" or "last updated" for logged-in users

== Sort Browse (anonymous) ==

Admin can configure default sort order for the browse display as either, "alphabetic" or "last updated" for public users (e.g., not logged-in)

== Multiple repositories ==

Select Yes if your ICA-AtoM application is acting as a union list or portal for descriptions of materials held at more than one archival institution or repository.

The repository will appear as a column on the Browse archival descriptions page.

The repository will appear as a link in the [[Glossary#Context menu|context menu]].

Select No if your ICA-AtoM application is being used only by a single institution.

The [[Glossary#Creator|creator]] rather than the repository will now appear as a column on the list archival description page.

No repository link will appear in the [[Glossary#Context menu|context menu]].

== Default upload limit [GB] ==

-1 is the value for unlimited upload. This setting can be modified by the Administrator

== Upload multi-page files as multiple descriptions ==

Select yes if you would like each page of a multi-page file to be attached to a separate child-level description. For example, a PDF file with 10 pages uploaded to a description would result in 10 individual descriptions, one for each page in the file.

Select, no if you would like one multi-page file to be attached to a single description.

== Show Tooltips ==

Select yes to to have [[Glossary#Tooltips|tooltips]] appear in [[Glossary#edit page|edit pages]] as the user enters data. issue 2338

== Default publication status ==

This setting determines whether new [[Glossary#Archival description|archival descriptions]] will automatically appear as [[Glossary#Draft record|draft records]] or [[Glossary#Published|published records]]. Note that this setting also affects imported descriptions.

== Sword deposit directory ==

In 1.3 release, the Sword deposit directory is being used to support packages deposited by [https://www.archivematica.org/wiki/Main_Page Archivematica] into ICA-AtoM. (In future releases we will use this protocol to interact with other systems.) Developers interested learning more about Sword can visit the Qubit-toolkit: [https://www.qubit-toolkit.org/wiki/SWORD#Packaging_formats_supported wiki page on Sword]

[[Category:User manual]]

Global settings

2013-06-06T17:59:38Z

David: Enable TOC instead of manually listing all settings

[[Main Page]] > [[User manual]] > [[Administer]] > [[Settings]] > Global settings

Global settings allow [[Glossary#Administrator|administrators]] to control certain aspects of how ICA-AtoM appears and behaves.

# Click the "Admin > Settings" menu
# Click the "Global" [[Glossary#Information area|information area]] to display global settings

[[Image:globalSettings.png|500px|right|thumb|Edit global settings]]

== Application version ==

This field shows the current version of the software.

The value is pre-set, ships with the application, and cannot be edited.

The version number is automatically updated when you upgrade ICA-AtoM to a newer release.

== Check for updates ==

If yes is selected, an administrator will automatically receive a notification if a newer version of the software has been released.

</div>

<div class="clearfix">

== Maximum image width (pixels) ==

[[Image:imageWidth.png|500px|right|thumb|Archival description view page showing reference display copy]]

One of ICA-AtoM's design assumptions is that the display dimensions of files users upload typically will be too large to fit into the [[Glossary#View page|view page]] for an [[Glossary#Archival description|archival description]]. Therefore, when you upload a file, ICA-AtoM creates a [[Glossary#Reference display copy|reference display copy]] for displaying in the [[Glossary#View page|view page]].

ICA-AtoM ships with a default setting specifying the maximum width of the [[Glossary#Reference display copy|reference display copy]] at 480 pixels. This is the optimized width given ICA-AtoM's [[Glossary#Field|field]] width. [[Glossary#Administrator|Administrators]], however, can increase or decrease the maximum reference image width to suit the requirements of their institution or [[Glossary#Network|network]].

</div>

<div class="clearfix">

== Results per page ==

By default, ICA-AtoM lists objects in list pages and [[Page types#Search results|search results]] ten at a time, with a pager at the bottom of the page to allow users to navigate through long lists of objects.

[[Glossary#Administrator|Administrators]] can increase or decrease this default number.

</div>

== Accession mask ==

By default, ICA-AtoM creates the accession record identifier as a unique number compiled from [YEAR MONTH DAY Incremental#]

== Accession counter ==

ICA-AtoM provides you with the number of accessions created. If you delete an accession, it will still be included in the Accession counter total value.

== Inherit reference code (information object) ==

When this is set to "yes", the reference code string will be built using the [[Glossary#Archival description|archival description]] identifier plus the identifier of all its ancestors ([[Glossary#Parent record|parent records]]). For more information about how the reference code works, see [[ISAD#Reference_code|Reference code]].

== Sort tree view (information object) ==

This setting determines how lower-level descriptions are sorted in an [[Glossary#Archival description|archival description's]] [[Glossary#Context menu|context menu]].

Selecting "manual" means the descriptions will appear in the order in which they were entered into ICA-AtoM.

Selecting "title" sorts the descriptions by title.

Selecting "identifier - title" sorts the descriptions by identifier, then by title.

== Sort Browser (users) ==

Admin can configure default sort order for the browse display as either "alphabetic" or "last updated" for logged-in users

== Sort Browse (anonymous) ==

Admin can configure default sort order for the browse display as either, "alphabetic" or "last updated" for public users (e.g., not logged-in)

== Multiple repositories ==

Select Yes if your ICA-AtoM application is acting as a union list or portal for descriptions of materials held at more than one archival institution or repository.

The repository will appear as a column on the Browse archival descriptions page.

The repository will appear as a link in the [[Glossary#Context menu|context menu]].

Select No if your ICA-AtoM application is being used only by a single institution.

The [[Glossary#Creator|creator]] rather than the repository will now appear as a column on the list archival description page.

No repository link will appear in the [[Glossary#Context menu|context menu]].

== Default upload limit [GB] ==

-1 is the value for unlimited upload. This setting can be modified by the Administrator

== Upload multi-page files as multiple descriptions ==

Select yes if you would like each page of a multi-page file to be attached to a separate child-level description. For example, a PDF file with 10 pages uploaded to a description would result in 10 individual descriptions, one for each page in the file.

Select, no if you would like one multi-page file to be attached to a single description.

== Show Tooltips ==

Select yes to to have [[Glossary#Tooltips|tooltips]] appear in [[Glossary#edit page|edit pages]] as the user enters data. issue 2338

== Default publication status ==

This setting determines whether new [[Glossary#Archival description|archival descriptions]] will automatically appear as [[Glossary#Draft record|draft records]] or [[Glossary#Published|published records]]. Note that this setting also affects imported descriptions.

== Sword deposit directory ==

In 1.3 release, the Sword deposit directory is being used to support packages deposited by [https://www.archivematica.org/wiki/Main_Page Archivematica] into ICA-AtoM. (In future releases we will use this protocol to interact with other systems.) Developers interested learning more about Sword can visit the Qubit-toolkit: [https://www.qubit-toolkit.org/wiki/SWORD#Packaging_formats_supported wiki page on Sword]

[[Category:User manual]]

Release 1.4

2013-05-14T16:55:31Z

David: /* Features */ Add <dao> support

[[Main Page]] > Releases > Release 1.4

== Schedule ==

* Send XLIFFs to translators:
* Deadline for submitting translations:
* Code freeze:
* Public release: 2013

== Features ==

* enhance Archivematica integration
* EAC / SKOS fixes
* EAD roundtripping
* EAD <dao> support
* OAI-PMH fixes
* DC roundtripping [https://projects.artefactual.com/issues/4451 4451] Dublin Core.XML export not using ISO language code
* Criticals:
** [https://projects.artefactual.com/issues/4504 4504] searching date field using [] causes server error
** [https://projects.artefactual.com/issues/4408 4408] Export EAD with biog/history causing fatal error
** [https://projects.artefactual.com/issues/552 552] Translation bar is not shown as expected
** [https://projects.artefactual.com/issues/4273 4273] Error message from installer checks

See [http://bit.ly/VG3Y1E AccesstoMemory Issues List] for a full review of bugs, features and tasks slated for 1.4 ICA-AtoM.

[[Category:Releases]]

Site logo

2012-11-08T00:13:23Z

David: Linkage for PNG

[[Main Page]] > [[User manual]] > [[Administer]] > Site logo

Changing the [[Glossary#Site logo|site logo]] must be done by a system administrator who has access to the the ICA-AtoM application files on your web server. Replace the file <code>image/logo.png</code> in the AtoM root directory with the logo for you site. The logo file must be in [http://en.wikipedia.org/wiki/Portable_Network_Graphics "Portable Network Graphics" (PNG)] format and it must be called "logo.png".

Site logo

2012-11-08T00:12:42Z

David: expand PNG

[[Main Page]] > [[User manual]] > [[Administer]] > Site logo

Changing the [[Glossary#Site logo|site logo]] must be done by a system administrator who has access to the the ICA-AtoM application files on your web server. Replace the file <code>image/logo.png</code> in the AtoM root directory with the logo for you site. The logo file must be in "Portable Network Graphics" (PNG) format and it must be called "logo.png".

Site logo

2012-11-08T00:10:51Z

David: Remove deployement logo information, which only applies to our hosted sites

[[Main Page]] > [[User manual]] > [[Administer]] > Site logo

Changes to the [[Glossary#Site logo|site logo]] will have to be done by a system administrator who has access to the the ICA-AtoM application files on your web server. Replace the file <code>image/logo.png</code> in the AtoM root directory with the logo for you site. The logo file must be a png file and it must be called "logo.png".

Security

2012-08-29T22:23:08Z

David: /* General PHP recommendations */ remove duplicate "register_globals" line

[[Main Page]] > [[Administrator manual]] > Security

'''AtoM''' implements current web application best practice for '''Security''', but creating a fully secure system requires secure practices to be observed at three levels:

# Web application (AtoM) security
# Client-side (web browser) security
# Server-side security

== Application security ==

'''AtoM''''s built-in security features include:
* User passwords are hashed using the [http://en.wikipedia.org/wiki/SHA-1 SHA-1] hashing algorithm with a randomly generated [http://en.wikipedia.org/wiki/Salt_%28cryptography%29 salt]
* Protection against [http://en.wikipedia.org/wiki/SQL_injection SQL Injection] attacks via the [http://php.net/manual/en/book.pdo.php PHP PDO] database interface

=== Security settings in ICA-AtoM ===

In [[Release 1.3]] three new security settings were added to '''AtoM''':

* '''require_ssl_admin''': see [[Qubit:TLS|TLS]] for more details

* '''require_strong_passwords''': enhance login validation to force use of strong passwords. At least 8 characters long, contains characters from 3 of the following classes:
*# Upper case letters
*# Lower case letters
*# Numbers
*# Special characters

* '''limit_admin_ip''': limit incoming requests for all administrator functionality to an IP address IP range. Two examples:
*# 192.168.0.1
*# 192.168.0.1-192.168.0.255

These options are changeable under the settings page. You must be an administrator.

Options 'require_ssl_admin' and 'limit_admin_ip' can be bypassed using the [[Qubit:Debug mode|Debug mode]], which can only be accessed via the server's loopback interface in the default configuration.

== Client security ==

User authentication is cookie based, so privileged users should restrict access to a trusted network (e.g. internal LAN or encrypted WiFi network) or use [http://en.wikipedia.org/wiki/Transport_Layer_Security Transport Layer Security (TLS)] to prevent [http://en.wikipedia.org/wiki/Session_hijacking Session hijacking]. See the ''require_ssl_admin'' setting above which allows forcing privileged users to use TLS access ([[Release 1.3]] and later).

== Server security ==

Because '''AtoM''' is a web application, it is necessary to adequately secure the web server against attacks, both at the operating system (e.g. Windows, Mac OS X, Ubuntu Linux) and web server application (e.g. Apache, IIS, nginx) level. The web server environment should be configured by an experienced systems administrator in accordance with current "best practice" standards. See the [[Qubit:Security|Qubit Toolkit Security]] documentation for more information about sensitive files within '''AtoM''' that may require extra protection.

=== Stay up to date ===

The most important security step you can take is to keep your software up to date.

We recommend our users to subscribe to the [http://groups.google.ca/group/ica-atom-users ICA-AtoM mailing list]. New version announcements are always sent to the list.

Don't forget to also keep up with updates to Apache, PHP, MySQL, and any other software running on your servers – both the operating system and other web applications.

=== General PHP recommendations ===

These bits of advice go for pretty much any PHP environment, and are not necessarily specific to ICA-AtoM.

PHP configuration recommendations, for php.ini or set otherwise:

* Disable [http://php.net/register_globals register_globals].
* Unless you require it specifically, disable [http://php.net/manual/en/filesystem.configuration.php#ini.allow-url-fopen allow_url_fopen].
* Set [http://php.net/session session.use_trans_sid] off.

=== General MySQL recommendations ===

In general, you should keep access to your MySQL database to a minimum. If it will only be used from the single machine it's running on, consider disabling networking support, or enabling local networking access only (via the loopback device, see below), so the server can only communicate with local clients over Unix domain sockets.

If it will be used over a network with a limited number of client machines, consider setting the IP firewall rules to accept access to TCP port 3306 (MySQL's port) only from those machines or only from your local subnet, and reject all accesses from the larger internet. This can help prevent accidentally opening access to your server due to some unknown flaw in MySQL, a mistakenly set overbroad GRANT, or a leaked password.

=== Upload security ===

The main concern is: How do we prevent users from uploading malicious files?

User uploads have several implications for security:
* The directory may have to be world-writable, or else owned by the web server's limited user account. On a multiuser system it may be possible for other local users to slip malicious files into your upload directory.
* While PHP's configuration sets a filesize limit on individual uploads, ICA-AtoM doesn't set any limit on total uploads. A malicious (or overzealous) visitor could fill up a disk partition by uploading a lot of files.

Our advice is to disable server-side execution of PHP scripts (and any other scripting types you may have) in the uploads directory (/uploads).

For instance, the following code for Apache/mod_php will do the trick:

<pre>
<Directory "/var/www/icaatom/uploads">
# Ignore .htaccess files
AllowOverride None

# Serve HTML as plaintext, don't execute SHTML
AddType text/plain .html .htm .shtml .php

# Don't run arbitrary PHP code.
php_admin_flag engine off

# If you've other scripting languages, disable them too.
</Directory>
</pre>

<hr />
This document is partially based on the excellent [http://www.mediawiki.org/wiki/Manual:Security MediaWiki security page], it is strongly recommended to read that too.

Security

2012-08-29T22:21:57Z

David: /* Application security */

[[Main Page]] > [[Administrator manual]] > Security

'''AtoM''' implements current web application best practice for '''Security''', but creating a fully secure system requires secure practices to be observed at three levels:

# Web application (AtoM) security
# Client-side (web browser) security
# Server-side security

== Application security ==

'''AtoM''''s built-in security features include:
* User passwords are hashed using the [http://en.wikipedia.org/wiki/SHA-1 SHA-1] hashing algorithm with a randomly generated [http://en.wikipedia.org/wiki/Salt_%28cryptography%29 salt]
* Protection against [http://en.wikipedia.org/wiki/SQL_injection SQL Injection] attacks via the [http://php.net/manual/en/book.pdo.php PHP PDO] database interface

=== Security settings in ICA-AtoM ===

In [[Release 1.3]] three new security settings were added to '''AtoM''':

* '''require_ssl_admin''': see [[Qubit:TLS|TLS]] for more details

* '''require_strong_passwords''': enhance login validation to force use of strong passwords. At least 8 characters long, contains characters from 3 of the following classes:
*# Upper case letters
*# Lower case letters
*# Numbers
*# Special characters

* '''limit_admin_ip''': limit incoming requests for all administrator functionality to an IP address IP range. Two examples:
*# 192.168.0.1
*# 192.168.0.1-192.168.0.255

These options are changeable under the settings page. You must be an administrator.

Options 'require_ssl_admin' and 'limit_admin_ip' can be bypassed using the [[Qubit:Debug mode|Debug mode]], which can only be accessed via the server's loopback interface in the default configuration.

== Client security ==

User authentication is cookie based, so privileged users should restrict access to a trusted network (e.g. internal LAN or encrypted WiFi network) or use [http://en.wikipedia.org/wiki/Transport_Layer_Security Transport Layer Security (TLS)] to prevent [http://en.wikipedia.org/wiki/Session_hijacking Session hijacking]. See the ''require_ssl_admin'' setting above which allows forcing privileged users to use TLS access ([[Release 1.3]] and later).

== Server security ==

Because '''AtoM''' is a web application, it is necessary to adequately secure the web server against attacks, both at the operating system (e.g. Windows, Mac OS X, Ubuntu Linux) and web server application (e.g. Apache, IIS, nginx) level. The web server environment should be configured by an experienced systems administrator in accordance with current "best practice" standards. See the [[Qubit:Security|Qubit Toolkit Security]] documentation for more information about sensitive files within '''AtoM''' that may require extra protection.

=== Stay up to date ===

The most important security step you can take is to keep your software up to date.

We recommend our users to subscribe to the [http://groups.google.ca/group/ica-atom-users ICA-AtoM mailing list]. New version announcements are always sent to the list.

Don't forget to also keep up with updates to Apache, PHP, MySQL, and any other software running on your servers – both the operating system and other web applications.

=== General PHP recommendations ===

These bits of advice go for pretty much any PHP environment, and are not necessarily specific to ICA-AtoM.

PHP configuration recommendations, for php.ini or set otherwise:

* Disable [http://php.net/register_globals register_globals].
* Unless you require it specifically, disable [http://php.net/manual/en/filesystem.configuration.php#ini.allow-url-fopen allow_url_fopen].
* Set [http://php.net/session session.use_trans_sid] off.
* Make sure that register_globals is off.

=== General MySQL recommendations ===

In general, you should keep access to your MySQL database to a minimum. If it will only be used from the single machine it's running on, consider disabling networking support, or enabling local networking access only (via the loopback device, see below), so the server can only communicate with local clients over Unix domain sockets.

If it will be used over a network with a limited number of client machines, consider setting the IP firewall rules to accept access to TCP port 3306 (MySQL's port) only from those machines or only from your local subnet, and reject all accesses from the larger internet. This can help prevent accidentally opening access to your server due to some unknown flaw in MySQL, a mistakenly set overbroad GRANT, or a leaked password.

=== Upload security ===

The main concern is: How do we prevent users from uploading malicious files?

User uploads have several implications for security:
* The directory may have to be world-writable, or else owned by the web server's limited user account. On a multiuser system it may be possible for other local users to slip malicious files into your upload directory.
* While PHP's configuration sets a filesize limit on individual uploads, ICA-AtoM doesn't set any limit on total uploads. A malicious (or overzealous) visitor could fill up a disk partition by uploading a lot of files.

Our advice is to disable server-side execution of PHP scripts (and any other scripting types you may have) in the uploads directory (/uploads).

For instance, the following code for Apache/mod_php will do the trick:

<pre>
<Directory "/var/www/icaatom/uploads">
# Ignore .htaccess files
AllowOverride None

# Serve HTML as plaintext, don't execute SHTML
AddType text/plain .html .htm .shtml .php

# Don't run arbitrary PHP code.
php_admin_flag engine off

# If you've other scripting languages, disable them too.
</Directory>
</pre>

<hr />
This document is partially based on the excellent [http://www.mediawiki.org/wiki/Manual:Security MediaWiki security page], it is strongly recommended to read that too.

Security

2012-08-29T22:21:28Z

David:

[[Main Page]] > [[Administrator manual]] > Security

'''AtoM''' implements current web application best practice for '''Security''', but creating a fully secure system requires secure practices to be observed at three levels:

# Web application (AtoM) security
# Client-side (web browser) security
# Server-side security

== Application security ==

AtoM's built-in security features include:
* User passwords are hashed using the [http://en.wikipedia.org/wiki/SHA-1 SHA-1] hashing algorithm with a randomly generated [http://en.wikipedia.org/wiki/Salt_%28cryptography%29 salt]
* Protection against [http://en.wikipedia.org/wiki/SQL_injection SQL Injection] attacks via the [http://php.net/manual/en/book.pdo.php PHP PDO] database interface

=== Security settings in ICA-AtoM ===

In [[Release 1.3]] three new security settings were added to '''AtoM''':

* '''require_ssl_admin''': see [[Qubit:TLS|TLS]] for more details

* '''require_strong_passwords''': enhance login validation to force use of strong passwords. At least 8 characters long, contains characters from 3 of the following classes:
*# Upper case letters
*# Lower case letters
*# Numbers
*# Special characters

* '''limit_admin_ip''': limit incoming requests for all administrator functionality to an IP address IP range. Two examples:
*# 192.168.0.1
*# 192.168.0.1-192.168.0.255

These options are changeable under the settings page. You must be an administrator.

Options 'require_ssl_admin' and 'limit_admin_ip' can be bypassed using the [[Qubit:Debug mode|Debug mode]], which can only be accessed via the server's loopback interface in the default configuration.

== Client security ==

User authentication is cookie based, so privileged users should restrict access to a trusted network (e.g. internal LAN or encrypted WiFi network) or use [http://en.wikipedia.org/wiki/Transport_Layer_Security Transport Layer Security (TLS)] to prevent [http://en.wikipedia.org/wiki/Session_hijacking Session hijacking]. See the ''require_ssl_admin'' setting above which allows forcing privileged users to use TLS access ([[Release 1.3]] and later).

== Server security ==

Because '''AtoM''' is a web application, it is necessary to adequately secure the web server against attacks, both at the operating system (e.g. Windows, Mac OS X, Ubuntu Linux) and web server application (e.g. Apache, IIS, nginx) level. The web server environment should be configured by an experienced systems administrator in accordance with current "best practice" standards. See the [[Qubit:Security|Qubit Toolkit Security]] documentation for more information about sensitive files within '''AtoM''' that may require extra protection.

=== Stay up to date ===

The most important security step you can take is to keep your software up to date.

We recommend our users to subscribe to the [http://groups.google.ca/group/ica-atom-users ICA-AtoM mailing list]. New version announcements are always sent to the list.

Don't forget to also keep up with updates to Apache, PHP, MySQL, and any other software running on your servers – both the operating system and other web applications.

=== General PHP recommendations ===

These bits of advice go for pretty much any PHP environment, and are not necessarily specific to ICA-AtoM.

PHP configuration recommendations, for php.ini or set otherwise:

* Disable [http://php.net/register_globals register_globals].
* Unless you require it specifically, disable [http://php.net/manual/en/filesystem.configuration.php#ini.allow-url-fopen allow_url_fopen].
* Set [http://php.net/session session.use_trans_sid] off.
* Make sure that register_globals is off.

=== General MySQL recommendations ===

In general, you should keep access to your MySQL database to a minimum. If it will only be used from the single machine it's running on, consider disabling networking support, or enabling local networking access only (via the loopback device, see below), so the server can only communicate with local clients over Unix domain sockets.

If it will be used over a network with a limited number of client machines, consider setting the IP firewall rules to accept access to TCP port 3306 (MySQL's port) only from those machines or only from your local subnet, and reject all accesses from the larger internet. This can help prevent accidentally opening access to your server due to some unknown flaw in MySQL, a mistakenly set overbroad GRANT, or a leaked password.

=== Upload security ===

The main concern is: How do we prevent users from uploading malicious files?

User uploads have several implications for security:
* The directory may have to be world-writable, or else owned by the web server's limited user account. On a multiuser system it may be possible for other local users to slip malicious files into your upload directory.
* While PHP's configuration sets a filesize limit on individual uploads, ICA-AtoM doesn't set any limit on total uploads. A malicious (or overzealous) visitor could fill up a disk partition by uploading a lot of files.

