<html><head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body>
<p>Hi Raja,</p>
<p>The logic to check whether someone has access to a document is as
follows:</p>
<p> if( $priv eq "document/view" )<br>
{<br>
my $r;<br>
if( defined $user )<br>
{<br>
$r = $self->{session}->call(
"can_user_view_document",<br>
$self,<br>
$user<br>
);<br>
return 1 if $r eq "ALLOW";<br>
return 0 if $r eq "DENY";<br>
EPrints->abort( "can_user_view_document
returned '$r': expected ALLOW or DENY" );<br>
}<br>
else<br>
{<br>
$r = $self->{session}->call(
"can_request_view_document",<br>
$self,<br>
$self->{session}->{request}<br>
);<br>
return 1 if $r eq "ALLOW";<br>
return 0 if $r eq "DENY" || $r eq "USER";<br>
EPrints->abort(
"can_request_view_document returned '$r': expected ALLOW, DENY or
USER" );<br>
}<br>
}<br>
<br>
If the code you provides within the configuration option
$c->{can_user_view_document} or
$c->{can_request_view_document}. If it is the former (i.e.
can_user...) then the only valid options are ALLOW or DENY. USER
is only valid for the can_request_view_document and even there it
not intended to be used to give access to documents (this should
only ever be ALLOW), it just prevent an abort. I have to admit I
don't know what the purpose of USER as a return value is, I think
it may still be there for legacy reasons. Therefore, I would
change you code where it says USER and set this to ALLOW inside
both the code blocks for $c->{can_user_view_document} and
$c->{can_request_view_document}.</p>
<p>Also, I have fixed a known bug with the
perl_lib/EPrints/DataObj/Document.pm to deal with permission
issues when you have been given access through "Request a Copy"
but are also logged in as a user but without the permissions to
access the requested document. The new code to be releases in
3.4.3 can be found at:</p>
<p><a class="moz-txt-link-freetext" href="https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Feprints%2Feprints3.4%2Fblob%2Fmaster%2Fperl_lib%2FEPrints%2FDataObj%2FDocument.pm&data=04%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C2aa0aea5aee242635bb908d8bbd8874a%7C4a5378f929f44d3ebe89669d03ada9d8%7C0%7C0%7C637465885951406805%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=1rKbZh2KHVUADoJhMfTNI0UkAugieP9hXpstYL4gQLw%3D&reserved=0" originalSrc="https://github.com/eprints/eprints3.4/blob/master/perl_lib/EPrints/DataObj/Document.pm" shash="sHpV+iRY0e0AXEsT5TitJXxIBhxPKueK8vbSm3gS6TUqzifsFu4nciAcbHk7FtBWcNW5vHFB9Y1hg4QRMSwtI1s5hG5GDvtKzh4xzrNDUxzTvEveG6RbUHC8g6X0lrCAObCCJiAeBzl2fcI8rMJbM2ILIXHV5IOp4sKKN1Rqu8g=">https://github.com/eprints/eprints3.4/blob/master/perl_lib/EPrints/DataObj/Document.pm</a></p>
<p>Regards</p>
<p>David Newman<br>
</p>
<p> <br>
</p>
<div class="moz-cite-prefix">On 18/01/2021 17:16, RAJA VISHWA wrote:<br>
</div>
<blockquote type="cite" cite="mid:CAAZXAPF=eKcxm_fjzGL0V5L1yAgLW4tKmVYBJxRDEBU6kR7zuA@mail.gmail.com">
<div style="padding-bottom: 10px; padding-top: 5px;">
<div style="padding:12px; border:1px solid #8D3970;
background-color:#F7F9FA; color:#8D3970; font-size:14px;
line-height:22px; font-family: Calibri, Arial, Helvetica,
sans-serif;">
<strong>CAUTION:</strong> This e-mail originated outside the
University of Southampton.
