I just want simple thing - restrict Omeka site. No acces for anyone without login. Admin users should have possibility to browse and edit content, Viewer users should only view content but without editing or contributing in any way and finally Guest user who can not even view anything unless I permit it on Collection or Item level (for every guest user differently). I tried something with RestrictedSites and Access modules, and tried something with GuestRole, Guest and Guest User, but did not get very far. Any help and insight about this? Thank you so much.
Global Admin / Supervisor / Editor / Reviewer = can access the admin, can edit content, can view private content
Author = can access the admin, can edit content, cannot view private content
Researcher = can access the admin, cannot edit content, cannot view private content
Guest (via the Guest Role module) = cannot access the admin cannot edit content, cannot view private content.
So you need to perform a combination of actions:
to make your public site accessible only by login => the site has to be private
to restrict access to collections, items, and media => all resources must be private
Global Admin / Supervisor / Editor / Reviewer will correspond to what you mean by “Admin.” They will be able to:
access the admin
log in and access the public interface
view and edit private content.
for the equivalent of your “Viewer”, you will have to choose between “Researcher” and “Guest” (via the Guest Role module) depending on whether you want them to be able to access the admin or not. I would recommend “Guest” because a “Researcher” can see all the users’ connection addresses via the admin interface access. The same goes for the equivalent of your “Guest”. Thus, a Guest:
will not be able to access the admin section
to access the private site on the public side after logging in, you must assign them the “Viewer” site role (Site Users - Omeka S User Manual)
to gain visibility of private resources, you must use the Group module and:
Create a group, for example, “Viewer Access” (the name doesn’t matter) and another group, “Exceptional Access,” for example.
Assign the “Viewer Access” group to all resources and users you consider as your Viewers.
Assign the “Exceptional Access” group to all users you consider your Guests and to the resources you want to give them access to.
Note: If you want to give a specific person access to a specific document, you must create a specific group. For example, the “Professor Tournesol” group, and assign the group to the user Triffon Tournesol and the Omeka S resources that he should be able to access after logging in.
Thank you very much for the detailed response – it’ll take me some time to read through everything (the links) and try to recreate it.
Just one additional question – which modules are relevant here? I’m asking because I know that the Access module is said to not work well and is incompatible with the Group module, so it seems to me that the Access module isn’t really an option, especially since you mentioned multiple times that the Group module should be used.
I understand, restricted access always gives us a headache.