Our advice is to disable server-side execution of PHP scripts (and any other scripting types you may have) in the uploads directory (/uploads).

For instance, the following code for Apache/mod_php will do the trick:

<pre>
<Directory "/var/www/icaatom/uploads">
# Ignore .htaccess files
AllowOverride None

# Serve HTML as plaintext, don't execute SHTML
AddType text/plain .html .htm .shtml .php

# Don't run arbitrary PHP code.
php_admin_flag engine off

# If you've other scripting languages, disable them too.
</Directory>
</pre>

<hr />
This document is partially based on the excellent [http://www.mediawiki.org/wiki/Manual:Security MediaWiki security page], it is strongly recommended to read that too.

Security

2012-08-29T22:21:02Z

David: /* Security settings in ICA-AtoM */

[[Main Page]] > [[Administrator manual]] > Security

'''AtoM''' implements current web application best practice for '''Security''', but creating a fully secure system requires secure practices to be observed at three levels:

# web application (AtoM) security
# client-side (web browser) security
# server-side security

== Application security ==

AtoM's built-in security features include:
* User passwords are hashed using the [http://en.wikipedia.org/wiki/SHA-1 SHA-1] hashing algorithm with a randomly generated [http://en.wikipedia.org/wiki/Salt_%28cryptography%29 salt]
* Protection against [http://en.wikipedia.org/wiki/SQL_injection SQL Injection] attacks via the [http://php.net/manual/en/book.pdo.php PHP PDO] database interface

=== Security settings in ICA-AtoM ===

In [[Release 1.3]] three new security settings were added to '''AtoM''':

* '''require_ssl_admin''': see [[Qubit:TLS|TLS]] for more details

* '''require_strong_passwords''': enhance login validation to force use of strong passwords. At least 8 characters long, contains characters from 3 of the following classes:
*# Upper case letters
*# Lower case letters
*# Numbers
*# Special characters

* '''limit_admin_ip''': limit incoming requests for all administrator functionality to an IP address IP range. Two examples:
*# 192.168.0.1
*# 192.168.0.1-192.168.0.255

These options are changeable under the settings page. You must be an administrator.

Options 'require_ssl_admin' and 'limit_admin_ip' can be bypassed using the [[Qubit:Debug mode|Debug mode]], which can only be accessed via the server's loopback interface in the default configuration.

== Client security ==

User authentication is cookie based, so privileged users should restrict access to a trusted network (e.g. internal LAN or encrypted WiFi network) or use [http://en.wikipedia.org/wiki/Transport_Layer_Security Transport Layer Security (TLS)] to prevent [http://en.wikipedia.org/wiki/Session_hijacking Session hijacking]. See the ''require_ssl_admin'' setting above which allows forcing privileged users to use TLS access ([[Release 1.3]] and later).

== Server security ==

Because '''AtoM''' is a web application, it is necessary to adequately secure the web server against attacks, both at the operating system (e.g. Windows, Mac OS X, Ubuntu Linux) and web server application (e.g. Apache, IIS, nginx) level. The web server environment should be configured by an experienced systems administrator in accordance with current "best practice" standards. See the [[Qubit:Security|Qubit Toolkit Security]] documentation for more information about sensitive files within '''AtoM''' that may require extra protection.

=== Stay up to date ===

The most important security step you can take is to keep your software up to date.

We recommend our users to subscribe to the [http://groups.google.ca/group/ica-atom-users ICA-AtoM mailing list]. New version announcements are always sent to the list.

Don't forget to also keep up with updates to Apache, PHP, MySQL, and any other software running on your servers – both the operating system and other web applications.

=== General PHP recommendations ===

These bits of advice go for pretty much any PHP environment, and are not necessarily specific to ICA-AtoM.

PHP configuration recommendations, for php.ini or set otherwise:

* Disable [http://php.net/register_globals register_globals].
* Unless you require it specifically, disable [http://php.net/manual/en/filesystem.configuration.php#ini.allow-url-fopen allow_url_fopen].
* Set [http://php.net/session session.use_trans_sid] off.
* Make sure that register_globals is off.

=== General MySQL recommendations ===

In general, you should keep access to your MySQL database to a minimum. If it will only be used from the single machine it's running on, consider disabling networking support, or enabling local networking access only (via the loopback device, see below), so the server can only communicate with local clients over Unix domain sockets.

If it will be used over a network with a limited number of client machines, consider setting the IP firewall rules to accept access to TCP port 3306 (MySQL's port) only from those machines or only from your local subnet, and reject all accesses from the larger internet. This can help prevent accidentally opening access to your server due to some unknown flaw in MySQL, a mistakenly set overbroad GRANT, or a leaked password.

=== Upload security ===

The main concern is: How do we prevent users from uploading malicious files?

User uploads have several implications for security:
* The directory may have to be world-writable, or else owned by the web server's limited user account. On a multiuser system it may be possible for other local users to slip malicious files into your upload directory.
* While PHP's configuration sets a filesize limit on individual uploads, ICA-AtoM doesn't set any limit on total uploads. A malicious (or overzealous) visitor could fill up a disk partition by uploading a lot of files.

Our advice is to disable server-side execution of PHP scripts (and any other scripting types you may have) in the uploads directory (/uploads).

For instance, the following code for Apache/mod_php will do the trick:

<pre>
<Directory "/var/www/icaatom/uploads">
# Ignore .htaccess files
AllowOverride None

# Serve HTML as plaintext, don't execute SHTML
AddType text/plain .html .htm .shtml .php

# Don't run arbitrary PHP code.
php_admin_flag engine off

# If you've other scripting languages, disable them too.
</Directory>
</pre>

<hr />
This document is partially based on the excellent [http://www.mediawiki.org/wiki/Manual:Security MediaWiki security page], it is strongly recommended to read that too.

Security

2012-08-29T22:20:39Z

David: /* AtoM security features */ -> /* Application security */

[[Main Page]] > [[Administrator manual]] > Security

'''AtoM''' implements current web application best practice for '''Security''', but creating a fully secure system requires secure practices to be observed at three levels:

# web application (AtoM) security
# client-side (web browser) security
# server-side security

== Application security ==

AtoM's built-in security features include:
* User passwords are hashed using the [http://en.wikipedia.org/wiki/SHA-1 SHA-1] hashing algorithm with a randomly generated [http://en.wikipedia.org/wiki/Salt_%28cryptography%29 salt]
* Protection against [http://en.wikipedia.org/wiki/SQL_injection SQL Injection] attacks via the [http://php.net/manual/en/book.pdo.php PHP PDO] database interface

=== Security settings in ICA-AtoM ===

In [[Release 1.3]] three new security settings are added to '''AtoM''':

* '''require_ssl_admin''': see [[Qubit:TLS|TLS]] for more details

* '''require_strong_passwords''': enhance login validation to force use of strong passwords. At least 8 characters long, contains characters from 3 of the following classes:
*# Upper case letters
*# Lower case letters
*# Numbers
*# Special characters

* '''limit_admin_ip''': limit incoming requests for all administrator functionality to an IP address IP range. Two examples:
*# 192.168.0.1
*# 192.168.0.1-192.168.0.255

These options are changeable under the settings page. You must be an administrator.

Options 'require_ssl_admin' and 'limit_admin_ip' can be bypassed using the [[Qubit:Debug mode|Debug mode]], which can only be accessed via the server's loopback interface in the default configuration.

== Client security ==

User authentication is cookie based, so privileged users should restrict access to a trusted network (e.g. internal LAN or encrypted WiFi network) or use [http://en.wikipedia.org/wiki/Transport_Layer_Security Transport Layer Security (TLS)] to prevent [http://en.wikipedia.org/wiki/Session_hijacking Session hijacking]. See the ''require_ssl_admin'' setting above which allows forcing privileged users to use TLS access ([[Release 1.3]] and later).

== Server security ==

Because '''AtoM''' is a web application, it is necessary to adequately secure the web server against attacks, both at the operating system (e.g. Windows, Mac OS X, Ubuntu Linux) and web server application (e.g. Apache, IIS, nginx) level. The web server environment should be configured by an experienced systems administrator in accordance with current "best practice" standards. See the [[Qubit:Security|Qubit Toolkit Security]] documentation for more information about sensitive files within '''AtoM''' that may require extra protection.

=== Stay up to date ===

The most important security step you can take is to keep your software up to date.

We recommend our users to subscribe to the [http://groups.google.ca/group/ica-atom-users ICA-AtoM mailing list]. New version announcements are always sent to the list.

Don't forget to also keep up with updates to Apache, PHP, MySQL, and any other software running on your servers – both the operating system and other web applications.

=== General PHP recommendations ===

These bits of advice go for pretty much any PHP environment, and are not necessarily specific to ICA-AtoM.

PHP configuration recommendations, for php.ini or set otherwise:

* Disable [http://php.net/register_globals register_globals].
* Unless you require it specifically, disable [http://php.net/manual/en/filesystem.configuration.php#ini.allow-url-fopen allow_url_fopen].
* Set [http://php.net/session session.use_trans_sid] off.
* Make sure that register_globals is off.

=== General MySQL recommendations ===

In general, you should keep access to your MySQL database to a minimum. If it will only be used from the single machine it's running on, consider disabling networking support, or enabling local networking access only (via the loopback device, see below), so the server can only communicate with local clients over Unix domain sockets.

If it will be used over a network with a limited number of client machines, consider setting the IP firewall rules to accept access to TCP port 3306 (MySQL's port) only from those machines or only from your local subnet, and reject all accesses from the larger internet. This can help prevent accidentally opening access to your server due to some unknown flaw in MySQL, a mistakenly set overbroad GRANT, or a leaked password.

=== Upload security ===

The main concern is: How do we prevent users from uploading malicious files?

User uploads have several implications for security:
* The directory may have to be world-writable, or else owned by the web server's limited user account. On a multiuser system it may be possible for other local users to slip malicious files into your upload directory.
* While PHP's configuration sets a filesize limit on individual uploads, ICA-AtoM doesn't set any limit on total uploads. A malicious (or overzealous) visitor could fill up a disk partition by uploading a lot of files.

Our advice is to disable server-side execution of PHP scripts (and any other scripting types you may have) in the uploads directory (/uploads).

For instance, the following code for Apache/mod_php will do the trick:

<pre>
<Directory "/var/www/icaatom/uploads">
# Ignore .htaccess files
AllowOverride None

# Serve HTML as plaintext, don't execute SHTML
AddType text/plain .html .htm .shtml .php

# Don't run arbitrary PHP code.
php_admin_flag engine off

# If you've other scripting languages, disable them too.
</Directory>
</pre>

<hr />
This document is partially based on the excellent [http://www.mediawiki.org/wiki/Manual:Security MediaWiki security page], it is strongly recommended to read that too.

Security

2012-08-29T22:18:56Z

David: Re-organise

[[Main Page]] > [[Administrator manual]] > Security

'''AtoM''' implements current web application best practice for '''Security''', but creating a fully secure system requires secure practices to be observed at three levels:

# web application (AtoM) security
# client-side (web browser) security
# server-side security

== AtoM security features ==

AtoM's built-in security features include:
* User passwords are hashed using the [http://en.wikipedia.org/wiki/SHA-1 SHA-1] hashing algorithm with a randomly generated [http://en.wikipedia.org/wiki/Salt_%28cryptography%29 salt]
* Protection against [http://en.wikipedia.org/wiki/SQL_injection SQL Injection] attacks via the [http://php.net/manual/en/book.pdo.php PHP PDO] database interface

=== Security settings in ICA-AtoM ===

In [[Release 1.3]] three new security settings are added to '''AtoM''':

* '''require_ssl_admin''': see [[Qubit:TLS|TLS]] for more details

* '''require_strong_passwords''': enhance login validation to force use of strong passwords. At least 8 characters long, contains characters from 3 of the following classes:
*# Upper case letters
*# Lower case letters
*# Numbers
*# Special characters

* '''limit_admin_ip''': limit incoming requests for all administrator functionality to an IP address IP range. Two examples:
*# 192.168.0.1
*# 192.168.0.1-192.168.0.255

These options are changeable under the settings page. You must be an administrator.

Options 'require_ssl_admin' and 'limit_admin_ip' can be bypassed using the [[Qubit:Debug mode|Debug mode]], which can only be accessed via the server's loopback interface in the default configuration.

== Client security ==

User authentication is cookie based, so privileged users should restrict access to a trusted network (e.g. internal LAN or encrypted WiFi network) or use [http://en.wikipedia.org/wiki/Transport_Layer_Security Transport Layer Security (TLS)] to prevent [http://en.wikipedia.org/wiki/Session_hijacking Session hijacking]. See the ''require_ssl_admin'' setting above which allows forcing privileged users to use TLS access ([[Release 1.3]] and later).

== Server security ==

Because '''AtoM''' is a web application, it is necessary to adequately secure the web server against attacks, both at the operating system (e.g. Windows, Mac OS X, Ubuntu Linux) and web server application (e.g. Apache, IIS, nginx) level. The web server environment should be configured by an experienced systems administrator in accordance with current "best practice" standards. See the [[Qubit:Security|Qubit Toolkit Security]] documentation for more information about sensitive files within '''AtoM''' that may require extra protection.

=== Stay up to date ===

The most important security step you can take is to keep your software up to date.

We recommend our users to subscribe to the [http://groups.google.ca/group/ica-atom-users ICA-AtoM mailing list]. New version announcements are always sent to the list.

Don't forget to also keep up with updates to Apache, PHP, MySQL, and any other software running on your servers – both the operating system and other web applications.

=== General PHP recommendations ===

These bits of advice go for pretty much any PHP environment, and are not necessarily specific to ICA-AtoM.

PHP configuration recommendations, for php.ini or set otherwise:

* Disable [http://php.net/register_globals register_globals].
* Unless you require it specifically, disable [http://php.net/manual/en/filesystem.configuration.php#ini.allow-url-fopen allow_url_fopen].
* Set [http://php.net/session session.use_trans_sid] off.
* Make sure that register_globals is off.

=== General MySQL recommendations ===

In general, you should keep access to your MySQL database to a minimum. If it will only be used from the single machine it's running on, consider disabling networking support, or enabling local networking access only (via the loopback device, see below), so the server can only communicate with local clients over Unix domain sockets.

If it will be used over a network with a limited number of client machines, consider setting the IP firewall rules to accept access to TCP port 3306 (MySQL's port) only from those machines or only from your local subnet, and reject all accesses from the larger internet. This can help prevent accidentally opening access to your server due to some unknown flaw in MySQL, a mistakenly set overbroad GRANT, or a leaked password.

=== Upload security ===

The main concern is: How do we prevent users from uploading malicious files?

User uploads have several implications for security:
* The directory may have to be world-writable, or else owned by the web server's limited user account. On a multiuser system it may be possible for other local users to slip malicious files into your upload directory.
* While PHP's configuration sets a filesize limit on individual uploads, ICA-AtoM doesn't set any limit on total uploads. A malicious (or overzealous) visitor could fill up a disk partition by uploading a lot of files.

Our advice is to disable server-side execution of PHP scripts (and any other scripting types you may have) in the uploads directory (/uploads).

For instance, the following code for Apache/mod_php will do the trick:

<pre>
<Directory "/var/www/icaatom/uploads">
# Ignore .htaccess files
AllowOverride None

# Serve HTML as plaintext, don't execute SHTML
AddType text/plain .html .htm .shtml .php

# Don't run arbitrary PHP code.
php_admin_flag engine off

# If you've other scripting languages, disable them too.
</Directory>
</pre>

<hr />
This document is partially based on the excellent [http://www.mediawiki.org/wiki/Manual:Security MediaWiki security page], it is strongly recommended to read that too.

Security

2012-08-29T22:04:06Z

David: Bump /* Security settings in ICA-AtoM */ up a level

[[Main Page]] > [[Administrator manual]] > Security

== AtoM implements web application best practice for security ==

Security features include:
* User passwords are hashed using the [http://en.wikipedia.org/wiki/SHA-1 SHA-1] hashing algorithm with a randomly generated [http://en.wikipedia.org/wiki/Salt_%28cryptography%29 salt]
* Protection against [http://en.wikipedia.org/wiki/SQL_injection SQL Injection] attacks via the [http://php.net/manual/en/book.pdo.php PHP PDO] database interface

User authentication is cookie based, so privileged users should restrict access to a trusted network (e.g. internal LAN or encrypted WiFi network) or use [http://en.wikipedia.org/wiki/Transport_Layer_Security Transport Layer Security (TLS)] to prevent [http://en.wikipedia.org/wiki/Session_hijacking Session hijacking]. See the ''require_ssl_admin'' setting below for forcing TLS access in [[Release 1.3]] and later.

Because '''AtoM''' is a web application, it is necessary to adequately secure the web server against attacks, both at the operating system (e.g. Windows, Mac OS X, Ubuntu Linux) and web server application (e.g. Apache, IIS, nginx) level. The web server environment should be configured by an experienced systems administrator in accordance with current "best practice" standards. See the [[Qubit:Security|Qubit Toolkit Security]] documentation for more information about sensitive files within '''AtoM''' that may require extra protection.

== Security settings in ICA-AtoM ==

In [[Release 1.3]] three new security settings are added to '''AtoM''':

* '''require_ssl_admin''': see [[Qubit:TLS|TLS]] for more details

* '''require_strong_passwords''': enhance login validation to force use of strong passwords. At least 8 characters long, contains characters from 3 of the following classes:
*# Upper case letters
*# Lower case letters
*# Numbers
*# Special characters

* '''limit_admin_ip''': limit incoming requests for all administrator functionality to an IP address IP range. Two examples:
*# 192.168.0.1
*# 192.168.0.1-192.168.0.255

These options are changeable under the settings page. You must be an administrator.

Options 'require_ssl_admin' and 'limit_admin_ip' can be bypassed using the [[Qubit:Debug mode|Debug mode]], which can only be accessed via the server's loopback interface in the default configuration.

== Stay up to date ==

The most important security step you can take is to keep your software up to date.

We recommend our users to subscribe to the [http://groups.google.ca/group/ica-atom-users ICA-AtoM mailing list]. New version announcements are always sent to the list.

Don't forget to also keep up with updates to Apache, PHP, MySQL, and any other software running on your servers – both the operating system and other web applications.

== General PHP recommendations ==

These bits of advice go for pretty much any PHP environment, and are not necessarily specific to ICA-AtoM.

PHP configuration recommendations, for php.ini or set otherwise:

* Disable [http://php.net/register_globals register_globals].
* Unless you require it specifically, disable [http://php.net/manual/en/filesystem.configuration.php#ini.allow-url-fopen allow_url_fopen].
* Set [http://php.net/session session.use_trans_sid] off.
* Make sure that register_globals is off.

== General MySQL recommendations ==

In general, you should keep access to your MySQL database to a minimum. If it will only be used from the single machine it's running on, consider disabling networking support, or enabling local networking access only (via the loopback device, see below), so the server can only communicate with local clients over Unix domain sockets.

If it will be used over a network with a limited number of client machines, consider setting the IP firewall rules to accept access to TCP port 3306 (MySQL's port) only from those machines or only from your local subnet, and reject all accesses from the larger internet. This can help prevent accidentally opening access to your server due to some unknown flaw in MySQL, a mistakenly set overbroad GRANT, or a leaked password.

== Upload security ==

The main concern is: How do we prevent users from uploading malicious files?

User uploads have several implications for security:
* The directory may have to be world-writable, or else owned by the web server's limited user account. On a multiuser system it may be possible for other local users to slip malicious files into your upload directory.
* While PHP's configuration sets a filesize limit on individual uploads, ICA-AtoM doesn't set any limit on total uploads. A malicious (or overzealous) visitor could fill up a disk partition by uploading a lot of files.

Our advice is to disable server-side execution of PHP scripts (and any other scripting types you may have) in the uploads directory (/uploads).

For instance, the following code for Apache/mod_php will do the trick:

<pre>
<Directory "/var/www/icaatom/uploads">
# Ignore .htaccess files
AllowOverride None

# Serve HTML as plaintext, don't execute SHTML
AddType text/plain .html .htm .shtml .php

# Don't run arbitrary PHP code.
php_admin_flag engine off

# If you've other scripting languages, disable them too.
</Directory>
</pre>

<hr />
This document is partially based on the excellent [http://www.mediawiki.org/wiki/Manual:Security MediaWiki security page], it is strongly recommended to read that too.

Security

2012-08-29T22:03:03Z

David: /* Upload security */

[[Main Page]] > [[Administrator manual]] > Security

== AtoM implements web application best practice for security ==

Security features include:
* User passwords are hashed using the [http://en.wikipedia.org/wiki/SHA-1 SHA-1] hashing algorithm with a randomly generated [http://en.wikipedia.org/wiki/Salt_%28cryptography%29 salt]
* Protection against [http://en.wikipedia.org/wiki/SQL_injection SQL Injection] attacks via the [http://php.net/manual/en/book.pdo.php PHP PDO] database interface

User authentication is cookie based, so privileged users should restrict access to a trusted network (e.g. internal LAN or encrypted WiFi network) or use [http://en.wikipedia.org/wiki/Transport_Layer_Security Transport Layer Security (TLS)] to prevent [http://en.wikipedia.org/wiki/Session_hijacking Session hijacking]. See the ''require_ssl_admin'' setting below for forcing TLS access in [[Release 1.3]] and later.

Because '''AtoM''' is a web application, it is necessary to adequately secure the web server against attacks, both at the operating system (e.g. Windows, Mac OS X, Ubuntu Linux) and web server application (e.g. Apache, IIS, nginx) level. The web server environment should be configured by an experienced systems administrator in accordance with current "best practice" standards. See the [[Qubit:Security|Qubit Toolkit Security]] documentation for more information about sensitive files within '''AtoM''' that may require extra protection.

=== Security settings in ICA-AtoM ===

In [[Release 1.3]] three new security settings are added to '''AtoM''':

* '''require_ssl_admin''': see [[Qubit:TLS|TLS]] for more details

* '''require_strong_passwords''': enhance login validation to force use of strong passwords. At least 8 characters long, contains characters from 3 of the following classes:
*# Upper case letters
*# Lower case letters
*# Numbers
*# Special characters

* '''limit_admin_ip''': limit incoming requests for all administrator functionality to an IP address IP range. Two examples:
*# 192.168.0.1
*# 192.168.0.1-192.168.0.255

These options are changeable under the settings page. You must be an administrator.

Options 'require_ssl_admin' and 'limit_admin_ip' can be bypassed using the [[Qubit:Debug mode|Debug mode]], which can only be accessed via the server's loopback interface in the default configuration.

== Stay up to date ==

The most important security step you can take is to keep your software up to date.

We recommend our users to subscribe to the [http://groups.google.ca/group/ica-atom-users ICA-AtoM mailing list]. New version announcements are always sent to the list.

Don't forget to also keep up with updates to Apache, PHP, MySQL, and any other software running on your servers – both the operating system and other web applications.

== General PHP recommendations ==

These bits of advice go for pretty much any PHP environment, and are not necessarily specific to ICA-AtoM.