</div>
</div>
<div>
<div dir="ltr">
<div>Hi David,</div>
<div>I just did the following code. But no luck. </div>
<i style="background-color:rgb(255,242,204)"> my $ip =
$doc->repository->remote_ip();<br>
my( $res, $passwd_sent ) =
$r->get_basic_auth_pw;<br>
my( $user_sent ) = $r->user;<br>
if( defined $user_sent )<br>
{<br>
if( $user_sent eq "foo" &&
$passwd_sent eq "bar" )<br>
{<br>
return "ALLOW";<br>
}<br>
return a 403.<br>
$r->note_basic_auth_failure;<br>
return "DENY";<br>
}<br>
my( $oncampus ) = 0;<br>
$oncampus = 1 if( $ip eq "my_campus_ip" );<br>
return( "USER" ) if( $security eq
"campus_and_validuser" && $oncampus );<br>
return( "ALLOW" ) if( $security eq
"campus_or_validuser" && $oncampus );<br>
return( "ALLOW" ) if( $security eq "campus"
&& $oncampus );<br>
return( "USER" );</i><br>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Mon, Jan 18, 2021 at 7:29
PM David R Newman <<a href="mailto:drn@ecs.soton.ac.uk" moz-do-not-send="true">drn@ecs.soton.ac.uk</a>> wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">
<div>
<p>Hi Raja,</p>
<p>Yes, there should be settings for this in your
archive's cfg/cfg.d/<a href="https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fsecurity.pl%2F&data=04%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C2aa0aea5aee242635bb908d8bbd8874a%7C4a5378f929f44d3ebe89669d03ada9d8%7C0%7C0%7C637465885951416764%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=%2F0Np9HuYP2OuS1hRbpBb6s4J3XDFRFf3gN3kxy8uL70%3D&reserved=0" originalSrc="http://security.pl/" shash="yPP4ERTzlVTgzuy62aynhljLPbl4UC+0jR0xmTJs8c66UHG0qLgC2TmzjVitBZTfKgwoWxQS68faoPfrquQ/Dxh5ur2+/6tEvk19O3x+rPLumZTIUQndYyVasYlsaxsZUSLGlH8M0kPK/41rX6anWhO7s4wxFGCeBSfKaqLBg64=" originalsrc="http://security.pl/" shash="gv/wfnKa3tJvsqCNOkpwlHyVK0Ir+V8A8Hp6Jx7xsCT+LXMYVvPULql8nFDgNdOjzL7LZYyyz8kQfyc8hjCryJ1+iJqgNMsSNYNklt5tqKNfEHZRj5AjRpUyFf7W/5W54YOso4IFxc7vMoCf2JSo/RabskjshmueDfgaM+9227Y=" target="_blank" moz-do-not-send="true">security.pl</a>.
Be careful to make sure you the function to lookup the
IP addess looks like:</p>
<p>my $ip = $eprint->repository->remote_ip();</p>
<p>As the older way of doing this breaks in recent
versions of Apache and can make documents publicly
accessible you would not otherwise intend to be.</p>
<p>Regards</p>
<p>David Newman<br>
</p>
<div>On 18/01/2021 13:43, RAJA VISHWA via Eprints-tech
wrote:<br>
</div>
<blockquote type="cite">
<div style="padding-bottom:10px;padding-top:5px">
<div style="padding:12px;border:1px solid
rgb(141,57,112);background-color:rgb(247,249,250);color:rgb(141,57,112);font-size:14px;line-height:22px;font-family:Calibri,Arial,Helvetica,sans-serif"><strong>CAUTION:</strong>
This e-mail originated outside the University of
Southampton.
</div>
</div>
<div>
<div dir="auto"><span style="font-family:sans-serif;font-size:12.8px">Dear
Team,</span>
<div style="font-family:sans-serif;font-size:12.8px" dir="auto"><br>
<div><font face="comic sans ms, sans-serif" color="#000000">Is it possible to allow
restricted document access from the
institution's IP?</font></div>
<div><font face="comic sans ms, sans-serif" color="#000000"><br>
</font></div>
<div><font face="comic sans ms, sans-serif" color="#000000">For example, any request is
coming from Institution IP ranges shall we
allow them to access the protected content
without authentication?</font></div>
<div><font face="comic sans ms, sans-serif" color="#000000"><br>
</font></div>
<div><font face="comic sans ms, sans-serif" color="#000000">I just try to configure the
