About Features Downloads Getting Started Documentation Events Support GitHub

Love VuFind®? Consider becoming a financial supporter. Your support helps build a better VuFind®!

VuFind Documentation

Site Tools

You are here: start » configuration » permission_options
Trace:
Warning: This page has not been updated in over over a year and may be outdated or deprecated.
configuration:permission_options

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Last revisionBoth sides next revision
configuration:permission_options [2017/08/30 14:53] demiankatzconfiguration:permission_options [2020/09/22 14:18] demiankatz
Line 1: Line 1:
 ====== Permission Configuration ====== ====== Permission Configuration ======
  
-VuFind 2.4 introduced a configurable permission system, allowing access to certain features of the system to be restricted based on a variety of options such as username, login status, IP address, etc. All of the available rules and permissions are documented in [[https://github.com/vufind-org/vufind/blob/master/config/vufind/permissions.ini|permissions.ini]].+VuFind 2.4 introduced a configurable permission system, allowing access to certain features of the system to be restricted based on a variety of options such as username, login status, IP address, etc. All of the available rules and permissions are documented in [[https://github.com/vufind-org/vufind/blob/dev/config/vufind/permissions.ini|permissions.ini]].
  
-VuFind 4.1 added another layer of configuration to the system: the ability to configure exactly what VuFind will do when a particular permission is denied. Permissions may be checked in either controllers or templates, and different options are available for denied permissions in each of these places. A controller may throw an exception or display a custom "access denied" message; a template may suppress portions of its output, or display alternate content in the form of a text message or custom sub-template. These newer features are controlled by, and documented within, [[https://github.com/vufind-org/vufind/blob/master/config/vufind/permissionBehavior.ini|permissionBehavior.ini]].+VuFind 4.1 added another layer of configuration to the system: the ability to configure exactly what VuFind will do when a particular permission is denied. Permissions may be checked in either controllers or templates, and different options are available for denied permissions in each of these places. A controller may throw an exception or display a custom "access denied" message; a template may suppress portions of its output, or display alternate content in the form of a text message or custom sub-template. These newer features are controlled by, and documented within, [[https://github.com/vufind-org/vufind/blob/dev/config/vufind/permissionBehavior.ini|permissionBehavior.ini]].
  
 +VuFind 6.1 adds a significant new option to permissionBehavior.ini: the controllerAccess setting, which allows you to control access permissions at the controller level (or even globally, if you wish) without changing any code.
 ===== Structure of permissionBehavior.ini ===== ===== Structure of permissionBehavior.ini =====
  
Line 129: Line 130:
 === Suppress tab outside of IP range === === Suppress tab outside of IP range ===
  
-// You are using the PrimoCentral index and are offering it with a separate search tab. The user should be allowed to see the tab only if he is in a certain IP range. Otherwise the search tab should not get displayed. //+// You are using the PrimoCentral index and are offering it with a separate search tab. The user should be allowed to see the tab only if logged in or within a certain IP range. Otherwise the search tab should not get displayed. //
  
 config.ini: config.ini:
Line 152: Line 153:
 === Show note outside of IP range === === Show note outside of IP range ===
  
-// You are using the PrimoCentral index and are offering it with a separate search tab. Any user should be allowed to see the tab, but if the tab is clicked, the user should see a note telling him that he needs to be in a certain IP range to use this tab. //+// You are using the PrimoCentral index and are offering it with a separate search tab. Any user should be allowed to see the tab, but if the tab is clicked, the user should see a note telling him that he needs to be logged in or within a certain IP range to use this tab. //
  
 config.ini and permissions.ini should be the same as the previous example. config.ini and permissions.ini should be the same as the previous example.
Line 158: Line 159:
 permissionBehavior.ini: permissionBehavior.ini:
   [access.PrimoModule]    [access.PrimoModule] 
-  deniedControllerBehavior = "showMessage:You must be on campus!" +  deniedControllerBehavior = "showMessage:You must be on campus or logged in!" 
  
 === Throw exception outside of IP range === === Throw exception outside of IP range ===
  
-// You are using the PrimoCentral index and are offering it with a separate search tab. Any user should be allowed to see the tab, but if the tab is clicked, the system should throw an exception. //+// You are using the PrimoCentral index and are offering it with a separate search tab. Any user should be allowed to see the tab, but if the tab is clicked, the system should throw an exception when permission is denied. //
  
 config.ini and permissions.ini should be the same as the previous example. config.ini and permissions.ini should be the same as the previous example.
Line 168: Line 169:
 permissionBehavior.ini: permissionBehavior.ini:
   [access.PrimoModule]    [access.PrimoModule] 
-  deniedControllerBehavior = "exception:Forbidden:You are not allowed to do this!" +  deniedControllerBehavior = "exception:VuFind\Exception\Forbidden:You are not allowed to do this!" 
 ---- struct data ---- ---- struct data ----
 ---- ----
  
configuration/permission_options.txt · Last modified: 2023/11/09 19:10 by demiankatz