PHP configuration recommendations, for php.ini or set otherwise:

* Disable [http://php.net/register_globals register_globals].
* Unless you require it specifically, disable [http://php.net/manual/en/filesystem.configuration.php#ini.allow-url-fopen allow_url_fopen].
* Set [http://php.net/session session.use_trans_sid] off.
* Make sure that register_globals is off.

== General MySQL recommendations ==

In general, you should keep access to your MySQL database to a minimum. If it will only be used from the single machine it's running on, consider disabling networking support, or enabling local networking access only (via the loopback device, see below), so the server can only communicate with local clients over Unix domain sockets.

If it will be used over a network with a limited number of client machines, consider setting the IP firewall rules to accept access to TCP port 3306 (MySQL's port) only from those machines or only from your local subnet, and reject all accesses from the larger internet. This can help prevent accidentally opening access to your server due to some unknown flaw in MySQL, a mistakenly set overbroad GRANT, or a leaked password.

== Upload security ==

The main concern is: How do we prevent users from uploading malicious files?

User uploads have several implications for security:
* The directory may have to be world-writable, or else owned by the web server's limited user account. On a multiuser system it may be possible for other local users to slip malicious files into your upload directory.
* While PHP's configuration sets a filesize limit on individual uploads, ICA-AtoM doesn't set any limit on total uploads. A malicious (or overzealous) visitor could fill up a disk partition by uploading a lot of files.

Our advice is to disable server-side execution of PHP scripts (and any other scripting types you may have) in the uploads directory (/uploads).

For instance, the following code for Apache/mod_php will do the trick:

<pre>
<Directory "/var/www/icaatom/uploads">
# Ignore .htaccess files
AllowOverride None

# Serve HTML as plaintext, don't execute SHTML
AddType text/plain .html .htm .shtml .php

# Don't run arbitrary PHP code.
php_admin_flag engine off

# If you've other scripting languages, disable them too.
</Directory>
</pre>

<hr />
This document is partially based on the excellent [http://www.mediawiki.org/wiki/Manual:Security MediaWiki security page], it is strongly recommended to read that too.

User manual

2012-08-29T18:19:41Z

David: Remove OAI-PMH link - no longer supported

{| style="width:95%; border="0"
|-valign="top"
| style="width:500px; border: 1px solid rgb(255, 201, 201); padding: 0.5em 1em 1em; color: rgb(0, 0, 0); background-color: rgb(255, 243, 243);" |

== [[Overview]] ==

* [[What is ICA-AtoM?]]
* [[Technical requirements]]
* [[Entity types]]
* [[Descriptive standards]]

== [[Getting started]] ==

* [[Home page]]
* [[Log in]]
* [[User roles]]
* [[Page types]]
* [[Choose language]]
* [[Change password]]

== [[Add/edit content]] ==

* [[Add/edit accession records]]
* [[Add/edit archival descriptions]]
* [[Add/edit authority records]]
* [[Add/edit archival institutions]]
* [[Control area]]
* [[Add/edit deaccession records]]
* [[Add/edit donors]]
* [[Add/edit functions]]
* [[Add/edit rights]]
* [[Add/edit terms]]
* [[Exit edit mode]]

== [[Access content]] ==

* [[Search]]
* [[Advanced search]]
* [[Browse]]
* [[Navigate]]

== [[Translate]] ==

* [[Multilingual design principles]]
* [[Translate content]]
* [[Translate interface]]
* [[Translate static pages]]

| style="width: 500px; border: 1px solid rgb(198, 201, 255); padding: 0.5em 1em 1em; color: rgb(0, 0, 0); background-color: rgb(240, 240, 255);" |

== [[Reports/Printing]] ==

*[[Create file list report & print]]
*[[Create item list report & print]]
*[[Create physical storage locations report & print]]
*[[Print search results]]
*[[Print finding aids]]

== [[Import/export]] ==

* [[Upload digital objects]]
* [[Import descriptions and terms]]
* [[Export descriptions and terms]]

== [[Administer]] ==

* [[Install]]
* [[Security]]
* [[Manage user accounts]]
* [[Edit permissions]]
* [[Manage static pages]]
* [[Manage menus]]
* [[Settings]]
* [[Themes]]
* [[Default language]]
* [[Site logo]]
* [[Back up]]
* [[Search for updates]]
* [[Global search and replace]]

== [[Glossary]] ==

Glossary of terms used throughout this user manual

== [[:Category:User manual|Index]] ==

Index of pages in this user manual

== Questions? ==

Please post them to [http://groups.google.ca/group/ica-atom-users the discussion group]

__NOEDITSECTION__
__NOTOC__

Release 1.3

2012-08-24T23:41:39Z

David: /* New Features */

Released Aug xx, 2012

<b> Release 1.3 </b> includes PDF Fulltext Search, security enhancements, improvements to Treeview functionality, and many bug fixes to make this the most stable and fully-functional ICA-AtoM release to date. (see below).

Release 1.3 comes 9 months after the 1.2 release in November 2011. Release 1.3 includes updated translations for Dutch, French, Polish, Portuguese, Slovenian and Spanish, along with the addition of Galician, Georgian, Indonesian, Japanese and Thai!

== New Features ==

* IE8 compatibility with Trillium theme
* PDF fulltext search Issue 1252
* Command line and web interface CSV import for archival descriptions (RAD and ISAD), authority records, accessions and events
* Administrator control of the public visiblity of some archival description elements (Visibility Elements) Issue 1931
* Addition of ellipses to expand or contract lengthy text fields Issue 537
* Batch search index updates have been optimized to run 10 - 100x faster!

== Enhancements ==

==== Security Enhancements ====
*Enhance login process to force all authenticated user requests to https (requires SSL certificate on server) Issue 2226
*Enhance login validation to force use of strong passwords Issue 2227: at least 8 characters long, contains characters from 3 of the following classes:
*# Upper case letters
*# Lower case letters
*# Numbers
*# Special characters
* Limit incoming requests for all Administrator functionality to a static IP address range Issue 2228

==== Treeview enhancements ====
* Brand new treeview!
* Drag & drop sorting Issue 1289
* View large number of child records in context Issue 1943
* Pop-up to show long description names when hovering over name

==== Import ====
* Integratration of command line and web interface for CSV imports Issue 140
* Allow XML or CSV import to an existing Fonds, Collection or Series Issue 1993

==== Accessions ====
* Add fulltext search for accessions Issue 2323
* Add ability to link pre-existing information objects to accession records Issue 2178

==== Browse ====
* Default sort order setting (Alphabetic or Last Updated) can be configured by the administrator Issue 2235

==== Searching ====
* Allow searching on textual dates Issue 2294
* Allow search by date range Issue 2261
* Add copyright status to advanced search Issue 2314
* Add extra search fields for authority records and repositories issue 1965

==== Usability ====
* Addition of ellipses to expand or contract text boxes Issue 537

==== Misc ====
* Display Archivematica AIP and File UUID for matching ICA-AtoM digital object Issue 2379
* SQL-only data schema upgrades for Release 1.1 thru Release 1.3 Issue 2270

== Internationalization ==

*New! Galician, Georgian, Indonesian, Japanese and Thai translations of the user interface.
*Merged new and improved user interface translations for Dutch, French, Polish, Portuguese, Slovenian and Spanish (thank you to all our volunteer translators).
*Complete French translation of Rules for Archival Description (RAD) elements. (Translation funded by Manitoba Heritage Grant courtesy of the Department of Culture, Heritage and Tourism.)

== Bug fixes ==

* Issue 2420: CSV Import throws warning
* Issue 2415: filters.yml problem under qtSwordPlugin
* Issue 2411: Publication status in treeview is adding double parentheses in all themes except Trillium
* Issue 2408: Pop-up display in treeview not visible wen browser window is resized
* Issue 2407: Publication status in treeview should come at end of information object title
* Issue 2402: Admin user gets deactivated
* Issue 2395: Taxonomy/term treeview is broken
* Issue 2394: Installer theme is broken
* Issue 2384: EAD - dates not importing
* Issue 2382: Unauthorized users should not be able to view PREMIS rights
* Issue 2377: Search for donor name produces no results for authenticated user/admin
* Issue 2376: Repository names mixed with Authority record names in drop-down, selection of Repository name results in 404 error
* Issue 2368: User orange circle "a" favicon for release 1.3
* Issue 2365: In Edit digital object screen, substitute new representation results in white screen
* Issue 2364: In Edit digital object screen, changing mediatype causes white screen
* Issue 2360: Rights holder name appears in drop-down/suggested list for Name of Creator data entry field
* Issue 2348: User Groups unavailable in drop-down when Admin tried to add new user in Trillium theme and Chrome browser
* Issue 2344: New information objects created from the accession page are not linked
* Issue 2337: User with translation rights is unable to edit the information in ISAAR fields
* Issue 2334: Draft status records not appearing in search results for authenticated users
* Issue 2330: Admin cannot view user permissions by repository
* Issue 2323: Add fulltext search for accessions
* Issue 2314: Add copyright status to advanced search
* Issue 2313 Hide accession numbers in archival description from public
* Issue 2311: Delete reference copy of digital object and replace or regenerate copy causes error
* Issue 2310: "Language and script notes" field should not repeat
* Issue 2298: Can't delete final UF field from taxonomy term
* Issue 2291: Translation interface broken
* Issue 2286: Using "+" in Treeview at Series-level, reveals child-levels without Publication Status "Draft"
* Issue 2284: Administrator unable to edit new user account's active status or edit new user account
* Issue 2276: Search results for PDF, TIFF and JPEG produce multiples.
* Issue 2273: Deleted archival description included in search results.
* Issue 2272: Change field label "Archival history" to "Archival /Custodial history" in Accessions template
* Issue 2270: SQL-only data schema upgrades / Switch migration task to direct db updates instead of YAML upgrades
* Issue 2263: Solve taxonomy and term constant
* Issue 2246: Moving an information object can break the nested set
* Issue 2238: Full reference code for archival descriptions is truncated in search results screen
* Issue 2235: Defaut sort order setting (Alphabetic or Last Updated) should be Admin Configurable
* Issue 2234: Qubit-sword daemon stops working after a long time running (MySQL server has gone away)
* Issue 2220: Migrate task in 1.2 release is not bumping database version during upgrades
* Issue 2212: Lucene Range Search broken in ICA-AtoM 1.2
* Issue 2209: Server 500 error on multiple record deletion
* Issue 2207: Apache (with mod_rewrite?) returns Forbidden error if permalink slug is more than 255 characters
* Issue 2206: Reports - Date field at file and item level populated with date from fonds-level
* Issue 2203: Browse menu translated in Caribou but NOT other themes. Browse results page title not translated.
* Issue 2198: Fatal error viewing file/item report in language other than English
* Issue 2197: In ICA-AtoM Selecting Dublin Core as the default template in Admin>settings does not change resource edit template. Defaults to ISAD(G).
* Issue 2194: Search and Replace results in Fatal error.
* Issue 2176: Can't print file or item lists in DC or MODS
* Issue 2168: Translated UI labels appear in English
* Issue 2147: Trillium theme css not sticking in narrow Safari browser window
* Issue 2143: Trillium: pager alignment is inconsistent
* Issue 2141: Unable to activate a theme when browsing in a language distinct to english
* Issue 2048: Link to ALOUETTE.ca on ABOUT page is wrong, replace with DCB link.
* Issue 2035: RAD Note field for Language needs to be text, not a list of languages
* Issue 1995: Segmentation faults when calling _toString() magic method implicitly
* Issue 1993: Specify parent for EAD import
* Issue 1983: Actor records (users, authority records and repositories) cause incorrect hit count for authenticated users
* Issue 1975: ICA-AtoM virtual appliance does not work under VirtualBox 4.0.4
* Issue 1943: Context menu "see all" links are not useful for a large number (100+) of children
* Issue 1915: User profile should include institutional (repository) affiliation
* Issue 1628: String fields in the db are limited to 255 characters but Users demand bigger sizes and there is no warning
* Issue 1519: When logged in user doesn't have update permission to update archival descriptions, can partially drag and drop in hierarchy treeview
* Issue 1409: Users without view draft permissions can navigate to drafts in information object treeview hierarchy
* Issue 1344: Information div titles in edit screens disappear when scrolled over or clicked on
* Issue 1280: Prevent same user from being created more than once
* Issue 1113: Can't delete a user if they have created a note
* Issue 767: Include physical objects (i.e. storage containers) in the search index

[[Category:Releases]]

__NOTOC__

Release 1.3

2012-08-24T23:39:53Z

David: /* Searching */

Released Aug xx, 2012

<b> Release 1.3 </b> includes PDF Fulltext Search, security enhancements, improvements to Treeview functionality, and many bug fixes to make this the most stable and fully-functional ICA-AtoM release to date. (see below).

Release 1.3 comes 9 months after the 1.2 release in November 2011. Release 1.3 includes updated translations for Dutch, French, Polish, Portuguese, Slovenian and Spanish, along with the addition of Galician, Georgian, Indonesian, Japanese and Thai!

== New Features ==

* IE8 compatibility with Trillium theme
* PDF fulltext search Issue 1252
* Command line CSV import for archival descriptions (RAD and ISAD), authority records, accessions and events
* Administrator control of the public visiblity of some archival description elements (Visibility Elements) Issue 1931
* Addition of ellipses to expand or contract lengthy text fields Issue 537
* Batch search index updates have been optimized to run 10 - 100x faster!

== Enhancements ==

==== Security Enhancements ====
*Enhance login process to force all authenticated user requests to https (requires SSL certificate on server) Issue 2226
*Enhance login validation to force use of strong passwords Issue 2227: at least 8 characters long, contains characters from 3 of the following classes:
*# Upper case letters
*# Lower case letters
*# Numbers
*# Special characters
* Limit incoming requests for all Administrator functionality to a static IP address range Issue 2228

==== Treeview enhancements ====
* Brand new treeview!
* Drag & drop sorting Issue 1289
* View large number of child records in context Issue 1943
* Pop-up to show long description names when hovering over name

==== Import ====
* Integratration of command line and web interface for CSV imports Issue 140
* Allow XML or CSV import to an existing Fonds, Collection or Series Issue 1993

==== Accessions ====
* Add fulltext search for accessions Issue 2323
* Add ability to link pre-existing information objects to accession records Issue 2178

==== Browse ====
* Default sort order setting (Alphabetic or Last Updated) can be configured by the administrator Issue 2235

==== Searching ====
* Allow searching on textual dates Issue 2294
* Allow search by date range Issue 2261
* Add copyright status to advanced search Issue 2314
* Add extra search fields for authority records and repositories issue 1965

==== Usability ====
* Addition of ellipses to expand or contract text boxes Issue 537

==== Misc ====
* Display Archivematica AIP and File UUID for matching ICA-AtoM digital object Issue 2379
* SQL-only data schema upgrades for Release 1.1 thru Release 1.3 Issue 2270

== Internationalization ==

*New! Galician, Georgian, Indonesian, Japanese and Thai translations of the user interface.
*Merged new and improved user interface translations for Dutch, French, Polish, Portuguese, Slovenian and Spanish (thank you to all our volunteer translators).
*Complete French translation of Rules for Archival Description (RAD) elements. (Translation funded by Manitoba Heritage Grant courtesy of the Department of Culture, Heritage and Tourism.)

== Bug fixes ==

* Issue 2420: CSV Import throws warning
* Issue 2415: filters.yml problem under qtSwordPlugin
* Issue 2411: Publication status in treeview is adding double parentheses in all themes except Trillium
* Issue 2408: Pop-up display in treeview not visible wen browser window is resized
* Issue 2407: Publication status in treeview should come at end of information object title
* Issue 2402: Admin user gets deactivated
* Issue 2395: Taxonomy/term treeview is broken
* Issue 2394: Installer theme is broken
* Issue 2384: EAD - dates not importing
* Issue 2382: Unauthorized users should not be able to view PREMIS rights
* Issue 2377: Search for donor name produces no results for authenticated user/admin
* Issue 2376: Repository names mixed with Authority record names in drop-down, selection of Repository name results in 404 error
* Issue 2368: User orange circle "a" favicon for release 1.3
* Issue 2365: In Edit digital object screen, substitute new representation results in white screen
* Issue 2364: In Edit digital object screen, changing mediatype causes white screen
* Issue 2360: Rights holder name appears in drop-down/suggested list for Name of Creator data entry field
* Issue 2348: User Groups unavailable in drop-down when Admin tried to add new user in Trillium theme and Chrome browser
* Issue 2344: New information objects created from the accession page are not linked
* Issue 2337: User with translation rights is unable to edit the information in ISAAR fields
* Issue 2334: Draft status records not appearing in search results for authenticated users
* Issue 2330: Admin cannot view user permissions by repository
* Issue 2323: Add fulltext search for accessions
* Issue 2314: Add copyright status to advanced search
* Issue 2313 Hide accession numbers in archival description from public
* Issue 2311: Delete reference copy of digital object and replace or regenerate copy causes error
* Issue 2310: "Language and script notes" field should not repeat
* Issue 2298: Can't delete final UF field from taxonomy term
* Issue 2291: Translation interface broken
* Issue 2286: Using "+" in Treeview at Series-level, reveals child-levels without Publication Status "Draft"
* Issue 2284: Administrator unable to edit new user account's active status or edit new user account
* Issue 2276: Search results for PDF, TIFF and JPEG produce multiples.
* Issue 2273: Deleted archival description included in search results.
* Issue 2272: Change field label "Archival history" to "Archival /Custodial history" in Accessions template
* Issue 2270: SQL-only data schema upgrades / Switch migration task to direct db updates instead of YAML upgrades
* Issue 2263: Solve taxonomy and term constant
* Issue 2246: Moving an information object can break the nested set
* Issue 2238: Full reference code for archival descriptions is truncated in search results screen
* Issue 2235: Defaut sort order setting (Alphabetic or Last Updated) should be Admin Configurable
* Issue 2234: Qubit-sword daemon stops working after a long time running (MySQL server has gone away)
* Issue 2220: Migrate task in 1.2 release is not bumping database version during upgrades
* Issue 2212: Lucene Range Search broken in ICA-AtoM 1.2
* Issue 2209: Server 500 error on multiple record deletion
* Issue 2207: Apache (with mod_rewrite?) returns Forbidden error if permalink slug is more than 255 characters
* Issue 2206: Reports - Date field at file and item level populated with date from fonds-level
* Issue 2203: Browse menu translated in Caribou but NOT other themes. Browse results page title not translated.
* Issue 2198: Fatal error viewing file/item report in language other than English
* Issue 2197: In ICA-AtoM Selecting Dublin Core as the default template in Admin>settings does not change resource edit template. Defaults to ISAD(G).
* Issue 2194: Search and Replace results in Fatal error.
* Issue 2176: Can't print file or item lists in DC or MODS
* Issue 2168: Translated UI labels appear in English
* Issue 2147: Trillium theme css not sticking in narrow Safari browser window
* Issue 2143: Trillium: pager alignment is inconsistent
* Issue 2141: Unable to activate a theme when browsing in a language distinct to english
* Issue 2048: Link to ALOUETTE.ca on ABOUT page is wrong, replace with DCB link.
* Issue 2035: RAD Note field for Language needs to be text, not a list of languages
* Issue 1995: Segmentation faults when calling _toString() magic method implicitly
* Issue 1993: Specify parent for EAD import
* Issue 1983: Actor records (users, authority records and repositories) cause incorrect hit count for authenticated users
* Issue 1975: ICA-AtoM virtual appliance does not work under VirtualBox 4.0.4
* Issue 1943: Context menu "see all" links are not useful for a large number (100+) of children
* Issue 1915: User profile should include institutional (repository) affiliation
* Issue 1628: String fields in the db are limited to 255 characters but Users demand bigger sizes and there is no warning
* Issue 1519: When logged in user doesn't have update permission to update archival descriptions, can partially drag and drop in hierarchy treeview
* Issue 1409: Users without view draft permissions can navigate to drafts in information object treeview hierarchy
* Issue 1344: Information div titles in edit screens disappear when scrolled over or clicked on
* Issue 1280: Prevent same user from being created more than once
* Issue 1113: Can't delete a user if they have created a note
* Issue 767: Include physical objects (i.e. storage containers) in the search index

[[Category:Releases]]

__NOTOC__

Release 1.3

2012-08-24T23:37:29Z

David: /* Misc */

Released Aug xx, 2012

<b> Release 1.3 </b> includes PDF Fulltext Search, security enhancements, improvements to Treeview functionality, and many bug fixes to make this the most stable and fully-functional ICA-AtoM release to date. (see below).

Release 1.3 comes 9 months after the 1.2 release in November 2011. Release 1.3 includes updated translations for Dutch, French, Polish, Portuguese, Slovenian and Spanish, along with the addition of Galician, Georgian, Indonesian, Japanese and Thai!

== New Features ==

* IE8 compatibility with Trillium theme
* PDF fulltext search Issue 1252
* Command line CSV import for archival descriptions (RAD and ISAD), authority records, accessions and events
* Administrator control of the public visiblity of some archival description elements (Visibility Elements) Issue 1931
* Addition of ellipses to expand or contract lengthy text fields Issue 537
* Batch search index updates have been optimized to run 10 - 100x faster!

== Enhancements ==

==== Security Enhancements ====
*Enhance login process to force all authenticated user requests to https (requires SSL certificate on server) Issue 2226
*Enhance login validation to force use of strong passwords Issue 2227: at least 8 characters long, contains characters from 3 of the following classes:
*# Upper case letters
*# Lower case letters
*# Numbers
*# Special characters
* Limit incoming requests for all Administrator functionality to a static IP address range Issue 2228

==== Treeview enhancements ====
* Brand new treeview!
* Drag & drop sorting Issue 1289
* View large number of child records in context Issue 1943
* Pop-up to show long description names when hovering over name

==== Import ====
* Integratration of command line and web interface for CSV imports Issue 140
* Allow XML or CSV import to an existing Fonds, Collection or Series Issue 1993

==== Accessions ====
* Add fulltext search for accessions Issue 2323
* Add ability to link pre-existing information objects to accession records Issue 2178

==== Browse ====
* Default sort order setting (Alphabetic or Last Updated) can be configured by the administrator Issue 2235

==== Searching ====
* Allow searching on textual dates Issue 2294
* Allow search by date range Issue 2261
* Add copyright status to advanced search Issue 2314

==== Usability ====
* Addition of ellipses to expand or contract text boxes Issue 537

==== Misc ====
* Display Archivematica AIP and File UUID for matching ICA-AtoM digital object Issue 2379
* SQL-only data schema upgrades for Release 1.1 thru Release 1.3 Issue 2270

== Internationalization ==

*New! Galician, Georgian, Indonesian, Japanese and Thai translations of the user interface.
*Merged new and improved user interface translations for Dutch, French, Polish, Portuguese, Slovenian and Spanish (thank you to all our volunteer translators).
*Complete French translation of Rules for Archival Description (RAD) elements. (Translation funded by Manitoba Heritage Grant courtesy of the Department of Culture, Heritage and Tourism.)

