Access Control Layer

From EPrints Documentation
Revision as of 16:11, 3 October 2014 by Libjlrs (talk | contribs)
Jump to: navigation, search

This development is designed to allow access restrictions to be placed on EPrints, Documents and other data objects.

The model we're currently work with is:

Authenticating Authority (AA) - a trusted sign-in method that may also provide some knowledge about the person signing in, and offer groupings based on their attributes.

ACLRole - These are configured based on what an AA can offer. When a user signs in, any ACLRoles that the AA can grant to the user are added to their session. A user could sign in via more than one AA at a time.

ACLGroup - A set of ACLRoles that can be applied to an EPrint/Document/?. When access to the item is requested, the session ACLRoles are checked against the allowed ACLRoles. If there is a match, access is granted.

When we make this shizzle, how should it be done?

Things to do

  • LogHandler - what do we log an when? See ~/perl_lib/EPrints/Apache/Rewrite.pm@515
  • Check poly-lingual behaviour
  • Check behaviour for summary_page and summary_page_denied
  • Abstract summary page handler up to dataobj level
  • Add config options to enable summary pages for specific dataobjs $c->{summary_pages}->{document} = ??? filters/citations/logs?

Other thoughts / useful links