Warning: This page has not been updated in over over a year and may be outdated or deprecated.
configuration:permission_options
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
configuration:permission_options [2017/08/30 14:35] – [Structure of permissionBehavior.ini] demiankatz | configuration:permission_options [2019/08/23 11:15] – [Permission Configuration] demiankatz | ||
---|---|---|---|
Line 5: | Line 5: | ||
VuFind 4.1 added another layer of configuration to the system: the ability to configure exactly what VuFind will do when a particular permission is denied. Permissions may be checked in either controllers or templates, and different options are available for denied permissions in each of these places. A controller may throw an exception or display a custom " | VuFind 4.1 added another layer of configuration to the system: the ability to configure exactly what VuFind will do when a particular permission is denied. Permissions may be checked in either controllers or templates, and different options are available for denied permissions in each of these places. A controller may throw an exception or display a custom " | ||
+ | VuFind 6.1 adds a significant new option to permissionBehavior.ini: | ||
===== Structure of permissionBehavior.ini ===== | ===== Structure of permissionBehavior.ini ===== | ||
Line 16: | Line 17: | ||
See also the following examples, which should illustrate some use cases with permissionBehavior. | See also the following examples, which should illustrate some use cases with permissionBehavior. | ||
+ | |||
+ | ===== Other useful configuration settings ===== | ||
+ | |||
+ | ==== Search Tabs Permissions ==== | ||
+ | |||
+ | VuFind 4.1 introduces a [SearchTabsPermissions] section in [[configuration: | ||
+ | |||
+ | Note that [SearchTabsPermissions] ONLY controls the rendering of tabs. It does not prevent users from accessing the searches that those tabs can produce. To restrict actual searching, you will need to pair some controller-specific rules with your search tab permissions. Examples can be found below. | ||
===== Checking permissions in code ===== | ===== Checking permissions in code ===== | ||
Line 60: | Line 69: | ||
// If a user accesses a restricted page, show a login page as default (unless a deniedControllerBehavior directive overrides that). // | // If a user accesses a restricted page, show a login page as default (unless a deniedControllerBehavior directive overrides that). // | ||
- | PermissionBehavior.ini: | + | permissionBehavior.ini: |
[global] | [global] | ||
defaultDeniedControllerBehavior = " | defaultDeniedControllerBehavior = " | ||
Line 68: | Line 77: | ||
// If a user accesses a restricted page, show a note as default (unless a deniedControllerBehavior directive overrides that). // | // If a user accesses a restricted page, show a note as default (unless a deniedControllerBehavior directive overrides that). // | ||
- | PermissionBehavior.ini: | + | permissionBehavior.ini: |
[global] | [global] | ||
defaultDeniedControllerBehavior = " | defaultDeniedControllerBehavior = " | ||
Line 78: | Line 87: | ||
// Only users from certain IPs are allowed to use the AdminModule. If an unauthorized user enters the Admin module, show a note. // | // Only users from certain IPs are allowed to use the AdminModule. If an unauthorized user enters the Admin module, show a note. // | ||
- | Permissions.ini: | + | permissions.ini: |
[default.AdminModule] | [default.AdminModule] | ||
ipRange = " | ipRange = " | ||
Line 93: | Line 102: | ||
// The button to save a record as a favorite record should be only displayed after a user has logged in. // | // The button to save a record as a favorite record should be only displayed after a user has logged in. // | ||
- | Permissions.ini: | + | permissions.ini: |
[default.Favorites] | [default.Favorites] | ||
role[] = loggedin | role[] = loggedin | ||
permission = feature.Favorites | permission = feature.Favorites | ||
- | PermissionBehavior.ini: | + | permissionBehavior.ini: |
[feature.Favorites] | [feature.Favorites] | ||
- | deniedTemplateBehavior = null | + | deniedTemplateBehavior = " |
=== Always show favorites button, but prompt login on click === | === Always show favorites button, but prompt login on click === | ||
Line 108: | Line 117: | ||
(This is the default behavior in VuFind now). | (This is the default behavior in VuFind now). | ||
- | Permissions.ini: | + | permissions.ini: |
[default.Favorites] | [default.Favorites] | ||
role[] = loggedin | role[] = loggedin | ||
permission = feature.Favorites | permission = feature.Favorites | ||
- | PermissionBehavior.ini: | + | permissionBehavior.ini: |
[feature.Favorites] | [feature.Favorites] | ||
deniedControllerBehavior = " | deniedControllerBehavior = " | ||
Line 119: | Line 128: | ||
==== Primo Central ==== | ==== Primo Central ==== | ||
- | * You are using the PrimoCentral index and are offering it with a seperate register (SearchTab). The user should be allowed to see the register | + | === Suppress tab outside of IP range === |
+ | |||
+ | // You are using the PrimoCentral index and are offering it with a separate search tab. The user should be allowed to see the tab only if logged | ||
+ | |||
+ | config.ini: | ||
+ | [SearchTabs] | ||
+ | Solr = Main | ||
+ | Primo = Extra | ||
+ | |||
+ | [SearchTabsPermissions] | ||
+ | Primo = access.PrimoModule | ||
- | Permissions.ini: | + | permissions.ini: |
[default.primo] | [default.primo] | ||
require = ANY | require = ANY | ||
ipRange = " | ipRange = " | ||
role[] = loggedin | role[] = loggedin | ||
- | permission = access.Primo | + | permission = access.PrimoModule |
- | PermissionBehavior.ini: | + | permissionBehavior.ini: |
- | [access.Primo] | + | [access.PrimoModule] |
- | | + | |
- | * You are using the PrimoCentral index and are offering it with a seperate register (SearchTab). Any user should be allowed to see the register tab, but if the tab is clicked, the user should see a note telling him that he needs to be in a certain | + | === Show note outside of IP range === |
- | Permissions.ini: | + | // You are using the PrimoCentral index and are offering it with a separate search tab. Any user should be allowed to see the tab, but if the tab is clicked, the user should see a note telling him that he needs to be logged in or within a certain IP range to use this tab. // |
- | [default.primo] | + | |
- | require = ANY | + | |
- | ipRange = " | + | |
- | role[] = loggedin | + | |
- | permission = access.Primo | + | |
- | PermissionBehavior.ini: | + | config.ini and permissions.ini should be the same as the previous example. |
- | [access.Primo] | + | |
- | permissionDeniedAction = " | + | |
- | * You are using the PrimoCentral index and are offering it with a seperate register (SearchTab). Any user should be allowed to see the register tab, but if the tab is clicked, system should throw an exception. | + | permissionBehavior.ini: |
+ | [access.PrimoModule] | ||
+ | deniedControllerBehavior = " | ||
- | Permissions.ini: | + | === Throw exception outside of IP range === |
- | [default.primo] | + | |
- | require | + | // You are using the PrimoCentral index and are offering it with a separate search tab. Any user should be allowed to see the tab, but if the tab is clicked, the system should throw an exception when permission |
- | ipRange | + | |
- | role[] | + | |
- | permission | + | |
- | PermissionBehavior.ini: | + | config.ini and permissions.ini should be the same as the previous example. |
- | [access.Primo] | + | |
- | | + | permissionBehavior.ini: |
+ | [access.PrimoModule] | ||
+ | | ||
---- struct data ---- | ---- struct data ---- | ||
---- | ---- | ||
configuration/permission_options.txt · Last modified: 2023/11/09 19:10 by demiankatz