== Bug fixes ==

* Issue 2420: CSV Import throws warning
* Issue 2415: filters.yml problem under qtSwordPlugin
* Issue 2411: Publication status in treeview is adding double parentheses in all themes except Trillium
* Issue 2408: Pop-up display in treeview not visible wen browser window is resized
* Issue 2407: Publication status in treeview should come at end of information object title
* Issue 2402: Admin user gets deactivated
* Issue 2395: Taxonomy/term treeview is broken
* Issue 2394: Installer theme is broken
* Issue 2384: EAD - dates not importing
* Issue 2382: Unauthorized users should not be able to view PREMIS rights
* Issue 2377: Search for donor name produces no results for authenticated user/admin
* Issue 2376: Repository names mixed with Authority record names in drop-down, selection of Repository name results in 404 error
* Issue 2368: User orange circle "a" favicon for release 1.3
* Issue 2365: In Edit digital object screen, substitute new representation results in white screen
* Issue 2364: In Edit digital object screen, changing mediatype causes white screen
* Issue 2360: Rights holder name appears in drop-down/suggested list for Name of Creator data entry field
* Issue 2348: User Groups unavailable in drop-down when Admin tried to add new user in Trillium theme and Chrome browser
* Issue 2344: New information objects created from the accession page are not linked
* Issue 2337: User with translation rights is unable to edit the information in ISAAR fields
* Issue 2334: Draft status records not appearing in search results for authenticated users
* Issue 2330: Admin cannot view user permissions by repository
* Issue 2323: Add fulltext search for accessions
* Issue 2314: Add copyright status to advanced search
* Issue 2313 Hide accession numbers in archival description from public
* Issue 2311: Delete reference copy of digital object and replace or regenerate copy causes error
* Issue 2310: "Language and script notes" field should not repeat
* Issue 2298: Can't delete final UF field from taxonomy term
* Issue 2291: Translation interface broken
* Issue 2286: Using "+" in Treeview at Series-level, reveals child-levels without Publication Status "Draft"
* Issue 2284: Administrator unable to edit new user account's active status or edit new user account
* Issue 2276: Search results for PDF, TIFF and JPEG produce multiples.
* Issue 2273: Deleted archival description included in search results.
* Issue 2272: Change field label "Archival history" to "Archival /Custodial history" in Accessions template
* Issue 2270: SQL-only data schema upgrades / Switch migration task to direct db updates instead of YAML upgrades
* Issue 2263: Solve taxonomy and term constant
* Issue 2246: Moving an information object can break the nested set
* Issue 2238: Full reference code for archival descriptions is truncated in search results screen
* Issue 2235: Defaut sort order setting (Alphabetic or Last Updated) should be Admin Configurable
* Issue 2234: Qubit-sword daemon stops working after a long time running (MySQL server has gone away)
* Issue 2220: Migrate task in 1.2 release is not bumping database version during upgrades
* Issue 2212: Lucene Range Search broken in ICA-AtoM 1.2
* Issue 2209: Server 500 error on multiple record deletion
* Issue 2207: Apache (with mod_rewrite?) returns Forbidden error if permalink slug is more than 255 characters
* Issue 2206: Reports - Date field at file and item level populated with date from fonds-level
* Issue 2203: Browse menu translated in Caribou but NOT other themes. Browse results page title not translated.
* Issue 2198: Fatal error viewing file/item report in language other than English
* Issue 2197: In ICA-AtoM Selecting Dublin Core as the default template in Admin>settings does not change resource edit template. Defaults to ISAD(G).
* Issue 2194: Search and Replace results in Fatal error.
* Issue 2176: Can't print file or item lists in DC or MODS
* Issue 2168: Translated UI labels appear in English
* Issue 2147: Trillium theme css not sticking in narrow Safari browser window
* Issue 2143: Trillium: pager alignment is inconsistent
* Issue 2141: Unable to activate a theme when browsing in a language distinct to english
* Issue 2048: Link to ALOUETTE.ca on ABOUT page is wrong, replace with DCB link.
* Issue 2035: RAD Note field for Language needs to be text, not a list of languages
* Issue 1995: Segmentation faults when calling _toString() magic method implicitly
* Issue 1993: Specify parent for EAD import
* Issue 1983: Actor records (users, authority records and repositories) cause incorrect hit count for authenticated users
* Issue 1975: ICA-AtoM virtual appliance does not work under VirtualBox 4.0.4
* Issue 1943: Context menu "see all" links are not useful for a large number (100+) of children
* Issue 1915: User profile should include institutional (repository) affiliation
* Issue 1628: String fields in the db are limited to 255 characters but Users demand bigger sizes and there is no warning
* Issue 1519: When logged in user doesn't have update permission to update archival descriptions, can partially drag and drop in hierarchy treeview
* Issue 1409: Users without view draft permissions can navigate to drafts in information object treeview hierarchy
* Issue 1344: Information div titles in edit screens disappear when scrolled over or clicked on
* Issue 1280: Prevent same user from being created more than once
* Issue 1113: Can't delete a user if they have created a note
* Issue 767: Include physical objects (i.e. storage containers) in the search index

[[Category:Releases]]

__NOTOC__

Release 1.3

2012-08-24T23:36:53Z

David: /* Misc */

Released Aug xx, 2012

<b> Release 1.3 </b> includes PDF Fulltext Search, security enhancements, improvements to Treeview functionality, and many bug fixes to make this the most stable and fully-functional ICA-AtoM release to date. (see below).

Release 1.3 comes 9 months after the 1.2 release in November 2011. Release 1.3 includes updated translations for Dutch, French, Polish, Portuguese, Slovenian and Spanish, along with the addition of Galician, Georgian, Indonesian, Japanese and Thai!

== New Features ==

* IE8 compatibility with Trillium theme
* PDF fulltext search Issue 1252
* Command line CSV import for archival descriptions (RAD and ISAD), authority records, accessions and events
* Administrator control of the public visiblity of some archival description elements (Visibility Elements) Issue 1931
* Addition of ellipses to expand or contract lengthy text fields Issue 537
* Batch search index updates have been optimized to run 10 - 100x faster!

== Enhancements ==

==== Security Enhancements ====
*Enhance login process to force all authenticated user requests to https (requires SSL certificate on server) Issue 2226
*Enhance login validation to force use of strong passwords Issue 2227: at least 8 characters long, contains characters from 3 of the following classes:
*# Upper case letters
*# Lower case letters
*# Numbers
*# Special characters
* Limit incoming requests for all Administrator functionality to a static IP address range Issue 2228

==== Treeview enhancements ====
* Brand new treeview!
* Drag & drop sorting Issue 1289
* View large number of child records in context Issue 1943
* Pop-up to show long description names when hovering over name

==== Import ====
* Integratration of command line and web interface for CSV imports Issue 140
* Allow XML or CSV import to an existing Fonds, Collection or Series Issue 1993

==== Accessions ====
* Add fulltext search for accessions Issue 2323
* Add ability to link pre-existing information objects to accession records Issue 2178

==== Browse ====
* Default sort order setting (Alphabetic or Last Updated) can be configured by the administrator Issue 2235

==== Searching ====
* Allow searching on textual dates Issue 2294
* Allow search by date range Issue 2261
* Add copyright status to advanced search Issue 2314

==== Usability ====
* Addition of ellipses to expand or contract text boxes Issue 537

==== Misc ====
* Display Archivematica AIP and File UUID for matching ICA-AtoM digital object Issue 2379
* SQL-only data schema upgrades for Release 1.1 thru Release 1.3 Issue 2327

== Internationalization ==

*New! Galician, Georgian, Indonesian, Japanese and Thai translations of the user interface.
*Merged new and improved user interface translations for Dutch, French, Polish, Portuguese, Slovenian and Spanish (thank you to all our volunteer translators).
*Complete French translation of Rules for Archival Description (RAD) elements. (Translation funded by Manitoba Heritage Grant courtesy of the Department of Culture, Heritage and Tourism.)

== Bug fixes ==

* Issue 2420: CSV Import throws warning
* Issue 2415: filters.yml problem under qtSwordPlugin
* Issue 2411: Publication status in treeview is adding double parentheses in all themes except Trillium
* Issue 2408: Pop-up display in treeview not visible wen browser window is resized
* Issue 2407: Publication status in treeview should come at end of information object title
* Issue 2402: Admin user gets deactivated
* Issue 2395: Taxonomy/term treeview is broken
* Issue 2394: Installer theme is broken
* Issue 2384: EAD - dates not importing
* Issue 2382: Unauthorized users should not be able to view PREMIS rights
* Issue 2377: Search for donor name produces no results for authenticated user/admin
* Issue 2376: Repository names mixed with Authority record names in drop-down, selection of Repository name results in 404 error
* Issue 2368: User orange circle "a" favicon for release 1.3
* Issue 2365: In Edit digital object screen, substitute new representation results in white screen
* Issue 2364: In Edit digital object screen, changing mediatype causes white screen
* Issue 2360: Rights holder name appears in drop-down/suggested list for Name of Creator data entry field
* Issue 2348: User Groups unavailable in drop-down when Admin tried to add new user in Trillium theme and Chrome browser
* Issue 2344: New information objects created from the accession page are not linked
* Issue 2337: User with translation rights is unable to edit the information in ISAAR fields
* Issue 2334: Draft status records not appearing in search results for authenticated users
* Issue 2330: Admin cannot view user permissions by repository
* Issue 2323: Add fulltext search for accessions
* Issue 2314: Add copyright status to advanced search
* Issue 2313 Hide accession numbers in archival description from public
* Issue 2311: Delete reference copy of digital object and replace or regenerate copy causes error
* Issue 2310: "Language and script notes" field should not repeat
* Issue 2298: Can't delete final UF field from taxonomy term
* Issue 2291: Translation interface broken
* Issue 2286: Using "+" in Treeview at Series-level, reveals child-levels without Publication Status "Draft"
* Issue 2284: Administrator unable to edit new user account's active status or edit new user account
* Issue 2276: Search results for PDF, TIFF and JPEG produce multiples.
* Issue 2273: Deleted archival description included in search results.
* Issue 2272: Change field label "Archival history" to "Archival /Custodial history" in Accessions template
* Issue 2270: SQL-only data schema upgrades / Switch migration task to direct db updates instead of YAML upgrades
* Issue 2263: Solve taxonomy and term constant
* Issue 2246: Moving an information object can break the nested set
* Issue 2238: Full reference code for archival descriptions is truncated in search results screen
* Issue 2235: Defaut sort order setting (Alphabetic or Last Updated) should be Admin Configurable
* Issue 2234: Qubit-sword daemon stops working after a long time running (MySQL server has gone away)
* Issue 2220: Migrate task in 1.2 release is not bumping database version during upgrades
* Issue 2212: Lucene Range Search broken in ICA-AtoM 1.2
* Issue 2209: Server 500 error on multiple record deletion
* Issue 2207: Apache (with mod_rewrite?) returns Forbidden error if permalink slug is more than 255 characters
* Issue 2206: Reports - Date field at file and item level populated with date from fonds-level
* Issue 2203: Browse menu translated in Caribou but NOT other themes. Browse results page title not translated.
* Issue 2198: Fatal error viewing file/item report in language other than English
* Issue 2197: In ICA-AtoM Selecting Dublin Core as the default template in Admin>settings does not change resource edit template. Defaults to ISAD(G).
* Issue 2194: Search and Replace results in Fatal error.
* Issue 2176: Can't print file or item lists in DC or MODS
* Issue 2168: Translated UI labels appear in English
* Issue 2147: Trillium theme css not sticking in narrow Safari browser window
* Issue 2143: Trillium: pager alignment is inconsistent
* Issue 2141: Unable to activate a theme when browsing in a language distinct to english
* Issue 2048: Link to ALOUETTE.ca on ABOUT page is wrong, replace with DCB link.
* Issue 2035: RAD Note field for Language needs to be text, not a list of languages
* Issue 1995: Segmentation faults when calling _toString() magic method implicitly
* Issue 1993: Specify parent for EAD import
* Issue 1983: Actor records (users, authority records and repositories) cause incorrect hit count for authenticated users
* Issue 1975: ICA-AtoM virtual appliance does not work under VirtualBox 4.0.4
* Issue 1943: Context menu "see all" links are not useful for a large number (100+) of children
* Issue 1915: User profile should include institutional (repository) affiliation
* Issue 1628: String fields in the db are limited to 255 characters but Users demand bigger sizes and there is no warning
* Issue 1519: When logged in user doesn't have update permission to update archival descriptions, can partially drag and drop in hierarchy treeview
* Issue 1409: Users without view draft permissions can navigate to drafts in information object treeview hierarchy
* Issue 1344: Information div titles in edit screens disappear when scrolled over or clicked on
* Issue 1280: Prevent same user from being created more than once
* Issue 1113: Can't delete a user if they have created a note
* Issue 767: Include physical objects (i.e. storage containers) in the search index

[[Category:Releases]]

__NOTOC__

Release 1.3

2012-08-24T23:36:06Z

David: /* Misc */

Released Aug xx, 2012

<b> Release 1.3 </b> includes PDF Fulltext Search, security enhancements, improvements to Treeview functionality, and many bug fixes to make this the most stable and fully-functional ICA-AtoM release to date. (see below).

Release 1.3 comes 9 months after the 1.2 release in November 2011. Release 1.3 includes updated translations for Dutch, French, Polish, Portuguese, Slovenian and Spanish, along with the addition of Galician, Georgian, Indonesian, Japanese and Thai!

== New Features ==

* IE8 compatibility with Trillium theme
* PDF fulltext search Issue 1252
* Command line CSV import for archival descriptions (RAD and ISAD), authority records, accessions and events
* Administrator control of the public visiblity of some archival description elements (Visibility Elements) Issue 1931
* Addition of ellipses to expand or contract lengthy text fields Issue 537
* Batch search index updates have been optimized to run 10 - 100x faster!

== Enhancements ==

==== Security Enhancements ====
*Enhance login process to force all authenticated user requests to https (requires SSL certificate on server) Issue 2226
*Enhance login validation to force use of strong passwords Issue 2227: at least 8 characters long, contains characters from 3 of the following classes:
*# Upper case letters
*# Lower case letters
*# Numbers
*# Special characters
* Limit incoming requests for all Administrator functionality to a static IP address range Issue 2228

==== Treeview enhancements ====
* Brand new treeview!
* Drag & drop sorting Issue 1289
* View large number of child records in context Issue 1943
* Pop-up to show long description names when hovering over name

==== Import ====
* Integratration of command line and web interface for CSV imports Issue 140
* Allow XML or CSV import to an existing Fonds, Collection or Series Issue 1993

==== Accessions ====
* Add fulltext search for accessions Issue 2323
* Add ability to link pre-existing information objects to accession records Issue 2178

==== Browse ====
* Default sort order setting (Alphabetic or Last Updated) can be configured by the administrator Issue 2235

==== Searching ====
* Allow searching on textual dates Issue 2294
* Allow search by date range Issue 2261
* Add copyright status to advanced search Issue 2314

==== Usability ====
* Addition of ellipses to expand or contract text boxes Issue 537

==== Misc ====
* Display Archivematica AIP and File UUID for matching ICA-AtoM digital object Issue 2379
* SQL-only data schema upgrades for Release 1.1 thru Release 1.3 Issue 227

== Internationalization ==

*New! Galician, Georgian, Indonesian, Japanese and Thai translations of the user interface.
*Merged new and improved user interface translations for Dutch, French, Polish, Portuguese, Slovenian and Spanish (thank you to all our volunteer translators).
*Complete French translation of Rules for Archival Description (RAD) elements. (Translation funded by Manitoba Heritage Grant courtesy of the Department of Culture, Heritage and Tourism.)

== Bug fixes ==

* Issue 2420: CSV Import throws warning
* Issue 2415: filters.yml problem under qtSwordPlugin
* Issue 2411: Publication status in treeview is adding double parentheses in all themes except Trillium
* Issue 2408: Pop-up display in treeview not visible wen browser window is resized
* Issue 2407: Publication status in treeview should come at end of information object title
* Issue 2402: Admin user gets deactivated
* Issue 2395: Taxonomy/term treeview is broken
* Issue 2394: Installer theme is broken
* Issue 2384: EAD - dates not importing
* Issue 2382: Unauthorized users should not be able to view PREMIS rights
* Issue 2377: Search for donor name produces no results for authenticated user/admin
* Issue 2376: Repository names mixed with Authority record names in drop-down, selection of Repository name results in 404 error
* Issue 2368: User orange circle "a" favicon for release 1.3
* Issue 2365: In Edit digital object screen, substitute new representation results in white screen
* Issue 2364: In Edit digital object screen, changing mediatype causes white screen
* Issue 2360: Rights holder name appears in drop-down/suggested list for Name of Creator data entry field
* Issue 2348: User Groups unavailable in drop-down when Admin tried to add new user in Trillium theme and Chrome browser
* Issue 2344: New information objects created from the accession page are not linked
* Issue 2337: User with translation rights is unable to edit the information in ISAAR fields
* Issue 2334: Draft status records not appearing in search results for authenticated users
* Issue 2330: Admin cannot view user permissions by repository
* Issue 2323: Add fulltext search for accessions
* Issue 2314: Add copyright status to advanced search
* Issue 2313 Hide accession numbers in archival description from public
* Issue 2311: Delete reference copy of digital object and replace or regenerate copy causes error
* Issue 2310: "Language and script notes" field should not repeat
* Issue 2298: Can't delete final UF field from taxonomy term
* Issue 2291: Translation interface broken
* Issue 2286: Using "+" in Treeview at Series-level, reveals child-levels without Publication Status "Draft"
* Issue 2284: Administrator unable to edit new user account's active status or edit new user account
* Issue 2276: Search results for PDF, TIFF and JPEG produce multiples.
* Issue 2273: Deleted archival description included in search results.
* Issue 2272: Change field label "Archival history" to "Archival /Custodial history" in Accessions template
* Issue 2270: SQL-only data schema upgrades / Switch migration task to direct db updates instead of YAML upgrades
* Issue 2263: Solve taxonomy and term constant
* Issue 2246: Moving an information object can break the nested set
* Issue 2238: Full reference code for archival descriptions is truncated in search results screen
* Issue 2235: Defaut sort order setting (Alphabetic or Last Updated) should be Admin Configurable
* Issue 2234: Qubit-sword daemon stops working after a long time running (MySQL server has gone away)
* Issue 2220: Migrate task in 1.2 release is not bumping database version during upgrades
* Issue 2212: Lucene Range Search broken in ICA-AtoM 1.2
* Issue 2209: Server 500 error on multiple record deletion
* Issue 2207: Apache (with mod_rewrite?) returns Forbidden error if permalink slug is more than 255 characters
* Issue 2206: Reports - Date field at file and item level populated with date from fonds-level
* Issue 2203: Browse menu translated in Caribou but NOT other themes. Browse results page title not translated.
* Issue 2198: Fatal error viewing file/item report in language other than English
* Issue 2197: In ICA-AtoM Selecting Dublin Core as the default template in Admin>settings does not change resource edit template. Defaults to ISAD(G).
* Issue 2194: Search and Replace results in Fatal error.
* Issue 2176: Can't print file or item lists in DC or MODS
* Issue 2168: Translated UI labels appear in English
* Issue 2147: Trillium theme css not sticking in narrow Safari browser window
* Issue 2143: Trillium: pager alignment is inconsistent
* Issue 2141: Unable to activate a theme when browsing in a language distinct to english
* Issue 2048: Link to ALOUETTE.ca on ABOUT page is wrong, replace with DCB link.
* Issue 2035: RAD Note field for Language needs to be text, not a list of languages
* Issue 1995: Segmentation faults when calling _toString() magic method implicitly
* Issue 1993: Specify parent for EAD import
* Issue 1983: Actor records (users, authority records and repositories) cause incorrect hit count for authenticated users
* Issue 1975: ICA-AtoM virtual appliance does not work under VirtualBox 4.0.4
* Issue 1943: Context menu "see all" links are not useful for a large number (100+) of children
* Issue 1915: User profile should include institutional (repository) affiliation
* Issue 1628: String fields in the db are limited to 255 characters but Users demand bigger sizes and there is no warning
* Issue 1519: When logged in user doesn't have update permission to update archival descriptions, can partially drag and drop in hierarchy treeview
* Issue 1409: Users without view draft permissions can navigate to drafts in information object treeview hierarchy
* Issue 1344: Information div titles in edit screens disappear when scrolled over or clicked on
* Issue 1280: Prevent same user from being created more than once
* Issue 1113: Can't delete a user if they have created a note
* Issue 767: Include physical objects (i.e. storage containers) in the search index

[[Category:Releases]]

__NOTOC__

Release 1.3

2012-08-24T23:35:56Z

David: /* Misc */

Released Aug xx, 2012

<b> Release 1.3 </b> includes PDF Fulltext Search, security enhancements, improvements to Treeview functionality, and many bug fixes to make this the most stable and fully-functional ICA-AtoM release to date. (see below).

Release 1.3 comes 9 months after the 1.2 release in November 2011. Release 1.3 includes updated translations for Dutch, French, Polish, Portuguese, Slovenian and Spanish, along with the addition of Galician, Georgian, Indonesian, Japanese and Thai!

== New Features ==

* IE8 compatibility with Trillium theme
* PDF fulltext search Issue 1252
* Command line CSV import for archival descriptions (RAD and ISAD), authority records, accessions and events
* Administrator control of the public visiblity of some archival description elements (Visibility Elements) Issue 1931
* Addition of ellipses to expand or contract lengthy text fields Issue 537
* Batch search index updates have been optimized to run 10 - 100x faster!

== Enhancements ==

==== Security Enhancements ====
*Enhance login process to force all authenticated user requests to https (requires SSL certificate on server) Issue 2226
*Enhance login validation to force use of strong passwords Issue 2227: at least 8 characters long, contains characters from 3 of the following classes:
*# Upper case letters
*# Lower case letters
*# Numbers
*# Special characters
* Limit incoming requests for all Administrator functionality to a static IP address range Issue 2228

==== Treeview enhancements ====
* Brand new treeview!
* Drag & drop sorting Issue 1289
* View large number of child records in context Issue 1943
* Pop-up to show long description names when hovering over name

==== Import ====
* Integratration of command line and web interface for CSV imports Issue 140
* Allow XML or CSV import to an existing Fonds, Collection or Series Issue 1993

==== Accessions ====
* Add fulltext search for accessions Issue 2323
* Add ability to link pre-existing information objects to accession records Issue 2178

==== Browse ====
* Default sort order setting (Alphabetic or Last Updated) can be configured by the administrator Issue 2235

==== Searching ====
* Allow searching on textual dates Issue 2294
* Allow search by date range Issue 2261
* Add copyright status to advanced search Issue 2314

==== Usability ====
* Addition of ellipses to expand or contract text boxes Issue 537

==== Misc ====
* Display Archivematica AIP and File UUID for matching ICA-AtoM digital object 2379
* SQL-only data schema upgrades for Release 1.1 thru Release 1.3 Issue 227

== Internationalization ==

*New! Galician, Georgian, Indonesian, Japanese and Thai translations of the user interface.
*Merged new and improved user interface translations for Dutch, French, Polish, Portuguese, Slovenian and Spanish (thank you to all our volunteer translators).
*Complete French translation of Rules for Archival Description (RAD) elements. (Translation funded by Manitoba Heritage Grant courtesy of the Department of Culture, Heritage and Tourism.)