file which available ( <a href="https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwiki.eprints.org%2Fw%2FEPrints_User_Group_2015-01-13&data=04%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C2aa0aea5aee242635bb908d8bbd8874a%7C4a5378f929f44d3ebe89669d03ada9d8%7C0%7C0%7C637465885951416764%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=Gf258utavGzC%2BkIBiHJlJEaxzsMHI%2BWDOHNsDOXlS0Y%3D&reserved=0" originalSrc="https://wiki.eprints.org/w/EPrints_User_Group_2015-01-13" shash="HLT6hkJUQEcooz3vM25iooI/EHb+wpDVw5d9S/zhVrMO9T9bvPE/ODwt1fj3XknHizUAaEXDeBxQLYMPevphe5uQRaNAbXE3ARgsQdeyjhofkf1XNFGZeBlS0d3ppMwtvkJhoEYu/zEjB78nk1fzRfeYdKCUYzln4XlQWApzLs4=" originalsrc="https://wiki.eprints.org/w/EPrints_User_Group_2015-01-13" shash="pmpTvlDdGRD0tnKaNCN5cQXDmaEjcx/Est7G6VqBBnv1NKP65CQOliMaLKXNtZwr0iFKIKr/O4Gtuf2Wgw4D6iILcge3TzMHMSF/mvnpH5kOkr/E39bkoRwzy57iEhw5xNqxTx0gGTEdy1HZmB1zVSdlVlllca3mIEzcN8XzRAs=" style="text-decoration-line:none;color:rgb(66,133,244)" target="_blank" moz-do-not-send="true">https://wiki.eprints.org/w/EPrints_User_Group_2015-01-13</a>)
at /opt/eprints3/archives/xxx/cfg/cfg.d/<a href="https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fsecurity.pl%2F&data=04%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C2aa0aea5aee242635bb908d8bbd8874a%7C4a5378f929f44d3ebe89669d03ada9d8%7C0%7C0%7C637465885951426723%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=OxhgAusJ4i67AzgR%2FXjyz0RDbK5ds1cgqkBe87NdkpM%3D&reserved=0" originalSrc="http://security.pl/" shash="aKp7GZNKd51Lc2Jw2UExmroYRnLn8t49G4wnm+TsmF5VkvcdhkQ7OTD4b2Cgif6VkkxqAd0UR+f/YPMKt3GpEGSwfJccIV9NYZls0D2Czt3+CccZVeW6fFHnyYn7+lM1cg0SVPBKTnRA2hxl+Chgjd4SR6zt4hOI1NBeuW86Z18=" originalsrc="http://security.pl/" shash="Jvn7qFiOZ/MXztu/MF3/MtlrAHPqC4AvzHsDfzmoq/1DoklpMGnNAr1ebFIGU/AtMpkpoLYw08SxHaww4atmo4xDUt0kW78sByz7O3gKoQ2J4B63ezUlu3g8espCQUz4DM1y4i1rxv3r2w4nvMyb/WJeaNzzmu0WsR8iSndu19I=" style="text-decoration-line:none;color:rgb(66,133,244)" target="_blank" moz-do-not-send="true">security.pl</a>. But
no luck.</font></div>
<div><font face="comic sans ms, sans-serif" color="#000000"><br>
</font></div>
<div><font face="comic sans ms, sans-serif" color="#000000">Could anyone help me out?</font></div>
<div><font face="comic sans ms, sans-serif" color="#000000"><br>
</font></div>
<div><font face="comic sans ms, sans-serif" color="#000000">Thanks,</font></div>
<div><font face="comic sans ms, sans-serif" color="#000000">Raja V</font></div>
</div>
</div>
</div>
<br>
<fieldset></fieldset>
<pre>*** Options: <a href="http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-tech" target="_blank" moz-do-not-send="true">http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-tech</a>
*** Archive: <a href="https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.eprints.org%2Ftech.php%2F&data=04%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C2aa0aea5aee242635bb908d8bbd8874a%7C4a5378f929f44d3ebe89669d03ada9d8%7C0%7C0%7C637465885951436675%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=EwUD5Sedq8rTFbwC%2Fjwctede59AyKktTArhiO0UJAzY%3D&reserved=0" originalSrc="http://www.eprints.org/tech.php/" shash="U4wci0byV3e69ZF4Xlz01qQTvrsszpc04j/bXcL5zTA/RLAgxm5pR6HRV0LncvinpJ/V06GbUAfd0hvGn76KE/SBkx6Zz+BgUbVwVcYH+eBK9n4i5eL5UxSBN9XBbt6d7UP8bFCd5W1GrD78F9scUU4ma3HCN+Vfo6k7uBDRoh8=" originalsrc="http://www.eprints.org/tech.php/" shash="wDFJ0oiOBCCtHfdJAQsZ/o9x098toWx7MNuUvJDVm52V9NdXde5edNQqTyzN6cx2zXzV3tJZozw9vlSupU8rdCHP/F4PLu4glejWr8/yTyOfiXTNsa6Egj080kHED0tTY9dwMEmtD/TP3FgYJs8427s9wIzUCg95GW6yAOAkqxU=" target="_blank" moz-do-not-send="true">http://www.eprints.org/tech.php/</a>
*** EPrints community wiki: <a