Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix/file access #42

Merged
merged 5 commits into from
Aug 11, 2022
Merged

Fix/file access #42

merged 5 commits into from
Aug 11, 2022

Conversation

adam-vessey
Copy link
Contributor

@adam-vessey adam-vessey commented Jul 14, 2022
edited
Loading

GitHub Issue: Islandora/documentation#2134

  • Other Relevant Links (Google Groups discussion, related pull requests,
    Release pull requests, etc.)

What does this Pull Request do?

Check for file access before adding items to be rendered to which the user may not have access, preventing the display of broken elements.

What's new?

File access checks with more cache maintenance (#41 makes it even better; otherwise, caching should pretty much be disabled for these elements due to adding something which doesn't implement the interface as a "cacheable dependency"... but this is better in terms of cache maintenance) performed such that items are better invalidated.

  • Does this change require documentation to be updated? Unknown... probably not?
  • Does this change add any new dependencies? No.
  • Does this change require any other modifications to be made to the repository
    (i.e. Regeneration activity, etc.)? No.
  • Could this change impact execution of existing code? Should not.

How should this be tested?

Use some mechanism (e.g., embargoes to apply file access controls, and ensure that single page viewers should follow suit (multi-page handled in Islandora/islandora#884).

For testing, adding a small hook_file_access() blurb to your code somewhere is probably easiest, such as:

function islandora_file_access($entity, $op) {
  if ($op == 'view') {
    if (in_array($entity->id(), [
      # These are file IDs to test being restricted: change as necessary to target the files
      # being shown in your environment. May also have to clear cache when changed?
      1,
      2,
      3,
    ])) {
      return AccessResult::forbidden('No touchy.')->addCacheableDependency($entity);
    }
  }
  return AccessResult::neutral()->addCacheableDependency($entity);
}

Additional Notes:

Any additional information that you think would be helpful when reviewing this
PR.

Interested parties

Tag (@ mention) interested parties or, if unsure, @Islandora/8-x-committers

This was referenced Jul 14, 2022
Merged
Closed
@adam-vessey adam-vessey marked this pull request as ready for review July 18, 2022 19:15
@jordandukart
Copy link
Member

Looks sound to me.

@rosiel
Copy link
Member

rosiel commented Jul 20, 2022

Do you have time to merge in or rebase upstream, for the new testing matrix?

@adam-vessey
Copy link
Contributor Author

adam-vessey commented Jul 20, 2022
edited
Loading

@rosiel : Yeah, can do so shortly. In another meeting at the moment.: Rolling now.

@alxp
Copy link
Contributor

alxp commented Aug 11, 2022

Before checking out PR branch:

Verified that I am able to see an image in OpenSeaDragon when it has been denied looking at the file directly.

Screen Shot 2022-08-11 at 12 26 22 AM

After checking out PR branch:

The file is displayed in Mirador.

Screen Shot 2022-08-11 at 12 26 03 AM

So this PR does what it says, but there's more work to do in another module. Lol.

👍

@alxp alxp merged commit cd8f6df into Islandora:2.x Aug 11, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@alxp alxp alxp approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@adam-vessey @jordandukart @rosiel @alxp