== Bug fixes ==

* Issue 2420: CSV Import throws warning
* Issue 2415: filters.yml problem under qtSwordPlugin
* Issue 2411: Publication status in treeview is adding double parentheses in all themes except Trillium
* Issue 2408: Pop-up display in treeview not visible wen browser window is resized
* Issue 2407: Publication status in treeview should come at end of information object title
* Issue 2402: Admin user gets deactivated
* Issue 2395: Taxonomy/term treeview is broken
* Issue 2394: Installer theme is broken
* Issue 2384: EAD - dates not importing
* Issue 2382: Unauthorized users should not be able to view PREMIS rights
* Issue 2377: Search for donor name produces no results for authenticated user/admin
* Issue 2376: Repository names mixed with Authority record names in drop-down, selection of Repository name results in 404 error
* Issue 2368: User orange circle "a" favicon for release 1.3
* Issue 2365: In Edit digital object screen, substitute new representation results in white screen
* Issue 2364: In Edit digital object screen, changing mediatype causes white screen
* Issue 2360: Rights holder name appears in drop-down/suggested list for Name of Creator data entry field
* Issue 2348: User Groups unavailable in drop-down when Admin tried to add new user in Trillium theme and Chrome browser
* Issue 2344: New information objects created from the accession page are not linked
* Issue 2337: User with translation rights is unable to edit the information in ISAAR fields
* Issue 2334: Draft status records not appearing in search results for authenticated users
* Issue 2330: Admin cannot view user permissions by repository
* Issue 2323: Add fulltext search for accessions
* Issue 2314: Add copyright status to advanced search
* Issue 2313 Hide accession numbers in archival description from public
* Issue 2311: Delete reference copy of digital object and replace or regenerate copy causes error
* Issue 2310: "Language and script notes" field should not repeat
* Issue 2298: Can't delete final UF field from taxonomy term
* Issue 2291: Translation interface broken
* Issue 2286: Using "+" in Treeview at Series-level, reveals child-levels without Publication Status "Draft"
* Issue 2284: Administrator unable to edit new user account's active status or edit new user account
* Issue 2276: Search results for PDF, TIFF and JPEG produce multiples.
* Issue 2273: Deleted archival description included in search results.
* Issue 2272: Change field label "Archival history" to "Archival /Custodial history" in Accessions template
* Issue 2270: SQL-only data schema upgrades / Switch migration task to direct db updates instead of YAML upgrades
* Issue 2263: Solve taxonomy and term constant
* Issue 2246: Moving an information object can break the nested set
* Issue 2238: Full reference code for archival descriptions is truncated in search results screen
* Issue 2235: Defaut sort order setting (Alphabetic or Last Updated) should be Admin Configurable
* Issue 2234: Qubit-sword daemon stops working after a long time running (MySQL server has gone away)
* Issue 2220: Migrate task in 1.2 release is not bumping database version during upgrades
* Issue 2212: Lucene Range Search broken in ICA-AtoM 1.2
* Issue 2209: Server 500 error on multiple record deletion
* Issue 2207: Apache (with mod_rewrite?) returns Forbidden error if permalink slug is more than 255 characters
* Issue 2206: Reports - Date field at file and item level populated with date from fonds-level
* Issue 2203: Browse menu translated in Caribou but NOT other themes. Browse results page title not translated.
* Issue 2198: Fatal error viewing file/item report in language other than English
* Issue 2197: In ICA-AtoM Selecting Dublin Core as the default template in Admin>settings does not change resource edit template. Defaults to ISAD(G).
* Issue 2194: Search and Replace results in Fatal error.
* Issue 2176: Can't print file or item lists in DC or MODS
* Issue 2168: Translated UI labels appear in English
* Issue 2147: Trillium theme css not sticking in narrow Safari browser window
* Issue 2143: Trillium: pager alignment is inconsistent
* Issue 2141: Unable to activate a theme when browsing in a language distinct to english
* Issue 2048: Link to ALOUETTE.ca on ABOUT page is wrong, replace with DCB link.
* Issue 2035: RAD Note field for Language needs to be text, not a list of languages
* Issue 1995: Segmentation faults when calling _toString() magic method implicitly
* Issue 1993: Specify parent for EAD import
* Issue 1983: Actor records (users, authority records and repositories) cause incorrect hit count for authenticated users
* Issue 1975: ICA-AtoM virtual appliance does not work under VirtualBox 4.0.4
* Issue 1943: Context menu "see all" links are not useful for a large number (100+) of children
* Issue 1915: User profile should include institutional (repository) affiliation
* Issue 1628: String fields in the db are limited to 255 characters but Users demand bigger sizes and there is no warning
* Issue 1519: When logged in user doesn't have update permission to update archival descriptions, can partially drag and drop in hierarchy treeview
* Issue 1409: Users without view draft permissions can navigate to drafts in information object treeview hierarchy
* Issue 1344: Information div titles in edit screens disappear when scrolled over or clicked on
* Issue 1280: Prevent same user from being created more than once
* Issue 1113: Can't delete a user if they have created a note
* Issue 767: Include physical objects (i.e. storage containers) in the search index

[[Category:Releases]]

__NOTOC__

Release 1.3

2012-08-24T23:35:09Z

David: /* Import */

Released Aug xx, 2012

<b> Release 1.3 </b> includes PDF Fulltext Search, security enhancements, improvements to Treeview functionality, and many bug fixes to make this the most stable and fully-functional ICA-AtoM release to date. (see below).

Release 1.3 comes 9 months after the 1.2 release in November 2011. Release 1.3 includes updated translations for Dutch, French, Polish, Portuguese, Slovenian and Spanish, along with the addition of Galician, Georgian, Indonesian, Japanese and Thai!

== New Features ==

* IE8 compatibility with Trillium theme
* PDF fulltext search Issue 1252
* Command line CSV import for archival descriptions (RAD and ISAD), authority records, accessions and events
* Administrator control of the public visiblity of some archival description elements (Visibility Elements) Issue 1931
* Addition of ellipses to expand or contract lengthy text fields Issue 537
* Batch search index updates have been optimized to run 10 - 100x faster!

== Enhancements ==

==== Security Enhancements ====
*Enhance login process to force all authenticated user requests to https (requires SSL certificate on server) Issue 2226
*Enhance login validation to force use of strong passwords Issue 2227: at least 8 characters long, contains characters from 3 of the following classes:
*# Upper case letters
*# Lower case letters
*# Numbers
*# Special characters
* Limit incoming requests for all Administrator functionality to a static IP address range Issue 2228

==== Treeview enhancements ====
* Brand new treeview!
* Drag & drop sorting Issue 1289
* View large number of child records in context Issue 1943
* Pop-up to show long description names when hovering over name

==== Import ====
* Integratration of command line and web interface for CSV imports Issue 140
* Allow XML or CSV import to an existing Fonds, Collection or Series Issue 1993

==== Accessions ====
* Add fulltext search for accessions Issue 2323
* Add ability to link pre-existing information objects to accession records Issue 2178

==== Browse ====
* Default sort order setting (Alphabetic or Last Updated) can be configured by the administrator Issue 2235

==== Searching ====
* Allow searching on textual dates Issue 2294
* Allow search by date range Issue 2261
* Add copyright status to advanced search Issue 2314

==== Usability ====
* Addition of ellipses to expand or contract text boxes Issue 537

==== Misc ====
* Display Archivematica AIP and File UUID for matching ICA-AtoM digital object
* SQL-only data schema upgrades for Release 1.1 thru Release 1.3 Issue 227.

== Internationalization ==

*New! Galician, Georgian, Indonesian, Japanese and Thai translations of the user interface.
*Merged new and improved user interface translations for Dutch, French, Polish, Portuguese, Slovenian and Spanish (thank you to all our volunteer translators).
*Complete French translation of Rules for Archival Description (RAD) elements. (Translation funded by Manitoba Heritage Grant courtesy of the Department of Culture, Heritage and Tourism.)

== Bug fixes ==

* Issue 2420: CSV Import throws warning
* Issue 2415: filters.yml problem under qtSwordPlugin
* Issue 2411: Publication status in treeview is adding double parentheses in all themes except Trillium
* Issue 2408: Pop-up display in treeview not visible wen browser window is resized
* Issue 2407: Publication status in treeview should come at end of information object title
* Issue 2402: Admin user gets deactivated
* Issue 2395: Taxonomy/term treeview is broken
* Issue 2394: Installer theme is broken
* Issue 2384: EAD - dates not importing
* Issue 2382: Unauthorized users should not be able to view PREMIS rights
* Issue 2377: Search for donor name produces no results for authenticated user/admin
* Issue 2376: Repository names mixed with Authority record names in drop-down, selection of Repository name results in 404 error
* Issue 2368: User orange circle "a" favicon for release 1.3
* Issue 2365: In Edit digital object screen, substitute new representation results in white screen
* Issue 2364: In Edit digital object screen, changing mediatype causes white screen
* Issue 2360: Rights holder name appears in drop-down/suggested list for Name of Creator data entry field
* Issue 2348: User Groups unavailable in drop-down when Admin tried to add new user in Trillium theme and Chrome browser
* Issue 2344: New information objects created from the accession page are not linked
* Issue 2337: User with translation rights is unable to edit the information in ISAAR fields
* Issue 2334: Draft status records not appearing in search results for authenticated users
* Issue 2330: Admin cannot view user permissions by repository
* Issue 2323: Add fulltext search for accessions
* Issue 2314: Add copyright status to advanced search
* Issue 2313 Hide accession numbers in archival description from public
* Issue 2311: Delete reference copy of digital object and replace or regenerate copy causes error
* Issue 2310: "Language and script notes" field should not repeat
* Issue 2298: Can't delete final UF field from taxonomy term
* Issue 2291: Translation interface broken
* Issue 2286: Using "+" in Treeview at Series-level, reveals child-levels without Publication Status "Draft"
* Issue 2284: Administrator unable to edit new user account's active status or edit new user account
* Issue 2276: Search results for PDF, TIFF and JPEG produce multiples.
* Issue 2273: Deleted archival description included in search results.
* Issue 2272: Change field label "Archival history" to "Archival /Custodial history" in Accessions template
* Issue 2270: SQL-only data schema upgrades / Switch migration task to direct db updates instead of YAML upgrades
* Issue 2263: Solve taxonomy and term constant
* Issue 2246: Moving an information object can break the nested set
* Issue 2238: Full reference code for archival descriptions is truncated in search results screen
* Issue 2235: Defaut sort order setting (Alphabetic or Last Updated) should be Admin Configurable
* Issue 2234: Qubit-sword daemon stops working after a long time running (MySQL server has gone away)
* Issue 2220: Migrate task in 1.2 release is not bumping database version during upgrades
* Issue 2212: Lucene Range Search broken in ICA-AtoM 1.2
* Issue 2209: Server 500 error on multiple record deletion
* Issue 2207: Apache (with mod_rewrite?) returns Forbidden error if permalink slug is more than 255 characters
* Issue 2206: Reports - Date field at file and item level populated with date from fonds-level
* Issue 2203: Browse menu translated in Caribou but NOT other themes. Browse results page title not translated.
* Issue 2198: Fatal error viewing file/item report in language other than English
* Issue 2197: In ICA-AtoM Selecting Dublin Core as the default template in Admin>settings does not change resource edit template. Defaults to ISAD(G).
* Issue 2194: Search and Replace results in Fatal error.
* Issue 2176: Can't print file or item lists in DC or MODS
* Issue 2168: Translated UI labels appear in English
* Issue 2147: Trillium theme css not sticking in narrow Safari browser window
* Issue 2143: Trillium: pager alignment is inconsistent
* Issue 2141: Unable to activate a theme when browsing in a language distinct to english
* Issue 2048: Link to ALOUETTE.ca on ABOUT page is wrong, replace with DCB link.
* Issue 2035: RAD Note field for Language needs to be text, not a list of languages
* Issue 1995: Segmentation faults when calling _toString() magic method implicitly
* Issue 1993: Specify parent for EAD import
* Issue 1983: Actor records (users, authority records and repositories) cause incorrect hit count for authenticated users
* Issue 1975: ICA-AtoM virtual appliance does not work under VirtualBox 4.0.4
* Issue 1943: Context menu "see all" links are not useful for a large number (100+) of children
* Issue 1915: User profile should include institutional (repository) affiliation
* Issue 1628: String fields in the db are limited to 255 characters but Users demand bigger sizes and there is no warning
* Issue 1519: When logged in user doesn't have update permission to update archival descriptions, can partially drag and drop in hierarchy treeview
* Issue 1409: Users without view draft permissions can navigate to drafts in information object treeview hierarchy
* Issue 1344: Information div titles in edit screens disappear when scrolled over or clicked on
* Issue 1280: Prevent same user from being created more than once
* Issue 1113: Can't delete a user if they have created a note
* Issue 767: Include physical objects (i.e. storage containers) in the search index

[[Category:Releases]]

__NOTOC__

Release 1.3

2012-08-24T23:34:54Z

David: /* Import */

Released Aug xx, 2012

<b> Release 1.3 </b> includes PDF Fulltext Search, security enhancements, improvements to Treeview functionality, and many bug fixes to make this the most stable and fully-functional ICA-AtoM release to date. (see below).

Release 1.3 comes 9 months after the 1.2 release in November 2011. Release 1.3 includes updated translations for Dutch, French, Polish, Portuguese, Slovenian and Spanish, along with the addition of Galician, Georgian, Indonesian, Japanese and Thai!

== New Features ==

* IE8 compatibility with Trillium theme
* PDF fulltext search Issue 1252
* Command line CSV import for archival descriptions (RAD and ISAD), authority records, accessions and events
* Administrator control of the public visiblity of some archival description elements (Visibility Elements) Issue 1931
* Addition of ellipses to expand or contract lengthy text fields Issue 537
* Batch search index updates have been optimized to run 10 - 100x faster!

== Enhancements ==

==== Security Enhancements ====
*Enhance login process to force all authenticated user requests to https (requires SSL certificate on server) Issue 2226
*Enhance login validation to force use of strong passwords Issue 2227: at least 8 characters long, contains characters from 3 of the following classes:
*# Upper case letters
*# Lower case letters
*# Numbers
*# Special characters
* Limit incoming requests for all Administrator functionality to a static IP address range Issue 2228

==== Treeview enhancements ====
* Brand new treeview!
* Drag & drop sorting Issue 1289
* View large number of child records in context Issue 1943
* Pop-up to show long description names when hovering over name

==== Import ====
* Integratration command line and web interface for CSV imports Issue 140
* Allow XML or CSV import to an existing Fonds, Collection or Series Issue 1993

==== Accessions ====
* Add fulltext search for accessions Issue 2323
* Add ability to link pre-existing information objects to accession records Issue 2178

==== Browse ====
* Default sort order setting (Alphabetic or Last Updated) can be configured by the administrator Issue 2235

==== Searching ====
* Allow searching on textual dates Issue 2294
* Allow search by date range Issue 2261
* Add copyright status to advanced search Issue 2314

==== Usability ====
* Addition of ellipses to expand or contract text boxes Issue 537

==== Misc ====
* Display Archivematica AIP and File UUID for matching ICA-AtoM digital object
* SQL-only data schema upgrades for Release 1.1 thru Release 1.3 Issue 227.

== Internationalization ==

*New! Galician, Georgian, Indonesian, Japanese and Thai translations of the user interface.
*Merged new and improved user interface translations for Dutch, French, Polish, Portuguese, Slovenian and Spanish (thank you to all our volunteer translators).
*Complete French translation of Rules for Archival Description (RAD) elements. (Translation funded by Manitoba Heritage Grant courtesy of the Department of Culture, Heritage and Tourism.)

== Bug fixes ==

* Issue 2420: CSV Import throws warning
* Issue 2415: filters.yml problem under qtSwordPlugin
* Issue 2411: Publication status in treeview is adding double parentheses in all themes except Trillium
* Issue 2408: Pop-up display in treeview not visible wen browser window is resized
* Issue 2407: Publication status in treeview should come at end of information object title
* Issue 2402: Admin user gets deactivated
* Issue 2395: Taxonomy/term treeview is broken
* Issue 2394: Installer theme is broken
* Issue 2384: EAD - dates not importing
* Issue 2382: Unauthorized users should not be able to view PREMIS rights
* Issue 2377: Search for donor name produces no results for authenticated user/admin
* Issue 2376: Repository names mixed with Authority record names in drop-down, selection of Repository name results in 404 error
* Issue 2368: User orange circle "a" favicon for release 1.3
* Issue 2365: In Edit digital object screen, substitute new representation results in white screen
* Issue 2364: In Edit digital object screen, changing mediatype causes white screen
* Issue 2360: Rights holder name appears in drop-down/suggested list for Name of Creator data entry field
* Issue 2348: User Groups unavailable in drop-down when Admin tried to add new user in Trillium theme and Chrome browser
* Issue 2344: New information objects created from the accession page are not linked
* Issue 2337: User with translation rights is unable to edit the information in ISAAR fields
* Issue 2334: Draft status records not appearing in search results for authenticated users
* Issue 2330: Admin cannot view user permissions by repository
* Issue 2323: Add fulltext search for accessions
* Issue 2314: Add copyright status to advanced search
* Issue 2313 Hide accession numbers in archival description from public
* Issue 2311: Delete reference copy of digital object and replace or regenerate copy causes error
* Issue 2310: "Language and script notes" field should not repeat
* Issue 2298: Can't delete final UF field from taxonomy term
* Issue 2291: Translation interface broken
* Issue 2286: Using "+" in Treeview at Series-level, reveals child-levels without Publication Status "Draft"
* Issue 2284: Administrator unable to edit new user account's active status or edit new user account
* Issue 2276: Search results for PDF, TIFF and JPEG produce multiples.
* Issue 2273: Deleted archival description included in search results.
* Issue 2272: Change field label "Archival history" to "Archival /Custodial history" in Accessions template
* Issue 2270: SQL-only data schema upgrades / Switch migration task to direct db updates instead of YAML upgrades
* Issue 2263: Solve taxonomy and term constant
* Issue 2246: Moving an information object can break the nested set
* Issue 2238: Full reference code for archival descriptions is truncated in search results screen
* Issue 2235: Defaut sort order setting (Alphabetic or Last Updated) should be Admin Configurable
* Issue 2234: Qubit-sword daemon stops working after a long time running (MySQL server has gone away)
* Issue 2220: Migrate task in 1.2 release is not bumping database version during upgrades
* Issue 2212: Lucene Range Search broken in ICA-AtoM 1.2
* Issue 2209: Server 500 error on multiple record deletion
* Issue 2207: Apache (with mod_rewrite?) returns Forbidden error if permalink slug is more than 255 characters
* Issue 2206: Reports - Date field at file and item level populated with date from fonds-level
* Issue 2203: Browse menu translated in Caribou but NOT other themes. Browse results page title not translated.
* Issue 2198: Fatal error viewing file/item report in language other than English
* Issue 2197: In ICA-AtoM Selecting Dublin Core as the default template in Admin>settings does not change resource edit template. Defaults to ISAD(G).
* Issue 2194: Search and Replace results in Fatal error.
* Issue 2176: Can't print file or item lists in DC or MODS
* Issue 2168: Translated UI labels appear in English
* Issue 2147: Trillium theme css not sticking in narrow Safari browser window
* Issue 2143: Trillium: pager alignment is inconsistent
* Issue 2141: Unable to activate a theme when browsing in a language distinct to english
* Issue 2048: Link to ALOUETTE.ca on ABOUT page is wrong, replace with DCB link.
* Issue 2035: RAD Note field for Language needs to be text, not a list of languages
* Issue 1995: Segmentation faults when calling _toString() magic method implicitly
* Issue 1993: Specify parent for EAD import
* Issue 1983: Actor records (users, authority records and repositories) cause incorrect hit count for authenticated users
* Issue 1975: ICA-AtoM virtual appliance does not work under VirtualBox 4.0.4
* Issue 1943: Context menu "see all" links are not useful for a large number (100+) of children
* Issue 1915: User profile should include institutional (repository) affiliation
* Issue 1628: String fields in the db are limited to 255 characters but Users demand bigger sizes and there is no warning
* Issue 1519: When logged in user doesn't have update permission to update archival descriptions, can partially drag and drop in hierarchy treeview
* Issue 1409: Users without view draft permissions can navigate to drafts in information object treeview hierarchy
* Issue 1344: Information div titles in edit screens disappear when scrolled over or clicked on
* Issue 1280: Prevent same user from being created more than once
* Issue 1113: Can't delete a user if they have created a note
* Issue 767: Include physical objects (i.e. storage containers) in the search index

[[Category:Releases]]

__NOTOC__

Release 1.3

2012-08-24T23:34:21Z

David: /* Enhancements */

Released Aug xx, 2012

<b> Release 1.3 </b> includes PDF Fulltext Search, security enhancements, improvements to Treeview functionality, and many bug fixes to make this the most stable and fully-functional ICA-AtoM release to date. (see below).

Release 1.3 comes 9 months after the 1.2 release in November 2011. Release 1.3 includes updated translations for Dutch, French, Polish, Portuguese, Slovenian and Spanish, along with the addition of Galician, Georgian, Indonesian, Japanese and Thai!

== New Features ==

* IE8 compatibility with Trillium theme
* PDF fulltext search Issue 1252
* Command line CSV import for archival descriptions (RAD and ISAD), authority records, accessions and events
* Administrator control of the public visiblity of some archival description elements (Visibility Elements) Issue 1931
* Addition of ellipses to expand or contract lengthy text fields Issue 537
* Batch search index updates have been optimized to run 10 - 100x faster!

== Enhancements ==

==== Security Enhancements ====
*Enhance login process to force all authenticated user requests to https (requires SSL certificate on server) Issue 2226
*Enhance login validation to force use of strong passwords Issue 2227: at least 8 characters long, contains characters from 3 of the following classes:
*# Upper case letters
*# Lower case letters
*# Numbers
*# Special characters
* Limit incoming requests for all Administrator functionality to a static IP address range Issue 2228

==== Treeview enhancements ====
* Brand new treeview!
* Drag & drop sorting Issue 1289
* View large number of child records in context Issue 1943
* Pop-up to show long description names when hovering over name

==== Import ====
* Integratration command line and web interface for CSV imports Issue 140
* Allow XML import to an existing Fonds, Collection or Series Issue 1993

==== Accessions ====
* Add fulltext search for accessions Issue 2323
* Add ability to link pre-existing information objects to accession records Issue 2178

==== Browse ====
* Default sort order setting (Alphabetic or Last Updated) can be configured by the administrator Issue 2235

==== Searching ====
* Allow searching on textual dates Issue 2294
* Allow search by date range Issue 2261
* Add copyright status to advanced search Issue 2314

==== Usability ====
* Addition of ellipses to expand or contract text boxes Issue 537

==== Misc ====
* Display Archivematica AIP and File UUID for matching ICA-AtoM digital object
* SQL-only data schema upgrades for Release 1.1 thru Release 1.3 Issue 227.

== Internationalization ==

*New! Galician, Georgian, Indonesian, Japanese and Thai translations of the user interface.
*Merged new and improved user interface translations for Dutch, French, Polish, Portuguese, Slovenian and Spanish (thank you to all our volunteer translators).
*Complete French translation of Rules for Archival Description (RAD) elements. (Translation funded by Manitoba Heritage Grant courtesy of the Department of Culture, Heritage and Tourism.)

