Security.pl

From EPrints Documentation
Revision as of 16:27, 23 January 2022 by Drn@ecs.soton.ac.uk (talk | contribs) (Added page about config file)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

EPrints 3 Reference: Directory Structure - Metadata Fields - Repository Configuration - XML Config Files - XML Export Format - EPrints data structure - Core API - Data Objects


Back to cfg.d

This file contains configuration functions for specifying whether a general request or a particular logged in user can access a document. These functions can return one of three different values:

  1. ALLOW - Access to the document is allowed
  2. DENY - Access to the document is not allowed
  3. USER - Access to the document is allowed if the logged in user is permitted access. Redirect to login if no user is logged in.

can_request_view_document

This function determines whether a general request can access a particular document. The default function will do the following checks:

  1. If the document is public and the eprint is in the live archive and returns ALLOW if that is the case.
  2. If there is a "request a copy" code and if that code's request is for permitting access to the document and has not expired and returns ALLOW if that is the case.
  3. If there is a "request a copy" code and coversheets is enabled and the code's request is for permitted for the original document from which the coversheeted version now being accessed is generated and the request has not expired. If this is the case ALLOW is returned.

If none of the criteria are meet then USER is returned.

If the default version of this configuration file, there is commented out code for allowing authenticated access for a web crawler or permitting specific IP addresses for scenarios like on campus access.

can_user_view_document

This function determines if a specific user can access a particular document. The default function will do the following:

  1. If the document is public and the eprint is in the live archive and returns ALLOW if that is the case.
  2. If the document is not public or the eprint is not in the live archive, returns DENY if the user is of type minuser
  3. Returns ALLOW if the document security is validuser and the logged in user is not of type minuser and the eprint is in the live archive.
  4. Returns ALLOW if the document security is staffonly or the eprint is not in the live archive but the user is of type editor or admin or is the depositing user.

If none of these criteria are met DENY is returned.