href="https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwiki.eprints.org%2F&data=04%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C2aa0aea5aee242635bb908d8bbd8874a%7C4a5378f929f44d3ebe89669d03ada9d8%7C0%7C0%7C637465885951436675%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=pKidy%2FBHNPUWok%2Bx6LvRhTRoYKg%2FQzfTsnTuRlQWqcw%3D&reserved=0" originalSrc="http://wiki.eprints.org/" shash="GobIIsmHmb18JZjS+nhGDlqoRJFXUwIkwkjGBWZvXBVDdsIj+c9ycfSdu1KCgP1q0YsY4EfXOFWbGt9IrBIMbTQVvL2Ieq0gMj3UpIZgUeJ2+By+R+Man3t+z9w6O1/jrqgjq3LktpxJugEU67g5+q3LQZ9Jvk7d1cluMh/mSSQ=" originalsrc="http://wiki.eprints.org/" shash="WcbDrqe58PVyrNAhLKvph7nhmx6sK/zoQJDsZYEU4g3nj06RLSNE5JGQ9FYuORjSmmI1j6H2yVlHJ4CbK0YqIYYprsOEekJkoSLRpFbOg855bsPtxGdC1BMc3gxMn4AhVknTK1ktEp8u2Ao0q/t8rIdjFm/Ejas1JTsHCkLEESM=" target="_blank" moz-do-not-send="true">http://wiki.eprints.org/</a></pre>
</blockquote>
<div id="gmail-m_8862082949221040355DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2"><br>
<table style="border-top:1px solid rgb(211,212,222)">
<tbody>
<tr>
<td style="width:55px;padding-top:13px"><a href="https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.avg.com%2Femail-signature%3Futm_medium%3Demail%26utm_source%3Dlink%26utm_campaign%3Dsig-email%26utm_content%3Demailclient&data=04%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C2aa0aea5aee242635bb908d8bbd8874a%7C4a5378f929f44d3ebe89669d03ada9d8%7C0%7C0%7C637465885951446632%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=cdRgtVJvTWqAjXMtbHp5kZeqVhrF9ttz%2FDGrVp%2F6t3w%3D&reserved=0" originalSrc="http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient" shash="Rz7os1b5Ua9lrWPTzAoHXJoKEQnDARJwxGHIrU1RLK7BhZV2tSFaZEgnC4F5kjkq/bXVFIaS+nj4v06Q88cBwbeoBE0QxrLJ6w6DoPKg7Osu0mdbZVFGKbtCwlUXrRMA1g1BBMqtwNtBpaZpH57oTHxi5KufGh8jucGq1ITLfdo=" originalsrc="http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient" shash="KiHUiRY6MY3/81LKezRooh0Hekuq1V5V6VwQ9djpcO/rLRqbgLtnREXaZi5GLuVTJxKZq+JwYbfiQyYW0gvDsMDPC7t/w8LxLbUtFCipxZqZR3LF7Ct2zaJjBvQXz6YB8YTJTpHOPHBrO+tF9HNRl2JDS6lC0+eijQ/CmamXy4c=" target="_blank" moz-do-not-send="true"><img src="https://ipmcdn.avast.com/images/icons/icon-envelope-tick-green-avg-v1.png" alt="" style="width: 46px; height: 29px;" moz-do-not-send="true" width="46" height="29"></a></td>
<td style="width:470px;padding-top:12px;color:rgb(65,66,78);font-size:13px;font-family:Arial,Helvetica,sans-serif;line-height:18px">Virus-free.
<a href="https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.avg.com%2Femail-signature%3Futm_medium%3Demail%26utm_source%3Dlink%26utm_campaign%3Dsig-email%26utm_content%3Demailclient&data=04%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C2aa0aea5aee242635bb908d8bbd8874a%7C4a5378f929f44d3ebe89669d03ada9d8%7C0%7C0%7C637465885951456591%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=SSCED%2BCmiaIc7UpNjvCiyom58nZtNafYSAE%2B4VGNGMw%3D&reserved=0" originalSrc="http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient" shash="IViDKX69zS3vi3eN7ZyZj5BKs4cNqoKqlxOuvx+mzlZaUyEv5gL+JsTUb2nXKo5Ei2ou2adjwP3aicNjidVdey5mN9cJ6VAtPYF2hPsWk4+j+Eq4hf2x89V3hdB/SVuMXEKDeF+ILMZoWZFo/iLounyNZGf8Ky4TMeSFSE41PhI=" originalsrc="http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient" shash="KiHUiRY6MY3/81LKezRooh0Hekuq1V5V6VwQ9djpcO/rLRqbgLtnREXaZi5GLuVTJxKZq+JwYbfiQyYW0gvDsMDPC7t/w8LxLbUtFCipxZqZR3LF7Ct2zaJjBvQXz6YB8YTJTpHOPHBrO+tF9HNRl2JDS6lC0+eijQ/CmamXy4c=" style="color:rgb(68,83,234)" target="_blank" moz-do-not-send="true">
www.avg.com</a> </td>
</tr>
</tbody>
</table>
</div>
</div>
</blockquote>
</div>
<br clear="all">
<div><br>
</div>
-- <br>
<div dir="ltr" class="gmail_signature">
<div dir="ltr">Thanks with Regards,<br>
Raja V</div>
</div>
</div>
</blockquote>
</body>
</html>