== Bug fixes ==

* Issue 2420: CSV Import throws warning
* Issue 2415: filters.yml problem under qtSwordPlugin
* Issue 2411: Publication status in treeview is adding double parentheses in all themes except Trillium
* Issue 2408: Pop-up display in treeview not visible wen browser window is resized
* Issue 2407: Publication status in treeview should come at end of information object title
* Issue 2402: Admin user gets deactivated
* Issue 2395: Taxonomy/term treeview is broken
* Issue 2394: Installer theme is broken
* Issue 2384: EAD - dates not importing
* Issue 2382: Unauthorized users should not be able to view PREMIS rights
* Issue 2377: Search for donor name produces no results for authenticated user/admin
* Issue 2376: Repository names mixed with Authority record names in drop-down, selection of Repository name results in 404 error
* Issue 2368: User orange circle "a" favicon for release 1.3
* Issue 2365: In Edit digital object screen, substitute new representation results in white screen
* Issue 2364: In Edit digital object screen, changing mediatype causes white screen
* Issue 2360: Rights holder name appears in drop-down/suggested list for Name of Creator data entry field
* Issue 2348: User Groups unavailable in drop-down when Admin tried to add new user in Trillium theme and Chrome browser
* Issue 2344: New information objects created from the accession page are not linked
* Issue 2337: User with translation rights is unable to edit the information in ISAAR fields
* Issue 2334: Draft status records not appearing in search results for authenticated users
* Issue 2330: Admin cannot view user permissions by repository
* Issue 2323: Add fulltext search for accessions
* Issue 2314: Add copyright status to advanced search
* Issue 2313 Hide accession numbers in archival description from public
* Issue 2311: Delete reference copy of digital object and replace or regenerate copy causes error
* Issue 2310: "Language and script notes" field should not repeat
* Issue 2298: Can't delete final UF field from taxonomy term
* Issue 2291: Translation interface broken
* Issue 2286: Using "+" in Treeview at Series-level, reveals child-levels without Publication Status "Draft"
* Issue 2284: Administrator unable to edit new user account's active status or edit new user account
* Issue 2276: Search results for PDF, TIFF and JPEG produce multiples.
* Issue 2273: Deleted archival description included in search results.
* Issue 2272: Change field label "Archival history" to "Archival /Custodial history" in Accessions template
* Issue 2270: SQL-only data schema upgrades / Switch migration task to direct db updates instead of YAML upgrades
* Issue 2263: Solve taxonomy and term constant
* Issue 2246: Moving an information object can break the nested set
* Issue 2238: Full reference code for archival descriptions is truncated in search results screen
* Issue 2235: Defaut sort order setting (Alphabetic or Last Updated) should be Admin Configurable
* Issue 2234: Qubit-sword daemon stops working after a long time running (MySQL server has gone away)
* Issue 2220: Migrate task in 1.2 release is not bumping database version during upgrades
* Issue 2212: Lucene Range Search broken in ICA-AtoM 1.2
* Issue 2209: Server 500 error on multiple record deletion
* Issue 2207: Apache (with mod_rewrite?) returns Forbidden error if permalink slug is more than 255 characters
* Issue 2206: Reports - Date field at file and item level populated with date from fonds-level
* Issue 2203: Browse menu translated in Caribou but NOT other themes. Browse results page title not translated.
* Issue 2198: Fatal error viewing file/item report in language other than English
* Issue 2197: In ICA-AtoM Selecting Dublin Core as the default template in Admin>settings does not change resource edit template. Defaults to ISAD(G).
* Issue 2194: Search and Replace results in Fatal error.
* Issue 2176: Can't print file or item lists in DC or MODS
* Issue 2168: Translated UI labels appear in English
* Issue 2147: Trillium theme css not sticking in narrow Safari browser window
* Issue 2143: Trillium: pager alignment is inconsistent
* Issue 2141: Unable to activate a theme when browsing in a language distinct to english
* Issue 2048: Link to ALOUETTE.ca on ABOUT page is wrong, replace with DCB link.
* Issue 2035: RAD Note field for Language needs to be text, not a list of languages
* Issue 1995: Segmentation faults when calling _toString() magic method implicitly
* Issue 1993: Specify parent for EAD import
* Issue 1983: Actor records (users, authority records and repositories) cause incorrect hit count for authenticated users
* Issue 1975: ICA-AtoM virtual appliance does not work under VirtualBox 4.0.4
* Issue 1943: Context menu "see all" links are not useful for a large number (100+) of children
* Issue 1915: User profile should include institutional (repository) affiliation
* Issue 1628: String fields in the db are limited to 255 characters but Users demand bigger sizes and there is no warning
* Issue 1519: When logged in user doesn't have update permission to update archival descriptions, can partially drag and drop in hierarchy treeview
* Issue 1409: Users without view draft permissions can navigate to drafts in information object treeview hierarchy
* Issue 1344: Information div titles in edit screens disappear when scrolled over or clicked on
* Issue 1280: Prevent same user from being created more than once
* Issue 1113: Can't delete a user if they have created a note
* Issue 767: Include physical objects (i.e. storage containers) in the search index

[[Category:Releases]]

__NOTOC__

Release 1.3

2012-08-24T23:30:36Z

David: /* New Features */

Released Aug xx, 2012

<b> Release 1.3 </b> includes PDF Fulltext Search, security enhancements, improvements to Treeview functionality, and many bug fixes to make this the most stable and fully-functional ICA-AtoM release to date. (see below).

Release 1.3 comes 9 months after the 1.2 release in November 2011. Release 1.3 includes updated translations for Dutch, French, Polish, Portuguese, Slovenian and Spanish, along with the addition of Galician, Georgian, Indonesian, Japanese and Thai!

== New Features ==

* IE8 compatibility with Trillium theme
* PDF fulltext search Issue 1252
* Command line CSV import for archival descriptions (RAD and ISAD), authority records, accessions and events
* Administrator control of the public visiblity of some archival description elements (Visibility Elements) Issue 1931
* Addition of ellipses to expand or contract lengthy text fields Issue 537
* Batch search index updates have been optimized to run 10 - 100x faster!

== Enhancements ==

==== Security Enhancements ====
*Enhance login process to force all authenticated user requests to https (requires SSL certificate on server) Issue 2226
*Enhance login validation to force use of strong passwords Issue 2227: at least 8 characters long, contains characters from 3 of the following classes:
*# Upper case letters
*# Lower case letters
*# Numbers
*# Special characters
* Limit incoming requests for all Administrator functionality to a static IP address range Issue 2228

==== Treeview enhancements ====
* Brand new treeview!
* Drag & drop sorting Issue 1289
* View large number of child records in context Issue 1943
* Pop-up to show long description names when hovering over name

==== Accessions ====
* Add fulltext search for accessions Issue 2323
* Add ability to link pre-existing information objects to accession records Issue 2178

==== Browse ====
* Default sort order setting (Alphabetic or Last Updated) can be configured by the administrator Issue 2235

==== Searching ====
* Allow searching on textual dates Issue 2294
* Allow search by date range Issue 2261
* Add copyright status to advanced search Issue 2314

==== Usability ====
* Addition of ellipses to expand or contract text boxes Issue 537

==== Misc ====
* Display Archivematica AIP and File UUID for matching ICA-AtoM digital object
* SQL-only data schema upgrades for Release 1.1 thru Release 1.3 Issue 227.

== Internationalization ==

*New! Galician, Georgian, Indonesian, Japanese and Thai translations of the user interface.
*Merged new and improved user interface translations for Dutch, French, Polish, Portuguese, Slovenian and Spanish (thank you to all our volunteer translators).
*Complete French translation of Rules for Archival Description (RAD) elements. (Translation funded by Manitoba Heritage Grant courtesy of the Department of Culture, Heritage and Tourism.)

== Bug fixes ==

* Issue 2420: CSV Import throws warning
* Issue 2415: filters.yml problem under qtSwordPlugin
* Issue 2411: Publication status in treeview is adding double parentheses in all themes except Trillium
* Issue 2408: Pop-up display in treeview not visible wen browser window is resized
* Issue 2407: Publication status in treeview should come at end of information object title
* Issue 2402: Admin user gets deactivated
* Issue 2395: Taxonomy/term treeview is broken
* Issue 2394: Installer theme is broken
* Issue 2384: EAD - dates not importing
* Issue 2382: Unauthorized users should not be able to view PREMIS rights
* Issue 2377: Search for donor name produces no results for authenticated user/admin
* Issue 2376: Repository names mixed with Authority record names in drop-down, selection of Repository name results in 404 error
* Issue 2368: User orange circle "a" favicon for release 1.3
* Issue 2365: In Edit digital object screen, substitute new representation results in white screen
* Issue 2364: In Edit digital object screen, changing mediatype causes white screen
* Issue 2360: Rights holder name appears in drop-down/suggested list for Name of Creator data entry field
* Issue 2348: User Groups unavailable in drop-down when Admin tried to add new user in Trillium theme and Chrome browser
* Issue 2344: New information objects created from the accession page are not linked
* Issue 2337: User with translation rights is unable to edit the information in ISAAR fields
* Issue 2334: Draft status records not appearing in search results for authenticated users
* Issue 2330: Admin cannot view user permissions by repository
* Issue 2323: Add fulltext search for accessions
* Issue 2314: Add copyright status to advanced search
* Issue 2313 Hide accession numbers in archival description from public
* Issue 2311: Delete reference copy of digital object and replace or regenerate copy causes error
* Issue 2310: "Language and script notes" field should not repeat
* Issue 2298: Can't delete final UF field from taxonomy term
* Issue 2291: Translation interface broken
* Issue 2286: Using "+" in Treeview at Series-level, reveals child-levels without Publication Status "Draft"
* Issue 2284: Administrator unable to edit new user account's active status or edit new user account
* Issue 2276: Search results for PDF, TIFF and JPEG produce multiples.
* Issue 2273: Deleted archival description included in search results.
* Issue 2272: Change field label "Archival history" to "Archival /Custodial history" in Accessions template
* Issue 2270: SQL-only data schema upgrades / Switch migration task to direct db updates instead of YAML upgrades
* Issue 2263: Solve taxonomy and term constant
* Issue 2246: Moving an information object can break the nested set
* Issue 2238: Full reference code for archival descriptions is truncated in search results screen
* Issue 2235: Defaut sort order setting (Alphabetic or Last Updated) should be Admin Configurable
* Issue 2234: Qubit-sword daemon stops working after a long time running (MySQL server has gone away)
* Issue 2220: Migrate task in 1.2 release is not bumping database version during upgrades
* Issue 2212: Lucene Range Search broken in ICA-AtoM 1.2
* Issue 2209: Server 500 error on multiple record deletion
* Issue 2207: Apache (with mod_rewrite?) returns Forbidden error if permalink slug is more than 255 characters
* Issue 2206: Reports - Date field at file and item level populated with date from fonds-level
* Issue 2203: Browse menu translated in Caribou but NOT other themes. Browse results page title not translated.
* Issue 2198: Fatal error viewing file/item report in language other than English
* Issue 2197: In ICA-AtoM Selecting Dublin Core as the default template in Admin>settings does not change resource edit template. Defaults to ISAD(G).
* Issue 2194: Search and Replace results in Fatal error.
* Issue 2176: Can't print file or item lists in DC or MODS
* Issue 2168: Translated UI labels appear in English
* Issue 2147: Trillium theme css not sticking in narrow Safari browser window
* Issue 2143: Trillium: pager alignment is inconsistent
* Issue 2141: Unable to activate a theme when browsing in a language distinct to english
* Issue 2048: Link to ALOUETTE.ca on ABOUT page is wrong, replace with DCB link.
* Issue 2035: RAD Note field for Language needs to be text, not a list of languages
* Issue 1995: Segmentation faults when calling _toString() magic method implicitly
* Issue 1993: Specify parent for EAD import
* Issue 1983: Actor records (users, authority records and repositories) cause incorrect hit count for authenticated users
* Issue 1975: ICA-AtoM virtual appliance does not work under VirtualBox 4.0.4
* Issue 1943: Context menu "see all" links are not useful for a large number (100+) of children
* Issue 1915: User profile should include institutional (repository) affiliation
* Issue 1628: String fields in the db are limited to 255 characters but Users demand bigger sizes and there is no warning
* Issue 1519: When logged in user doesn't have update permission to update archival descriptions, can partially drag and drop in hierarchy treeview
* Issue 1409: Users without view draft permissions can navigate to drafts in information object treeview hierarchy
* Issue 1344: Information div titles in edit screens disappear when scrolled over or clicked on
* Issue 1280: Prevent same user from being created more than once
* Issue 1113: Can't delete a user if they have created a note
* Issue 767: Include physical objects (i.e. storage containers) in the search index

[[Category:Releases]]

__NOTOC__

Release 1.3

2012-08-24T23:29:50Z

David: /* New Features */

Released Aug xx, 2012

<b> Release 1.3 </b> includes PDF Fulltext Search, security enhancements, improvements to Treeview functionality, and many bug fixes to make this the most stable and fully-functional ICA-AtoM release to date. (see below).

Release 1.3 comes 9 months after the 1.2 release in November 2011. Release 1.3 includes updated translations for Dutch, French, Polish, Portuguese, Slovenian and Spanish, along with the addition of Galician, Georgian, Indonesian, Japanese and Thai!

== New Features ==

* IE8 compatibility with Trillium theme
* PDF fulltext search Issue 1252
* Command line CSV import for archival descriptions (RAD and ISAD), authority records, accessions and events
* Administrator control of the public visiblity of some archival description elements (Visibility Elements) Issue 1931
* Addition of ellipses to expand or contract lengthy text fields Issue 537

== Enhancements ==

==== Security Enhancements ====
*Enhance login process to force all authenticated user requests to https (requires SSL certificate on server) Issue 2226
*Enhance login validation to force use of strong passwords Issue 2227: at least 8 characters long, contains characters from 3 of the following classes:
*# Upper case letters
*# Lower case letters
*# Numbers
*# Special characters
* Limit incoming requests for all Administrator functionality to a static IP address range Issue 2228

==== Treeview enhancements ====
* Brand new treeview!
* Drag & drop sorting Issue 1289
* View large number of child records in context Issue 1943
* Pop-up to show long description names when hovering over name

==== Accessions ====
* Add fulltext search for accessions Issue 2323
* Add ability to link pre-existing information objects to accession records Issue 2178

==== Browse ====
* Default sort order setting (Alphabetic or Last Updated) can be configured by the administrator Issue 2235

==== Searching ====
* Allow searching on textual dates Issue 2294
* Allow search by date range Issue 2261
* Add copyright status to advanced search Issue 2314

==== Usability ====
* Addition of ellipses to expand or contract text boxes Issue 537

==== Misc ====
* Display Archivematica AIP and File UUID for matching ICA-AtoM digital object
* SQL-only data schema upgrades for Release 1.1 thru Release 1.3 Issue 227.

== Internationalization ==

*New! Galician, Georgian, Indonesian, Japanese and Thai translations of the user interface.
*Merged new and improved user interface translations for Dutch, French, Polish, Portuguese, Slovenian and Spanish (thank you to all our volunteer translators).
*Complete French translation of Rules for Archival Description (RAD) elements. (Translation funded by Manitoba Heritage Grant courtesy of the Department of Culture, Heritage and Tourism.)

== Bug fixes ==

* Issue 2420: CSV Import throws warning
* Issue 2415: filters.yml problem under qtSwordPlugin
* Issue 2411: Publication status in treeview is adding double parentheses in all themes except Trillium
* Issue 2408: Pop-up display in treeview not visible wen browser window is resized
* Issue 2407: Publication status in treeview should come at end of information object title
* Issue 2402: Admin user gets deactivated
* Issue 2395: Taxonomy/term treeview is broken
* Issue 2394: Installer theme is broken
* Issue 2384: EAD - dates not importing
* Issue 2382: Unauthorized users should not be able to view PREMIS rights
* Issue 2377: Search for donor name produces no results for authenticated user/admin
* Issue 2376: Repository names mixed with Authority record names in drop-down, selection of Repository name results in 404 error
* Issue 2368: User orange circle "a" favicon for release 1.3
* Issue 2365: In Edit digital object screen, substitute new representation results in white screen
* Issue 2364: In Edit digital object screen, changing mediatype causes white screen
* Issue 2360: Rights holder name appears in drop-down/suggested list for Name of Creator data entry field
* Issue 2348: User Groups unavailable in drop-down when Admin tried to add new user in Trillium theme and Chrome browser
* Issue 2344: New information objects created from the accession page are not linked
* Issue 2337: User with translation rights is unable to edit the information in ISAAR fields
* Issue 2334: Draft status records not appearing in search results for authenticated users
* Issue 2330: Admin cannot view user permissions by repository
* Issue 2323: Add fulltext search for accessions
* Issue 2314: Add copyright status to advanced search
* Issue 2313 Hide accession numbers in archival description from public
* Issue 2311: Delete reference copy of digital object and replace or regenerate copy causes error
* Issue 2310: "Language and script notes" field should not repeat
* Issue 2298: Can't delete final UF field from taxonomy term
* Issue 2291: Translation interface broken
* Issue 2286: Using "+" in Treeview at Series-level, reveals child-levels without Publication Status "Draft"
* Issue 2284: Administrator unable to edit new user account's active status or edit new user account
* Issue 2276: Search results for PDF, TIFF and JPEG produce multiples.
* Issue 2273: Deleted archival description included in search results.
* Issue 2272: Change field label "Archival history" to "Archival /Custodial history" in Accessions template
* Issue 2270: SQL-only data schema upgrades / Switch migration task to direct db updates instead of YAML upgrades
* Issue 2263: Solve taxonomy and term constant
* Issue 2246: Moving an information object can break the nested set
* Issue 2238: Full reference code for archival descriptions is truncated in search results screen
* Issue 2235: Defaut sort order setting (Alphabetic or Last Updated) should be Admin Configurable
* Issue 2234: Qubit-sword daemon stops working after a long time running (MySQL server has gone away)
* Issue 2220: Migrate task in 1.2 release is not bumping database version during upgrades
* Issue 2212: Lucene Range Search broken in ICA-AtoM 1.2
* Issue 2209: Server 500 error on multiple record deletion
* Issue 2207: Apache (with mod_rewrite?) returns Forbidden error if permalink slug is more than 255 characters
* Issue 2206: Reports - Date field at file and item level populated with date from fonds-level
* Issue 2203: Browse menu translated in Caribou but NOT other themes. Browse results page title not translated.
* Issue 2198: Fatal error viewing file/item report in language other than English
* Issue 2197: In ICA-AtoM Selecting Dublin Core as the default template in Admin>settings does not change resource edit template. Defaults to ISAD(G).
* Issue 2194: Search and Replace results in Fatal error.
* Issue 2176: Can't print file or item lists in DC or MODS
* Issue 2168: Translated UI labels appear in English
* Issue 2147: Trillium theme css not sticking in narrow Safari browser window
* Issue 2143: Trillium: pager alignment is inconsistent
* Issue 2141: Unable to activate a theme when browsing in a language distinct to english
* Issue 2048: Link to ALOUETTE.ca on ABOUT page is wrong, replace with DCB link.
* Issue 2035: RAD Note field for Language needs to be text, not a list of languages
* Issue 1995: Segmentation faults when calling _toString() magic method implicitly
* Issue 1993: Specify parent for EAD import
* Issue 1983: Actor records (users, authority records and repositories) cause incorrect hit count for authenticated users
* Issue 1975: ICA-AtoM virtual appliance does not work under VirtualBox 4.0.4
* Issue 1943: Context menu "see all" links are not useful for a large number (100+) of children
* Issue 1915: User profile should include institutional (repository) affiliation
* Issue 1628: String fields in the db are limited to 255 characters but Users demand bigger sizes and there is no warning
* Issue 1519: When logged in user doesn't have update permission to update archival descriptions, can partially drag and drop in hierarchy treeview
* Issue 1409: Users without view draft permissions can navigate to drafts in information object treeview hierarchy
* Issue 1344: Information div titles in edit screens disappear when scrolled over or clicked on
* Issue 1280: Prevent same user from being created more than once
* Issue 1113: Can't delete a user if they have created a note
* Issue 767: Include physical objects (i.e. storage containers) in the search index

[[Category:Releases]]

__NOTOC__

Release 1.3

2012-08-24T23:28:24Z

David: /* Security Enhancements */

Released Aug xx, 2012

<b> Release 1.3 </b> includes PDF Fulltext Search, security enhancements, improvements to Treeview functionality, and many bug fixes to make this the most stable and fully-functional ICA-AtoM release to date. (see below).

Release 1.3 comes 9 months after the 1.2 release in November 2011. Release 1.3 includes updated translations for Dutch, French, Polish, Portuguese, Slovenian and Spanish, along with the addition of Galician, Georgian, Indonesian, Japanese and Thai!

== New Features ==

* IE8 compatibility with Trillium theme
* PDF fulltext search Issue 1252
* Integrate CSV import CLI and web interfaces Issue 140
* Administrator control of the public visiblity of some archival description elements (Visibility Elements) Issue 1931
* Addition of ellipses to expand or contract lengthy text fields Issue 537

== Enhancements ==

==== Security Enhancements ====
*Enhance login process to force all authenticated user requests to https (requires SSL certificate on server) Issue 2226
*Enhance login validation to force use of strong passwords Issue 2227: at least 8 characters long, contains characters from 3 of the following classes:
*# Upper case letters
*# Lower case letters
*# Numbers
*# Special characters
* Limit incoming requests for all Administrator functionality to a static IP address range Issue 2228

==== Treeview enhancements ====
* Brand new treeview!
* Drag & drop sorting Issue 1289
* View large number of child records in context Issue 1943
* Pop-up to show long description names when hovering over name

==== Accessions ====
* Add fulltext search for accessions Issue 2323
* Add ability to link pre-existing information objects to accession records Issue 2178

==== Browse ====
* Default sort order setting (Alphabetic or Last Updated) can be configured by the administrator Issue 2235

==== Searching ====
* Allow searching on textual dates Issue 2294
* Allow search by date range Issue 2261
* Add copyright status to advanced search Issue 2314

==== Usability ====
* Addition of ellipses to expand or contract text boxes Issue 537

==== Misc ====
* Display Archivematica AIP and File UUID for matching ICA-AtoM digital object
* SQL-only data schema upgrades for Release 1.1 thru Release 1.3 Issue 227.

== Internationalization ==

*New! Galician, Georgian, Indonesian, Japanese and Thai translations of the user interface.
*Merged new and improved user interface translations for Dutch, French, Polish, Portuguese, Slovenian and Spanish (thank you to all our volunteer translators).
*Complete French translation of Rules for Archival Description (RAD) elements. (Translation funded by Manitoba Heritage Grant courtesy of the Department of Culture, Heritage and Tourism.)

