[EP-tech] Allowing access to thumbnails of secure documents

John Salter J.Salter at leeds.ac.uk
Thu Oct 10 08:20:12 BST 2013


Hi,
I’m trying to allow access to thumbnails of non-public documents.

I’ve already added a thumbnail security option to the documents, and the generated thumbnails now have an appropriate 'security' set.
When a request for a thumbnail is submitted e.g. http://repo.ac.uk/123/1.hassmallThumbnailVersion/filename.tif, the HTTP response is based on the security of the owning document, not the thumbnail document.

When the request is processed by the code in ~/archives/ARCHIVEID/cfg/cfg.d/security.pl, the $doc is already the parent document.
$c->{can_request_view_document} = sub
{
        my( $doc, $r ) = @_;
…
}

The $r passed to can_request_view_document does contain the correct document in $r->pnotes->{dataobj}, but is there an elegant way of determining that the request is for a related-document?

This:
if($r->pnotes->{dataobj}->get_value("security") eq “public” && $status eq "archive" ){
  return( “ALLOW” );
}
feels a little hacky - but seems to work OK…

Cheers,
John



More information about the Eprints-tech mailing list