[EP-tech] Allowing access to thumbnails of secure documents

John Salter J.Salter at leeds.ac.uk
Thu Oct 10 14:22:42 BST 2013


Hi (tried sending this previously, but the mailing list seemed non-responsive - apologies if you get it more than once!),
I'm trying to allow access to thumbnails of non-public documents.

I've already added a thumbnail_security option (all_public, small_public and none_public) to the documents, and the generated thumbnails now inherit a security based on this value.

By default, when a request for a thumbnail is submitted e.g. http://repo.ac.uk/123/1.hassmallThumbnailVersion/filename.png, the HTTP response is based on the security of the parent document, not the thumbnail document.

When the request is processed (in ~/archives/ARCHIVEID/cfg/cfg.d/security.pl), the $doc is the parent document.
$c->{can_request_view_document} = sub
{
        my( $doc, $r ) = @_;
...
}

The $r passed to can_request_view_document does contain the correct document in $r->pnotes->{dataobj}, but is there an elegant way of determining that the request is for a related-document?

This seems to work OK:
my $tn_doc =  $r->pnotes->{dataobj};
if( defined $tn_doc && $tn_doc->get_value( "security" ) eq "public" && $status eq "archive" )
{
    return( "ALLOW" );
}
but it feels a little 'hacky'. Is there a better way to achieve this?

Cheers,
John

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ecs.soton.ac.uk/pipermail/eprints-tech/attachments/20131010/34d7823b/attachment.html 


More information about the Eprints-tech mailing list