== Bug fixes ==

* Issue 2420: CSV Import throws warning
* Issue 2415: filters.yml problem under qtSwordPlugin
* Issue 2411: Publication status in treeview is adding double parentheses in all themes except Trillium
* Issue 2408: Pop-up display in treeview not visible wen browser window is resized
* Issue 2407: Publication status in treeview should come at end of information object title
* Issue 2402: Admin user gets deactivated
* Issue 2395: Taxonomy/term treeview is broken
* Issue 2394: Installer theme is broken
* Issue 2384: EAD - dates not importing
* Issue 2382: Unauthorized users should not be able to view PREMIS rights
* Issue 2377: Search for donor name produces no results for authenticated user/admin
* Issue 2376: Repository names mixed with Authority record names in drop-down, selection of Repository name results in 404 error
* Issue 2368: User orange circle "a" favicon for release 1.3
* Issue 2365: In Edit digital object screen, substitute new representation results in white screen
* Issue 2364: In Edit digital object screen, changing mediatype causes white screen
* Issue 2360: Rights holder name appears in drop-down/suggested list for Name of Creator data entry field
* Issue 2348: User Groups unavailable in drop-down when Admin tried to add new user in Trillium theme and Chrome browser
* Issue 2344: New information objects created from the accession page are not linked
* Issue 2337: User with translation rights is unable to edit the information in ISAAR fields
* Issue 2334: Draft status records not appearing in search results for authenticated users
* Issue 2330: Admin cannot view user permissions by repository
* Issue 2323: Add fulltext search for accessions
* Issue 2314: Add copyright status to advanced search
* Issue 2313 Hide accession numbers in archival description from public
* Issue 2311: Delete reference copy of digital object and replace or regenerate copy causes error
* Issue 2310: "Language and script notes" field should not repeat
* Issue 2298: Can't delete final UF field from taxonomy term
* Issue 2291: Translation interface broken
* Issue 2286: Using "+" in Treeview at Series-level, reveals child-levels without Publication Status "Draft"
* Issue 2284: Administrator unable to edit new user account's active status or edit new user account
* Issue 2276: Search results for PDF, TIFF and JPEG produce multiples.
* Issue 2273: Deleted archival description included in search results.
* Issue 2272: Change field label "Archival history" to "Archival /Custodial history" in Accessions template
* Issue 2270: SQL-only data schema upgrades / Switch migration task to direct db updates instead of YAML upgrades
* Issue 2263: Solve taxonomy and term constant
* Issue 2246: Moving an information object can break the nested set
* Issue 2238: Full reference code for archival descriptions is truncated in search results screen
* Issue 2235: Defaut sort order setting (Alphabetic or Last Updated) should be Admin Configurable
* Issue 2234: Qubit-sword daemon stops working after a long time running (MySQL server has gone away)
* Issue 2220: Migrate task in 1.2 release is not bumping database version during upgrades
* Issue 2212: Lucene Range Search broken in ICA-AtoM 1.2
* Issue 2209: Server 500 error on multiple record deletion
* Issue 2207: Apache (with mod_rewrite?) returns Forbidden error if permalink slug is more than 255 characters
* Issue 2206: Reports - Date field at file and item level populated with date from fonds-level
* Issue 2203: Browse menu translated in Caribou but NOT other themes. Browse results page title not translated.
* Issue 2198: Fatal error viewing file/item report in language other than English
* Issue 2197: In ICA-AtoM Selecting Dublin Core as the default template in Admin>settings does not change resource edit template. Defaults to ISAD(G).
* Issue 2194: Search and Replace results in Fatal error.
* Issue 2176: Can't print file or item lists in DC or MODS
* Issue 2168: Translated UI labels appear in English
* Issue 2147: Trillium theme css not sticking in narrow Safari browser window
* Issue 2143: Trillium: pager alignment is inconsistent
* Issue 2141: Unable to activate a theme when browsing in a language distinct to english
* Issue 2048: Link to ALOUETTE.ca on ABOUT page is wrong, replace with DCB link.
* Issue 2035: RAD Note field for Language needs to be text, not a list of languages
* Issue 1995: Segmentation faults when calling _toString() magic method implicitly
* Issue 1993: Specify parent for EAD import
* Issue 1983: Actor records (users, authority records and repositories) cause incorrect hit count for authenticated users
* Issue 1975: ICA-AtoM virtual appliance does not work under VirtualBox 4.0.4
* Issue 1943: Context menu "see all" links are not useful for a large number (100+) of children
* Issue 1915: User profile should include institutional (repository) affiliation
* Issue 1628: String fields in the db are limited to 255 characters but Users demand bigger sizes and there is no warning
* Issue 1519: When logged in user doesn't have update permission to update archival descriptions, can partially drag and drop in hierarchy treeview
* Issue 1409: Users without view draft permissions can navigate to drafts in information object treeview hierarchy
* Issue 1344: Information div titles in edit screens disappear when scrolled over or clicked on
* Issue 1280: Prevent same user from being created more than once
* Issue 1113: Can't delete a user if they have created a note
* Issue 767: Include physical objects (i.e. storage containers) in the search index

[[Category:Releases]]

__NOTOC__

Release 1.3

2012-08-24T23:27:23Z

David: /* Treeview enhancements */

Released Aug xx, 2012

<b> Release 1.3 </b> includes PDF Fulltext Search, security enhancements, improvements to Treeview functionality, and many bug fixes to make this the most stable and fully-functional ICA-AtoM release to date. (see below).

Release 1.3 comes 9 months after the 1.2 release in November 2011. Release 1.3 includes updated translations for Dutch, French, Polish, Portuguese, Slovenian and Spanish, along with the addition of Galician, Georgian, Indonesian, Japanese and Thai!

== New Features ==

* IE8 compatibility with Trillium theme
* PDF fulltext search Issue 1252
* Integrate CSV import CLI and web interfaces Issue 140
* Administrator control of the public visiblity of some archival description elements (Visibility Elements) Issue 1931
* Addition of ellipses to expand or contract lengthy text fields Issue 537

== Enhancements ==

==== Security Enhancements ====
*Enhance login process to force all authenticated user requests to https (requires user to have SSL certificate) Issue 2226
*Enhance login validation to force use of strong passwords: at least 8 characters long, contains characters from 3 of the following classes:
*# Upper case letters
*# Lower case letters
*# Numbers
*# Special characters Issue 2227
* Limit incoming requests for all Administrator functionality to a static IP address range Issue 2228

==== Treeview enhancements ====
* Brand new treeview!
* Drag & drop sorting Issue 1289
* View large number of child records in context Issue 1943
* Pop-up to show long description names when hovering over name

==== Accessions ====
* Add fulltext search for accessions Issue 2323
* Add ability to link pre-existing information objects to accession records Issue 2178

==== Browse ====
* Default sort order setting (Alphabetic or Last Updated) can be configured by the administrator Issue 2235

==== Searching ====
* Allow searching on textual dates Issue 2294
* Allow search by date range Issue 2261
* Add copyright status to advanced search Issue 2314

==== Usability ====
* Addition of ellipses to expand or contract text boxes Issue 537

==== Misc ====
* Display Archivematica AIP and File UUID for matching ICA-AtoM digital object
* SQL-only data schema upgrades for Release 1.1 thru Release 1.3 Issue 227.

== Internationalization ==

*New! Galician, Georgian, Indonesian, Japanese and Thai translations of the user interface.
*Merged new and improved user interface translations for Dutch, French, Polish, Portuguese, Slovenian and Spanish (thank you to all our volunteer translators).
*Complete French translation of Rules for Archival Description (RAD) elements. (Translation funded by Manitoba Heritage Grant courtesy of the Department of Culture, Heritage and Tourism.)

== Bug fixes ==

* Issue 2420: CSV Import throws warning
* Issue 2415: filters.yml problem under qtSwordPlugin
* Issue 2411: Publication status in treeview is adding double parentheses in all themes except Trillium
* Issue 2408: Pop-up display in treeview not visible wen browser window is resized
* Issue 2407: Publication status in treeview should come at end of information object title
* Issue 2402: Admin user gets deactivated
* Issue 2395: Taxonomy/term treeview is broken
* Issue 2394: Installer theme is broken
* Issue 2384: EAD - dates not importing
* Issue 2382: Unauthorized users should not be able to view PREMIS rights
* Issue 2377: Search for donor name produces no results for authenticated user/admin
* Issue 2376: Repository names mixed with Authority record names in drop-down, selection of Repository name results in 404 error
* Issue 2368: User orange circle "a" favicon for release 1.3
* Issue 2365: In Edit digital object screen, substitute new representation results in white screen
* Issue 2364: In Edit digital object screen, changing mediatype causes white screen
* Issue 2360: Rights holder name appears in drop-down/suggested list for Name of Creator data entry field
* Issue 2348: User Groups unavailable in drop-down when Admin tried to add new user in Trillium theme and Chrome browser
* Issue 2344: New information objects created from the accession page are not linked
* Issue 2337: User with translation rights is unable to edit the information in ISAAR fields
* Issue 2334: Draft status records not appearing in search results for authenticated users
* Issue 2330: Admin cannot view user permissions by repository
* Issue 2323: Add fulltext search for accessions
* Issue 2314: Add copyright status to advanced search
* Issue 2313 Hide accession numbers in archival description from public
* Issue 2311: Delete reference copy of digital object and replace or regenerate copy causes error
* Issue 2310: "Language and script notes" field should not repeat
* Issue 2298: Can't delete final UF field from taxonomy term
* Issue 2291: Translation interface broken
* Issue 2286: Using "+" in Treeview at Series-level, reveals child-levels without Publication Status "Draft"
* Issue 2284: Administrator unable to edit new user account's active status or edit new user account
* Issue 2276: Search results for PDF, TIFF and JPEG produce multiples.
* Issue 2273: Deleted archival description included in search results.
* Issue 2272: Change field label "Archival history" to "Archival /Custodial history" in Accessions template
* Issue 2270: SQL-only data schema upgrades / Switch migration task to direct db updates instead of YAML upgrades
* Issue 2263: Solve taxonomy and term constant
* Issue 2246: Moving an information object can break the nested set
* Issue 2238: Full reference code for archival descriptions is truncated in search results screen
* Issue 2235: Defaut sort order setting (Alphabetic or Last Updated) should be Admin Configurable
* Issue 2234: Qubit-sword daemon stops working after a long time running (MySQL server has gone away)
* Issue 2220: Migrate task in 1.2 release is not bumping database version during upgrades
* Issue 2212: Lucene Range Search broken in ICA-AtoM 1.2
* Issue 2209: Server 500 error on multiple record deletion
* Issue 2207: Apache (with mod_rewrite?) returns Forbidden error if permalink slug is more than 255 characters
* Issue 2206: Reports - Date field at file and item level populated with date from fonds-level
* Issue 2203: Browse menu translated in Caribou but NOT other themes. Browse results page title not translated.
* Issue 2198: Fatal error viewing file/item report in language other than English
* Issue 2197: In ICA-AtoM Selecting Dublin Core as the default template in Admin>settings does not change resource edit template. Defaults to ISAD(G).
* Issue 2194: Search and Replace results in Fatal error.
* Issue 2176: Can't print file or item lists in DC or MODS
* Issue 2168: Translated UI labels appear in English
* Issue 2147: Trillium theme css not sticking in narrow Safari browser window
* Issue 2143: Trillium: pager alignment is inconsistent
* Issue 2141: Unable to activate a theme when browsing in a language distinct to english
* Issue 2048: Link to ALOUETTE.ca on ABOUT page is wrong, replace with DCB link.
* Issue 2035: RAD Note field for Language needs to be text, not a list of languages
* Issue 1995: Segmentation faults when calling _toString() magic method implicitly
* Issue 1993: Specify parent for EAD import
* Issue 1983: Actor records (users, authority records and repositories) cause incorrect hit count for authenticated users
* Issue 1975: ICA-AtoM virtual appliance does not work under VirtualBox 4.0.4
* Issue 1943: Context menu "see all" links are not useful for a large number (100+) of children
* Issue 1915: User profile should include institutional (repository) affiliation
* Issue 1628: String fields in the db are limited to 255 characters but Users demand bigger sizes and there is no warning
* Issue 1519: When logged in user doesn't have update permission to update archival descriptions, can partially drag and drop in hierarchy treeview
* Issue 1409: Users without view draft permissions can navigate to drafts in information object treeview hierarchy
* Issue 1344: Information div titles in edit screens disappear when scrolled over or clicked on
* Issue 1280: Prevent same user from being created more than once
* Issue 1113: Can't delete a user if they have created a note
* Issue 767: Include physical objects (i.e. storage containers) in the search index

[[Category:Releases]]

__NOTOC__

Release 1.3

2012-08-24T23:25:37Z

David: /* Browse */

Released Aug xx, 2012

<b> Release 1.3 </b> includes PDF Fulltext Search, security enhancements, improvements to Treeview functionality, and many bug fixes to make this the most stable and fully-functional ICA-AtoM release to date. (see below).

Release 1.3 comes 9 months after the 1.2 release in November 2011. Release 1.3 includes updated translations for Dutch, French, Polish, Portuguese, Slovenian and Spanish, along with the addition of Galician, Georgian, Indonesian, Japanese and Thai!

== New Features ==

* IE8 compatibility with Trillium theme
* PDF fulltext search Issue 1252
* Integrate CSV import CLI and web interfaces Issue 140
* Administrator control of the public visiblity of some archival description elements (Visibility Elements) Issue 1931
* Addition of ellipses to expand or contract lengthy text fields Issue 537

== Enhancements ==

==== Security Enhancements ====
*Enhance login process to force all authenticated user requests to https (requires user to have SSL certificate) Issue 2226
*Enhance login validation to force use of strong passwords: at least 8 characters long, contains characters from 3 of the following classes:
*# Upper case letters
*# Lower case letters
*# Numbers
*# Special characters Issue 2227
* Limit incoming requests for all Administrator functionality to a static IP address range Issue 2228

==== Treeview enhancements ====
* Drag & drop sorting Issue 1289
* View large number of child records in context Issue 1943

==== Accessions ====
* Add fulltext search for accessions Issue 2323
* Add ability to link pre-existing information objects to accession records Issue 2178

==== Browse ====
* Default sort order setting (Alphabetic or Last Updated) can be configured by the administrator Issue 2235

==== Searching ====
* Allow searching on textual dates Issue 2294
* Allow search by date range Issue 2261
* Add copyright status to advanced search Issue 2314

==== Usability ====
* Addition of ellipses to expand or contract text boxes Issue 537

==== Misc ====
* Display Archivematica AIP and File UUID for matching ICA-AtoM digital object
* SQL-only data schema upgrades for Release 1.1 thru Release 1.3 Issue 227.

== Internationalization ==

*New! Galician, Georgian, Indonesian, Japanese and Thai translations of the user interface.
*Merged new and improved user interface translations for Dutch, French, Polish, Portuguese, Slovenian and Spanish (thank you to all our volunteer translators).
*Complete French translation of Rules for Archival Description (RAD) elements. (Translation funded by Manitoba Heritage Grant courtesy of the Department of Culture, Heritage and Tourism.)

== Bug fixes ==

* Issue 2420: CSV Import throws warning
* Issue 2415: filters.yml problem under qtSwordPlugin
* Issue 2411: Publication status in treeview is adding double parentheses in all themes except Trillium
* Issue 2408: Pop-up display in treeview not visible wen browser window is resized
* Issue 2407: Publication status in treeview should come at end of information object title
* Issue 2402: Admin user gets deactivated
* Issue 2395: Taxonomy/term treeview is broken
* Issue 2394: Installer theme is broken
* Issue 2384: EAD - dates not importing
* Issue 2382: Unauthorized users should not be able to view PREMIS rights
* Issue 2377: Search for donor name produces no results for authenticated user/admin
* Issue 2376: Repository names mixed with Authority record names in drop-down, selection of Repository name results in 404 error
* Issue 2368: User orange circle "a" favicon for release 1.3
* Issue 2365: In Edit digital object screen, substitute new representation results in white screen
* Issue 2364: In Edit digital object screen, changing mediatype causes white screen
* Issue 2360: Rights holder name appears in drop-down/suggested list for Name of Creator data entry field
* Issue 2348: User Groups unavailable in drop-down when Admin tried to add new user in Trillium theme and Chrome browser
* Issue 2344: New information objects created from the accession page are not linked
* Issue 2337: User with translation rights is unable to edit the information in ISAAR fields
* Issue 2334: Draft status records not appearing in search results for authenticated users
* Issue 2330: Admin cannot view user permissions by repository
* Issue 2323: Add fulltext search for accessions
* Issue 2314: Add copyright status to advanced search
* Issue 2313 Hide accession numbers in archival description from public
* Issue 2311: Delete reference copy of digital object and replace or regenerate copy causes error
* Issue 2310: "Language and script notes" field should not repeat
* Issue 2298: Can't delete final UF field from taxonomy term
* Issue 2291: Translation interface broken
* Issue 2286: Using "+" in Treeview at Series-level, reveals child-levels without Publication Status "Draft"
* Issue 2284: Administrator unable to edit new user account's active status or edit new user account
* Issue 2276: Search results for PDF, TIFF and JPEG produce multiples.
* Issue 2273: Deleted archival description included in search results.
* Issue 2272: Change field label "Archival history" to "Archival /Custodial history" in Accessions template
* Issue 2270: SQL-only data schema upgrades / Switch migration task to direct db updates instead of YAML upgrades
* Issue 2263: Solve taxonomy and term constant
* Issue 2246: Moving an information object can break the nested set
* Issue 2238: Full reference code for archival descriptions is truncated in search results screen
* Issue 2235: Defaut sort order setting (Alphabetic or Last Updated) should be Admin Configurable
* Issue 2234: Qubit-sword daemon stops working after a long time running (MySQL server has gone away)
* Issue 2220: Migrate task in 1.2 release is not bumping database version during upgrades
* Issue 2212: Lucene Range Search broken in ICA-AtoM 1.2
* Issue 2209: Server 500 error on multiple record deletion
* Issue 2207: Apache (with mod_rewrite?) returns Forbidden error if permalink slug is more than 255 characters
* Issue 2206: Reports - Date field at file and item level populated with date from fonds-level
* Issue 2203: Browse menu translated in Caribou but NOT other themes. Browse results page title not translated.
* Issue 2198: Fatal error viewing file/item report in language other than English
* Issue 2197: In ICA-AtoM Selecting Dublin Core as the default template in Admin>settings does not change resource edit template. Defaults to ISAD(G).
* Issue 2194: Search and Replace results in Fatal error.
* Issue 2176: Can't print file or item lists in DC or MODS
* Issue 2168: Translated UI labels appear in English
* Issue 2147: Trillium theme css not sticking in narrow Safari browser window
* Issue 2143: Trillium: pager alignment is inconsistent
* Issue 2141: Unable to activate a theme when browsing in a language distinct to english
* Issue 2048: Link to ALOUETTE.ca on ABOUT page is wrong, replace with DCB link.
* Issue 2035: RAD Note field for Language needs to be text, not a list of languages
* Issue 1995: Segmentation faults when calling _toString() magic method implicitly
* Issue 1993: Specify parent for EAD import
* Issue 1983: Actor records (users, authority records and repositories) cause incorrect hit count for authenticated users
* Issue 1975: ICA-AtoM virtual appliance does not work under VirtualBox 4.0.4
* Issue 1943: Context menu "see all" links are not useful for a large number (100+) of children
* Issue 1915: User profile should include institutional (repository) affiliation
* Issue 1628: String fields in the db are limited to 255 characters but Users demand bigger sizes and there is no warning
* Issue 1519: When logged in user doesn't have update permission to update archival descriptions, can partially drag and drop in hierarchy treeview
* Issue 1409: Users without view draft permissions can navigate to drafts in information object treeview hierarchy
* Issue 1344: Information div titles in edit screens disappear when scrolled over or clicked on
* Issue 1280: Prevent same user from being created more than once
* Issue 1113: Can't delete a user if they have created a note
* Issue 767: Include physical objects (i.e. storage containers) in the search index

[[Category:Releases]]

__NOTOC__

Release 1.3

2012-08-24T23:24:42Z

David: /* Misc */

Released Aug xx, 2012

<b> Release 1.3 </b> includes PDF Fulltext Search, security enhancements, improvements to Treeview functionality, and many bug fixes to make this the most stable and fully-functional ICA-AtoM release to date. (see below).

Release 1.3 comes 9 months after the 1.2 release in November 2011. Release 1.3 includes updated translations for Dutch, French, Polish, Portuguese, Slovenian and Spanish, along with the addition of Galician, Georgian, Indonesian, Japanese and Thai!

== New Features ==

* IE8 compatibility with Trillium theme
* PDF fulltext search Issue 1252
* Integrate CSV import CLI and web interfaces Issue 140
* Administrator control of the public visiblity of some archival description elements (Visibility Elements) Issue 1931
* Addition of ellipses to expand or contract lengthy text fields Issue 537

== Enhancements ==

==== Security Enhancements ====
*Enhance login process to force all authenticated user requests to https (requires user to have SSL certificate) Issue 2226
*Enhance login validation to force use of strong passwords: at least 8 characters long, contains characters from 3 of the following classes:
*# Upper case letters
*# Lower case letters
*# Numbers
*# Special characters Issue 2227
* Limit incoming requests for all Administrator functionality to a static IP address range Issue 2228

==== Treeview enhancements ====
* Drag & drop sorting Issue 1289
* View large number of child records in context Issue 1943

==== Accessions ====
* Add fulltext search for accessions Issue 2323
* Add ability to link pre-existing information objects to accession records Issue 2178

==== Browse ====
* Default sort order setting (Alphabetic or Last Updated) should be Admin Configurable Issue 2235

==== Searching ====
* Allow searching on textual dates Issue 2294
* Allow search by date range Issue 2261
* Add copyright status to advanced search Issue 2314

==== Usability ====
* Addition of ellipses to expand or contract text boxes Issue 537

==== Misc ====
* Display Archivematica AIP and File UUID for matching ICA-AtoM digital object
* SQL-only data schema upgrades for Release 1.1 thru Release 1.3 Issue 227.

== Internationalization ==

*New! Galician, Georgian, Indonesian, Japanese and Thai translations of the user interface.
*Merged new and improved user interface translations for Dutch, French, Polish, Portuguese, Slovenian and Spanish (thank you to all our volunteer translators).
*Complete French translation of Rules for Archival Description (RAD) elements. (Translation funded by Manitoba Heritage Grant courtesy of the Department of Culture, Heritage and Tourism.)

