Access Control Layer

From EPrints Documentation
Revision as of 17:24, 28 October 2014 by Libjlrs (talk | contribs) (Other thoughts / useful links)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
Access Control Layer

This development is designed to allow access restrictions to be placed on EPrints, Documents and other data objects.

The model we're currently work with is:

Authenticating Authority (AA) - a trusted sign-in method that may also provide some knowledge about the person signing in, and offer groupings based on their attributes.

ACLRole - These are configured based on what an AA can offer. When a user signs in, any ACLRoles that the AA can grant to the user are added to their session. A user could sign in via more than one AA at a time.

ACLGroup - A set of ACLRoles that can be applied to an EPrint/Document/?. When access to the item is requested, the session ACLRoles are checked against the allowed ACLRoles. If there is a match, access is granted.

Associated pages

These pages have been created as part of the documentation of our work.


When we make this shizzle, how should it be done?

Things to do

  • LogHandler - what do we log an when? See ~/perl_lib/EPrints/Apache/Rewrite.pm@515
  • Check poly-lingual behaviour
  • Check behaviour for summary_page and summary_page_denied
  • Abstract summary page handler up to dataobj level
  • Add config options to enable summary pages for specific dataobjs $c->{summary_pages}->{document} = ??? filters/citations/logs?

Other thoughts / useful links