https://wiki.ext-9.eprints-hosting.org/w/index.php?action=history&feed=atom&title=Security.plSecurity.pl - Revision history2026-05-10T21:00:57ZRevision history for this page on the wikiMediaWiki 1.43.6https://wiki.ext-9.eprints-hosting.org/w/index.php?title=Security.pl&diff=14283&oldid=prevDrn@ecs.soton.ac.uk: Added page about config file2022-01-23T16:27:54Z<p>Added page about config file</p>
<p><b>New page</b></p><div>{{dirs}}<br />
{{cfgd}}<br />
<br />
This file contains configuration functions for specifying whether a general request or a particular logged in user can access a document. These functions can return one of three different values:<br />
# '''ALLOW''' - Access to the document is allowed<br />
# '''DENY''' - Access to the document is not allowed<br />
# '''USER''' - Access to the document is allowed if the logged in user is permitted access. Redirect to login if no user is logged in.<br />
<br />
== can_request_view_document ==<br />
This function determines whether a general request can access a particular document. The default function will do the following checks:<br />
# If the document is public and the eprint is in the live archive and returns ''ALLOW'' if that is the case.<br />
# If there is a "request a copy" code and if that code's request is for permitting access to the document and has not expired and returns ''ALLOW'' if that is the case.<br />
# If there is a "request a copy" code and coversheets is enabled and the code's request is for permitted for the original document from which the coversheeted version now being accessed is generated and the request has not expired. If this is the case ''ALLOW'' is returned.<br />
If none of the criteria are meet then ''USER'' is returned.<br />
<br />
If the default version of this configuration file, there is commented out code for allowing authenticated access for a web crawler or permitting specific IP addresses for scenarios like on campus access.<br />
<br />
== can_user_view_document ==<br />
This function determines if a specific user can access a particular document. The default function will do the following:<br />
# If the document is public and the eprint is in the live archive and returns ''ALLOW'' if that is the case.<br />
# If the document is not public or the eprint is not in the live archive, returns ''DENY'' if the user is of type ''minuser''<br />
# Returns ''ALLOW'' if the document security is ''validuser'' and the logged in user is not of type ''minuser'' and the eprint is in the live archive.<br />
# Returns ''ALLOW'' if the document security is ''staffonly'' or the eprint is not in the live archive but the user is of type ''editor'' or ''admin'' or is the depositing user.<br />
If none of these criteria are met ''DENY'' is returned.</div>Drn@ecs.soton.ac.uk