I would like to limit access to an original document based on Access Rights field content : idea is to only give access to the thumbnail rather than original in public show.php. (original document would still be accessible to authorized users)
I think I can add a condition in my theme items/show.php (though I’m not sure of the best way to do so…) to get the thumbnail instead of original file, but I want to be sure that the original file cannot be accessed with its URL.
If I change the rights on the file when uploading it, wouldn’t I also restrict access for logged users ?
Do you have any idea about the proper way to do so ? Did someone already experienced this situation ?
You’ll need to loop through the files manually on items/show.php
$f = loop('files', $item->Files);
foreach ($f as $file){
if( $hasAccess ) {
$url = $file->getWebPath('original'); // for those with full access
}else{
$url = $file->getWebPath('thumbnail'); // for those with limited access
}
}
You’ll need to define $hasAccess
based on whatever criteria you’re using, but that should work. It will show the appropriate file based on those criteria, and the thumbnail will have a generated filename so it probably won’t be possible for an end user to manipulate the URL to get the original filename.
You could do something like this to get a user’s access level and test whether the item is restricted…
$userHasAccess = ( is_allowed( $item, 'view' ) ? true : false; // e.g. a Researcher user
$isRestricted = ( metadata( $item,array('Item Type Metadata', 'Access Rights') ) == 'restricted' ) ? true : false; // assuming this is an item-level custom field where the value "restricted" is the key word
$hasAccess = ( !isRestricted || ($isRestricted && $userHasAccess) );
Thanks for your feeback. FYI, I did something like that in my items/show.php :
$accessRights = metadata('item', array('Dublin Core', 'Access Rights'));
if ($accessRights == 'Restricted') {
$size = 'thumbnail';
$linkToFile = false;
}
else {
$size = 'fullsize';
$linkToFile = 'fullsize';
}
echo files_for_item(array('imageSize' => $size, 'linkToFile' => $linkToFile));
Your solution has the advantage of taking user’s access level into account, but you don’t seem to be using files_for_item()
function at all ?
Yet, my main issue is that I did not find a proper way to prevent accessing the files in original
directory directly by their URLs, like : http://my-omeka-website.local/files/original/dezdgetzgdzetdgz.jpg. Indeed, it is quite easy to get to this URL when we get the filename hash.
For instance, I didn’t find anything but adding a rule in the .htaccess
, redirecting every query in files/original
directory to a custom plugin that checks for restriction… I don’t feel really satisfied with that.