Warning: This page has not been updated in over over a year and may be outdated or deprecated.
configuration:permission_options
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionLast revisionBoth sides next revision | ||
configuration:permission_options [2017/08/30 14:41] – [Other useful configuration setings] demiankatz | configuration:permission_options [2020/09/22 14:18] – demiankatz | ||
---|---|---|---|
Line 1: | Line 1: | ||
====== Permission Configuration ====== | ====== Permission Configuration ====== | ||
- | VuFind 2.4 introduced a configurable permission system, allowing access to certain features of the system to be restricted based on a variety of options such as username, login status, IP address, etc. All of the available rules and permissions are documented in [[https:// | + | VuFind 2.4 introduced a configurable permission system, allowing access to certain features of the system to be restricted based on a variety of options such as username, login status, IP address, etc. All of the available rules and permissions are documented in [[https:// |
- | VuFind 4.1 added another layer of configuration to the system: the ability to configure exactly what VuFind will do when a particular permission is denied. Permissions may be checked in either controllers or templates, and different options are available for denied permissions in each of these places. A controller may throw an exception or display a custom " | + | VuFind 4.1 added another layer of configuration to the system: the ability to configure exactly what VuFind will do when a particular permission is denied. Permissions may be checked in either controllers or templates, and different options are available for denied permissions in each of these places. A controller may throw an exception or display a custom " |
+ | VuFind 6.1 adds a significant new option to permissionBehavior.ini: | ||
===== Structure of permissionBehavior.ini ===== | ===== Structure of permissionBehavior.ini ===== | ||
Line 17: | Line 18: | ||
See also the following examples, which should illustrate some use cases with permissionBehavior. | See also the following examples, which should illustrate some use cases with permissionBehavior. | ||
- | ===== Other useful configuration | + | ===== Other useful configuration |
==== Search Tabs Permissions ==== | ==== Search Tabs Permissions ==== | ||
Line 68: | Line 69: | ||
// If a user accesses a restricted page, show a login page as default (unless a deniedControllerBehavior directive overrides that). // | // If a user accesses a restricted page, show a login page as default (unless a deniedControllerBehavior directive overrides that). // | ||
- | PermissionBehavior.ini: | + | permissionBehavior.ini: |
[global] | [global] | ||
defaultDeniedControllerBehavior = " | defaultDeniedControllerBehavior = " | ||
Line 76: | Line 77: | ||
// If a user accesses a restricted page, show a note as default (unless a deniedControllerBehavior directive overrides that). // | // If a user accesses a restricted page, show a note as default (unless a deniedControllerBehavior directive overrides that). // | ||
- | PermissionBehavior.ini: | + | permissionBehavior.ini: |
[global] | [global] | ||
defaultDeniedControllerBehavior = " | defaultDeniedControllerBehavior = " | ||
Line 86: | Line 87: | ||
// Only users from certain IPs are allowed to use the AdminModule. If an unauthorized user enters the Admin module, show a note. // | // Only users from certain IPs are allowed to use the AdminModule. If an unauthorized user enters the Admin module, show a note. // | ||
- | Permissions.ini: | + | permissions.ini: |
[default.AdminModule] | [default.AdminModule] | ||
ipRange = " | ipRange = " | ||
Line 101: | Line 102: | ||
// The button to save a record as a favorite record should be only displayed after a user has logged in. // | // The button to save a record as a favorite record should be only displayed after a user has logged in. // | ||
- | Permissions.ini: | + | permissions.ini: |
[default.Favorites] | [default.Favorites] | ||
role[] = loggedin | role[] = loggedin | ||
permission = feature.Favorites | permission = feature.Favorites | ||
- | PermissionBehavior.ini: | + | permissionBehavior.ini: |
[feature.Favorites] | [feature.Favorites] | ||
deniedTemplateBehavior = " | deniedTemplateBehavior = " | ||
Line 116: | Line 117: | ||
(This is the default behavior in VuFind now). | (This is the default behavior in VuFind now). | ||
- | Permissions.ini: | + | permissions.ini: |
[default.Favorites] | [default.Favorites] | ||
role[] = loggedin | role[] = loggedin | ||
permission = feature.Favorites | permission = feature.Favorites | ||
- | PermissionBehavior.ini: | + | permissionBehavior.ini: |
[feature.Favorites] | [feature.Favorites] | ||
deniedControllerBehavior = " | deniedControllerBehavior = " | ||
Line 127: | Line 128: | ||
==== Primo Central ==== | ==== Primo Central ==== | ||
- | * You are using the PrimoCentral index and are offering it with a seperate register (SearchTab). The user should be allowed to see the register | + | === Suppress tab outside of IP range === |
+ | |||
+ | // You are using the PrimoCentral index and are offering it with a separate search tab. The user should be allowed to see the tab only if logged | ||
+ | |||
+ | config.ini: | ||
+ | [SearchTabs] | ||
+ | Solr = Main | ||
+ | Primo = Extra | ||
+ | |||
+ | [SearchTabsPermissions] | ||
+ | Primo = access.PrimoModule | ||
- | Permissions.ini: | + | permissions.ini: |
[default.primo] | [default.primo] | ||
require = ANY | require = ANY | ||
ipRange = " | ipRange = " | ||
role[] = loggedin | role[] = loggedin | ||
- | permission = access.Primo | + | permission = access.PrimoModule |
- | PermissionBehavior.ini: | + | permissionBehavior.ini: |
- | [access.Primo] | + | [access.PrimoModule] |
- | | + | |
- | * You are using the PrimoCentral index and are offering it with a seperate register (SearchTab). Any user should be allowed to see the register tab, but if the tab is clicked, the user should see a note telling him that he needs to be in a certain | + | === Show note outside of IP range === |
- | Permissions.ini: | + | // You are using the PrimoCentral index and are offering it with a separate search tab. Any user should be allowed to see the tab, but if the tab is clicked, the user should see a note telling him that he needs to be logged in or within a certain IP range to use this tab. // |
- | [default.primo] | + | |
- | require = ANY | + | |
- | ipRange = " | + | |
- | role[] = loggedin | + | |
- | permission = access.Primo | + | |
- | PermissionBehavior.ini: | + | config.ini and permissions.ini should be the same as the previous example. |
- | [access.Primo] | + | |
- | permissionDeniedAction = " | + | |
- | * You are using the PrimoCentral index and are offering it with a seperate register (SearchTab). Any user should be allowed to see the register tab, but if the tab is clicked, system should throw an exception. | + | permissionBehavior.ini: |
+ | [access.PrimoModule] | ||
+ | deniedControllerBehavior = " | ||
- | Permissions.ini: | + | === Throw exception outside of IP range === |
- | [default.primo] | + | |
- | require | + | |
- | ipRange | + | |
- | role[] | + | |
- | permission | + | |
- | PermissionBehavior.ini: | + | // You are using the PrimoCentral index and are offering it with a separate search tab. Any user should be allowed to see the tab, but if the tab is clicked, the system should throw an exception when permission is denied. // |
- | [access.Primo] | + | |
- | | + | config.ini and permissions.ini should be the same as the previous example. |
+ | |||
+ | permissionBehavior.ini: | ||
+ | [access.PrimoModule] | ||
+ | | ||
---- struct data ---- | ---- struct data ---- | ||
---- | ---- | ||
configuration/permission_options.txt · Last modified: 2023/11/09 19:10 by demiankatz