Problem: Digital object authorization code is too complicated
|Target version:||Release 2.7.0|
|Google Code Legacy ID:||Tested version:|
Over time the rules for checking a user's authorization to access digital objects has become increasingly complex. In addition to the original QubitAcl access rules for digital objects, the following rules and exceptions have been subsequently added:
- An exception to the ACL "readMaster" rule to always allow viewing or downloading PDF documents
- PREMIS access rules for public (unauthenticated) users, to limit access to digital object representations based on PREMIS rights and actions associated with an archival description.
- An optional conditional copyright notice that is displayed and must be accepted by a public user before they view or download a digital object
- Authority record digital objects, with their own simplified access rules
To check each of these additional rules additional authorization checks have been added to every place in the code where authorization is required. This has lead to inconsistent application of the access rules (some rules are checked, but other are not), hard-to read code, and requires extra effort to add and maintain authorization checks.
A digital object authorization check in the clipboard export code (https://github.com/artefactual/atom/blob/qa/2.x/lib/job/arExportJob.class.php#L324-L339)
if ( $digitalObject->masterAccessibleViaUrl() && ( QubitTerm::TEXT_ID == $digitalObject->mediaTypeId || ( 'actor' == $this->params['objectType'] && $this->user->isAuthenticated() && QubitAcl::check($resource, 'read') ) || ( 'informationObject' == $this->params['objectType'] && QubitAcl::check($resource, 'readMaster') && QubitGrantedRight::checkPremis($resource->id, 'readMaster') && !$digitalObject->hasConditionalCopyright() ) ) )
It should be possible to check all of the digital object authorization rules, for archival descriptions and authority records, with a single authorization function.
#3 Updated by David Juhasz 6 months ago
- Status changed from Code Review to QA/Review
Merged fix to qa/2.x - https://github.com/artefactual/atom/commit/6ccbdedef733e6e9a906bbd83311fb74d519a46e