== Bug fixes ==

* Issue 2420: CSV Import throws warning
* Issue 2415: filters.yml problem under qtSwordPlugin
* Issue 2411: Publication status in treeview is adding double parentheses in all themes except Trillium
* Issue 2408: Pop-up display in treeview not visible wen browser window is resized
* Issue 2407: Publication status in treeview should come at end of information object title
* Issue 2402: Admin user gets deactivated
* Issue 2395: Taxonomy/term treeview is broken
* Issue 2394: Installer theme is broken
* Issue 2384: EAD - dates not importing
* Issue 2382: Unauthorized users should not be able to view PREMIS rights
* Issue 2377: Search for donor name produces no results for authenticated user/admin
* Issue 2376: Repository names mixed with Authority record names in drop-down, selection of Repository name results in 404 error
* Issue 2368: User orange circle "a" favicon for release 1.3
* Issue 2365: In Edit digital object screen, substitute new representation results in white screen
* Issue 2364: In Edit digital object screen, changing mediatype causes white screen
* Issue 2360: Rights holder name appears in drop-down/suggested list for Name of Creator data entry field
* Issue 2348: User Groups unavailable in drop-down when Admin tried to add new user in Trillium theme and Chrome browser
* Issue 2344: New information objects created from the accession page are not linked
* Issue 2337: User with translation rights is unable to edit the information in ISAAR fields
* Issue 2334: Draft status records not appearing in search results for authenticated users
* Issue 2330: Admin cannot view user permissions by repository
* Issue 2323: Add fulltext search for accessions
* Issue 2314: Add copyright status to advanced search
* Issue 2313 Hide accession numbers in archival description from public
* Issue 2311: Delete reference copy of digital object and replace or regenerate copy causes error
* Issue 2310: "Language and script notes" field should not repeat
* Issue 2298: Can't delete final UF field from taxonomy term
* Issue 2291: Translation interface broken
* Issue 2286: Using "+" in Treeview at Series-level, reveals child-levels without Publication Status "Draft"
* Issue 2284: Administrator unable to edit new user account's active status or edit new user account
* Issue 2276: Search results for PDF, TIFF and JPEG produce multiples.
* Issue 2273: Deleted archival description included in search results.
* Issue 2272: Change field label "Archival history" to "Archival /Custodial history" in Accessions template
* Issue 2270: SQL-only data schema upgrades / Switch migration task to direct db updates instead of YAML upgrades
* Issue 2263: Solve taxonomy and term constant
* Issue 2246: Moving an information object can break the nested set
* Issue 2238: Full reference code for archival descriptions is truncated in search results screen
* Issue 2235: Defaut sort order setting (Alphabetic or Last Updated) should be Admin Configurable
* Issue 2234: Qubit-sword daemon stops working after a long time running (MySQL server has gone away)
* Issue 2220: Migrate task in 1.2 release is not bumping database version during upgrades
* Issue 2212: Lucene Range Search broken in ICA-AtoM 1.2
* Issue 2209: Server 500 error on multiple record deletion
* Issue 2207: Apache (with mod_rewrite?) returns Forbidden error if permalink slug is more than 255 characters
* Issue 2206: Reports - Date field at file and item level populated with date from fonds-level
* Issue 2203: Browse menu translated in Caribou but NOT other themes. Browse results page title not translated.
* Issue 2198: Fatal error viewing file/item report in language other than English
* Issue 2197: In ICA-AtoM Selecting Dublin Core as the default template in Admin>settings does not change resource edit template. Defaults to ISAD(G).
* Issue 2194: Search and Replace results in Fatal error.
* Issue 2176: Can't print file or item lists in DC or MODS
* Issue 2168: Translated UI labels appear in English
* Issue 2147: Trillium theme css not sticking in narrow Safari browser window
* Issue 2143: Trillium: pager alignment is inconsistent
* Issue 2141: Unable to activate a theme when browsing in a language distinct to english
* Issue 2048: Link to ALOUETTE.ca on ABOUT page is wrong, replace with DCB link.
* Issue 2035: RAD Note field for Language needs to be text, not a list of languages
* Issue 1995: Segmentation faults when calling _toString() magic method implicitly
* Issue 1993: Specify parent for EAD import
* Issue 1983: Actor records (users, authority records and repositories) cause incorrect hit count for authenticated users
* Issue 1975: ICA-AtoM virtual appliance does not work under VirtualBox 4.0.4
* Issue 1943: Context menu "see all" links are not useful for a large number (100+) of children
* Issue 1915: User profile should include institutional (repository) affiliation
* Issue 1628: String fields in the db are limited to 255 characters but Users demand bigger sizes and there is no warning
* Issue 1519: When logged in user doesn't have update permission to update archival descriptions, can partially drag and drop in hierarchy treeview
* Issue 1409: Users without view draft permissions can navigate to drafts in information object treeview hierarchy
* Issue 1344: Information div titles in edit screens disappear when scrolled over or clicked on
* Issue 1280: Prevent same user from being created more than once
* Issue 1113: Can't delete a user if they have created a note
* Issue 767: Include physical objects (i.e. storage containers) in the search index

[[Category:Releases]]

__NOTOC__

Release 1.3

2012-08-17T16:09:08Z

David: /* New Features */ tweaks

Released Aug xx, 2012

<b> Release 1.3 </b> includes PDF Fulltext Search, security enhancements, improvements to Treeview functionality, and many bug fixes to make this the most stable and fully-functional ICA-AtoM release to date. (see below).

Release 1.3 comes 9 months after the 1.2 release in November 2011. Release 1.3 includes updated translations for Dutch, French, Polish, Portuguese, Slovenian and Spanish, along with the addition of Galician, Georgian, Indonesian, Japanese and Thai!

== New Features ==

* IE8 compatibility with Trillium theme
* PDF fulltext search Issue 1252
* Integrate CSV import CLI and web interfaces Issue 140
* Administrator control of the public visiblity of some archival description elements (Visibility Elements) Issue 1931
* Addition of ellipses to expand or contract lengthy text fields Issue 537

== Enhancements ==

==== Security Enhancements ====
*Enhance login process to force all authenticated user requests to https (requires user to have SSL certificate) Issue 2226
*Enhance login validation to force use of strong passwords: at least 8 characters long, contains characters from 3 of the following classes:
*# Upper case letters
*# Lower case letters
*# Numbers
*# Special characters Issue 2227
* Limit incoming requests for all Administrator functionality to a static IP address range Issue 2228

==== Treeview enhancements ====
* Drag & drop sorting Issue 1289
* View large number of child records in context Issue 1943

==== Accessions ====
* Add fulltext search for accessions Issue 2323
* Add ability to link pre-existing information objects to accession records Issue 2178

==== Browse ====
* Default sort order setting (Alphabetic or Last Updated) should be Admin Configurable Issue 2235

==== Searching ====
* Allow searching on textual dates Issue 2294
* Allow search by date range Issue 2261
* Add copyright status to advanced search Issue 2314

==== Usability ====
* Addition of ellipses to expand or contract text boxes Issue 537

==== Misc ====
* Display Archivematica AIP and File UUID for matching ICA-AtoM digital object
* SQL-only data schema upgrades Issue 2270
* Port 1.1 > 1.2 task

== Internationalization ==

*New! Galician, Georgian, Indonesian, Japanese and Thai translations of the user interface.
*Merged new and improved user interface translations for Dutch, French, Polish, Portuguese, Slovenian and Spanish (thank you to all our volunteer translators).
*Complete French translation of Rules for Archival Description (RAD) elements. (Translation funded by Manitoba Heritage Grant courtesy of the Department of Culture, Heritage and Tourism.)

== Bug fixes ==

* Issue 2411: Publication status in treeview is adding double parentheses in all themes except Trillium
* Issue 2407: Publication status in treeview should come at end of information object title
* Issue 2402: Admin user gets deactivated
* Issue 2395: Taxonomy/term treeview is broken
* Issue 2394: Installer theme is broken
* Issue 2384: EAD - dates not importing
* Issue 2382: Unauthorized users should not be able to view PREMIS rights
* Issue 2377: Search for donor name produces no results for authenticated user/admin
* Issue 2376: Repository names mixed with Authority record names in drop-down, selection of Repository name results in 404 error
* Issue 2368: User orange circle "a" favicon for release 1.3
* Issue 2365: In Edit digital object screen, substitute new representation results in white screen
* Issue 2364: In Edit digital object screen, changing mediatype causes white screen
* Issue 2360: Rights holder name appears in drop-down/suggested list for Name of Creator data entry field
* Issue 2348: User Groups unavailable in drop-down when Admin tried to add new user in Trillium theme and Chrome browser
* Issue 2344: New information objects created from the accession page are not linked
* Issue 2337: User with translation rights is unable to edit the information in ISAAR fields
* Issue 2334: Draft status records not appearing in search results for authenticated users
* Issue 2330: Admin cannot view user permissions by repository
* Issue 2323: Add fulltext search for accessions
* Issue 2314: Add copyright status to advanced search
* Issue 2313 Hide accession numbers in archival description from public
* Issue 2311: Delete reference copy of digital object and replace or regenerate copy causes error
* Issue 2298: Can't delete final UF field from taxonomy term
* Issue 2291: Translation interface broken
* Issue 2286: Using "+" in Treeview at Series-level, reveals child-levels without Publication Status "Draft"
* Issue 2284: Administrator unable to edit new user account's active status or edit new user account
* Issue 2276: Search results for PDF, TIFF and JPEG produce multiples.
* Issue 2273: Deleted archival description included in search results.
* Issue 2272: Change field label "Archival history" to "Archival /Custodial history" in Accessions template
* Issue 2270: SQL-only data schema upgrades / Switch migration task to direct db updates instead of YAML upgrades
* Issue 2263: Solve taxonomy and term constant
* Issue 2246: Moving an information object can break the nested set
* Issue 2238: Full reference code for archival descriptions is truncated in search results screen
* Issue 2235: Defaut sort order setting (Alphabetic or Last Updated) should be Admin Configurable
* Issue 2234: Qubit-sword daemon stops working after a long time running (MySQL server has gone away)
* Issue 2220: Migrate task in 1.2 release is not bumping database version during upgrades
* Issue 2212: Lucene Range Search broken in ICA-AtoM 1.2
* Issue 2209: Server 500 error on multiple record deletion
* Issue 2207: Apache (with mod_rewrite?) returns Forbidden error if permalink slug is more than 255 characters
* Issue 2206: Reports - Date field at file and item level populated with date from fonds-level
* Issue 2203: Browse menu translated in Caribou but NOT other themes. Browse results page title not translated.
* Issue 2198: Fatal error viewing file/item report in language other than English
* Issue 2197: In ICA-AtoM Selecting Dublin Core as the default template in Admin>settings does not change resource edit template. Defaults to ISAD(G).
* Issue 2168: Translated UI labels appear in English
* Issue 2147: Trillium theme css not sticking in narrow Safari browser window
* Issue 2143: Trillium: pager alignment is inconsistent
* Issue 2141: Unable to activate a theme when browsing in a language distinct to english
* Issue 2048: Link to ALOUETTE.ca on ABOUT page is wrong, replace with DCB link.
* Issue 2035: RAD Note field for Language needs to be text, not a list of languages
* Issue 1995: Segmentation faults when calling _toString() magic method implicitly
* Issue 1983: Actor records (users, authority records and repositories) cause incorrect hit count for authenticated users
* Issue 1975: ICA-AtoM virtual appliance does not work under VirtualBox 4.0.4
* Issue 1943: Context menu "see all" links are not useful for a large number (100+) of children
* Issue 1915: User profile should include institutional (repository) affiliation
* Issue 1628: String fields in the db are limited to 255 characters but Users demand bigger sizes and there is no warning
* Issue 1519: When logged in user doesn't have update permission to update archival descriptions, can partially drag and drop in hierarchy treeview
* Issue 1409: Users without view draft permissions can navigate to drafts in information object treeview hierarchy
* Issue 1344: Information div titles in edit screens disappear when scrolled over or clicked on
* Issue 1280: Prevent same user from being created more than once
* Issue 1113: Can't delete a user if they have created a note
* Issue 767: Include physical objects (i.e. storage containers) in the search index

[[Category:Releases]]

__NOTOC__

Security

2012-08-08T17:42:38Z

David: /* Settings */

'''AtoM''' implements web application best practice for security.

Security features include:
* User passwords are hashed using the [http://en.wikipedia.org/wiki/SHA-1 SHA-1] hashing algorithm with a randomly generated [http://en.wikipedia.org/wiki/Salt_%28cryptography%29 salt]
* Protection against [http://en.wikipedia.org/wiki/SQL_injection SQL Injection] attacks via the [http://php.net/manual/en/book.pdo.php PHP PDO] database interface

User authentication is cookie based, so privileged users should restrict access to a trusted network (e.g. internal LAN or encrypted WiFi network) or use [http://en.wikipedia.org/wiki/Transport_Layer_Security Transport Layer Security (TLS)] to prevent [http://en.wikipedia.org/wiki/Session_hijacking Session hijacking]. See the ''require_ssl_admin'' setting below for forcing TLS access in [[Release 1.3]] and later.

Because '''AtoM''' is a web application, it is necessary to adequately secure the web server against attacks, both at the operating system (e.g. Windows, Mac OS X, Ubuntu Linux) and web server application (e.g. Apache, IIS, nginx) level. The web server environment should be configured by an experienced systems administrator in accordance with current "best practice" standards. See the [[Qubit:Security|Qubit Toolkit Security]] documentation for more information about sensitive files within '''AtoM''' that may require extra protection.

== Settings ==

In [[Release 1.3]] three new security settings are added to '''AtoM''':

* '''require_ssl_admin''': see [[Qubit:TLS|TLS]] for more details

* '''require_strong_passwords''': enhance login validation to force use of strong passwords. At least 8 characters long, contains characters from 3 of the following classes:
*# Upper case letters
*# Lower case letters
*# Numbers
*# Special characters

* '''limit_admin_ip''': limit incoming requests for all administrator functionality to an IP address IP range. Two examples:
*# 192.168.0.1
*# 192.168.0.1-192.168.0.255

These options are changeable under the settings page. You must be an administrator.

Options 'require_ssl_admin' and 'limit_admin_ip' can be bypassed using the [[Qubit:Debug mode|Debug mode]], which can only be accessed via the server's loopback interface in the default configuration.

Security

2012-08-08T17:40:09Z

David: /* Settings */

'''AtoM''' implements web application best practice for security.

Security features include:
* User passwords are hashed using the [http://en.wikipedia.org/wiki/SHA-1 SHA-1] hashing algorithm with a randomly generated [http://en.wikipedia.org/wiki/Salt_%28cryptography%29 salt]
* Protection against [http://en.wikipedia.org/wiki/SQL_injection SQL Injection] attacks via the [http://php.net/manual/en/book.pdo.php PHP PDO] database interface

User authentication is cookie based, so privileged users should restrict access to a trusted network (e.g. internal LAN or encrypted WiFi network) or use [http://en.wikipedia.org/wiki/Transport_Layer_Security Transport Layer Security (TLS)] to prevent [http://en.wikipedia.org/wiki/Session_hijacking Session hijacking]. See the ''require_ssl_admin'' setting below for forcing TLS access in [[Release 1.3]] and later.

Because '''AtoM''' is a web application, it is necessary to adequately secure the web server against attacks, both at the operating system (e.g. Windows, Mac OS X, Ubuntu Linux) and web server application (e.g. Apache, IIS, nginx) level. The web server environment should be configured by an experienced systems administrator in accordance with current "best practice" standards. See the [[Qubit:Security|Qubit Toolkit Security]] documentation for more information about sensitive files within '''AtoM''' that may require extra protection.

== Settings ==

In [[Release 1.3]] three new security settings are added to '''AtoM''':

* '''require_ssl_admin''': see [[Qubit:TLS|TLS]] for more details

* '''require_strong_passwords''': enhance login validation to force use of strong passwords. At least 8 characters long, contains characters from 3 of the following classes:
*# Upper case letters
*# Lower case letters
*# Numbers
*# Special characters

* '''limit_admin_ip''': limit incoming requests for all administrator functionality to an IP address IP range. Two examples:
*# 192.168.0.1
*# 192.168.0.1-192.168.0.255

These options are changeable under the settings page. You must be an administrator.

Options 'require_ssl_admin' and 'limit_admin_ip' can be bypassed using the [[Qubit:Debug mode|Debug mode]], which can only be accessed from the local machine loopback address by default.

Security

2012-08-08T17:39:51Z

David: /* Settings */

Security

2012-08-01T17:50:22Z

David:

Security

2012-08-01T17:49:50Z

David:

'''AtoM''' implements web application best practice for security.

Security features include:
* User passwords are hashed using the [http://en.wikipedia.org/wiki/SHA-1 SHA-1] hashing algorithm with a randomly generated [http://en.wikipedia.org/wiki/Salt_%28cryptography%29 salt]
* Protection against [http://en.wikipedia.org/wiki/SQL_injection SQL Injection] attacks via the [http://php.net/manual/en/book.pdo.php PHP PDO] database interface

User authentication is cookie based, so privileged users should restrict access to a trusted network (e.g. internal LAN or encrypted WiFi network) or using [http://en.wikipedia.org/wiki/Transport_Layer_Security Transport Layer Security (TLS)] to prevent [http://en.wikipedia.org/wiki/Session_hijacking Session hijacking]. See the ''require_ssl_admin'' setting below for forcing TLS access in [[Release 1.3]] and later.

Because '''AtoM''' is a web application, it is necessary to adequately secure the web server against attacks, both at the operating system (e.g. Windows, Mac OS X, Ubuntu Linux) and web server application (e.g. Apache, IIS, nginx) level. The web server environment should be configured by an experienced systems administrator in accordance with current "best practice" standards. See the [[Qubit:Security|Qubit Toolkit Security]] documentation for more information about sensitive files within '''AtoM''' that may require extra protection.

== Settings ==

In [[Release 1.3]] three new security settings are added to '''AtoM''':

* '''require_ssl_admin''': see [[Qubit:TLS|TLS]] for more details

* '''require_strong_passwords''': enhance login validation to force use of strong passwords. At least 8 characters long, contains characters from 3 of the following classes:
*# Upper case letters
*# Lower case letters
*# Numbers
*# Special characters

* '''limit_admin_ip''': limit incoming requests for all administrator functionality to an IP address IP range. Two examples:
*# 192.168.0.1
*# 192.168.0.1-192.168.0.255

These options are changeable under the settings page. You must be an administrator.

Options 'require_ssl_admin' and 'limit_admin_ip' can be bypassed using the [[Qubit:Debug mode|Debug mode]].

Security

2012-08-01T17:48:39Z

David:

'''AtoM''' implements web application best practice for security.

Security features include:
* User passwords are hashed using the [http://en.wikipedia.org/wiki/SHA-1 SHA-1] hashing algorithm with a randomly generated [http://en.wikipedia.org/wiki/Salt_%28cryptography%29 salt]
* Protection against [http://en.wikipedia.org/wiki/SQL_injection SQL Injection] attacks via the [http://php.net/manual/en/book.pdo.php PHP PDO] database interface

User authentication is cookie based, so privileged users should restrict access to a trusted network (e.g. internal LAN or encrypted Wifi connection) or using [http://en.wikipedia.org/wiki/Transport_Layer_Security Transport Layer Security (TLS)] to prevent [http://en.wikipedia.org/wiki/Session_hijacking Session hijacking]. See the ''require_ssl_admin'' setting below for forcing TLS access in [[Release 1.3]] and later.

Because '''AtoM''' is a web application, it is necessary to adequately secure the web server against attacks, both at the operating system (e.g. Windows, Mac OS X, Ubuntu Linux) and web server application (e.g. Apache, IIS, nginx) level. The web server environment should be configured by an experienced systems administrator in accordance with current "best practice" standards. See the [[Qubit:Security|Qubit Toolkit Security]] documentation for more information about sensitive files within '''AtoM''' that may require extra protection.

== Settings ==

In [[Release 1.3]] three new security settings are added to '''AtoM''':

* '''require_ssl_admin''': see [[Qubit:TLS|TLS]] for more details

* '''require_strong_passwords''': enhance login validation to force use of strong passwords. At least 8 characters long, contains characters from 3 of the following classes:
*# Upper case letters
*# Lower case letters
*# Numbers
*# Special characters

* '''limit_admin_ip''': limit incoming requests for all administrator functionality to an IP address IP range. Two examples:
*# 192.168.0.1
*# 192.168.0.1-192.168.0.255

These options are changeable under the settings page. You must be an administrator.

Options 'require_ssl_admin' and 'limit_admin_ip' can be bypassed using the [[Qubit:Debug mode|Debug mode]].

Security

2012-08-01T17:48:02Z

David:

'''AtoM''' implements web application best practice for security.

Security features include:
* User passwords are hashed using the [http://en.wikipedia.org/wiki/SHA-1 SHA-1] hashing algorithm with a randomly generated [http://en.wikipedia.org/wiki/Salt_%28cryptography%29 salt]
* Protection against [http://en.wikipedia.org/wiki/SQL_injection SQL Injection] attacks via the [http://php.net/manual/en/book.pdo.php PHP PDO] database interface

User authentication is cookie based, so privileged users should restrict access to a trusted network (e.g. internal LAN or encrypted Wifi connection) or using [http://en.wikipedia.org/wiki/Transport_Layer_Security Transport Layer Security (TLS)] to prevent [http://en.wikipedia.org/wiki/Session_hijacking Session hijacking]. See the ''require_ssl_admin'' setting below for forcing TLS access in [[Release 1.3]] and later.

Because '''AtoM''' is a web application, it is necessary to adequately secure the web server against attacks, both at the operating system (e.g. Windows, Mac OS X, Ubuntu Linux) and web server application (e.g. Apache, IIS, nginx) level. The web server environment should be configured by an experienced systems administrator in accordance with current "best practice" standards. See the [[Qubit:Security|Qubit Security]] documentation for more information about sensitive files within '''AtoM''' that may require extra protection.

== Settings ==

In [[Release 1.3]] three new security settings are added to '''AtoM''':

* '''require_ssl_admin''': see [[Qubit:TLS|TLS]] for more details

* '''require_strong_passwords''': enhance login validation to force use of strong passwords. At least 8 characters long, contains characters from 3 of the following classes:
*# Upper case letters
*# Lower case letters
*# Numbers
*# Special characters

* '''limit_admin_ip''': limit incoming requests for all administrator functionality to an IP address IP range. Two examples:
*# 192.168.0.1
*# 192.168.0.1-192.168.0.255

These options are changeable under the settings page. You must be an administrator.

Options 'require_ssl_admin' and 'limit_admin_ip' can be bypassed using the [[Qubit:Debug mode|Debug mode]].

Security

2012-08-01T17:47:13Z

David:

'''AtoM''' implements web application best practice for security.

Security features include:
* User passwords are hashed using the [http://en.wikipedia.org/wiki/SHA-1 SHA-1] hashing algorithm with a randomly generated [http://en.wikipedia.org/wiki/Salt_%28cryptography%29 salt]
* Protection against [http://en.wikipedia.org/wiki/SQL_injection SQL Injection] attacks via the [http://php.net/manual/en/book.pdo.php PHP PDO] database interface

User authentication is cookie based, so privileged users should restrict access to a trusted network (e.g. internal LAN or encrypted Wifi connection) or using [http://en.wikipedia.org/wiki/Transport_Layer_Security Transport Layer Security (TLS)] to prevent [http://en.wikipedia.org/wiki/Session_hijacking Session hijacking]. See the ''require_ssl_admin'' setting below for forcing TLS access in [[Release 1.3]] and later.

Because '''AtoM''' is a web application, it is necessary to adequately secure the web server against attacks, both at the operating system (e.g. Windows, Mac OS X, Ubuntu Linux) and web server application (e.g. Apache, IIS, nginx) level. The web server environment should be configured by an experienced systems administrator in accordance with current "best practice" standards. See also [[Qubit:Security Qubit Security page]] for information about sensitive files with '''AtoM''' that require extra protection.

== Settings ==

In [[Release 1.3]] three new security settings are added to '''AtoM''':

* '''require_ssl_admin''': see [[Qubit:TLS|TLS]] for more details

* '''require_strong_passwords''': enhance login validation to force use of strong passwords. At least 8 characters long, contains characters from 3 of the following classes:
*# Upper case letters
*# Lower case letters
*# Numbers
*# Special characters

* '''limit_admin_ip''': limit incoming requests for all administrator functionality to an IP address IP range. Two examples:
*# 192.168.0.1
*# 192.168.0.1-192.168.0.255

These options are changeable under the settings page. You must be an administrator.

Options 'require_ssl_admin' and 'limit_admin_ip' can be bypassed using the [[Qubit:Debug mode|Debug mode]].