Ticket #3253 (closed defect: fixed)

Opened 7 years ago

Last modified 4 years ago

security.pl should check for does_user_own_eprint hook and call it

Reported by: tmb Owned by:
Priority: Intend to Milestone: 3.2.4
Component: - Version:
Severity: normal Keywords:
Cc:

Description

security.pl only checks user.userid == eprint.userid

Should also check does_user_own_eprint hook exists and call it if it does (someone other than the depositor might "own" the eprint).

Change History

Changed 7 years ago by tmb

# ...as can the user who deposited it... if( $user->get_value( "userid" ) == $eprint->get_value( "userid" ) ) {

return "ALLOW";

}

# NEW CHECK my $fn = $doc->get_session->get_repository->get_conf( "does_user_own_eprint" ); if( defined $fn ) {

return "ALLOW" if &$fn( $doc->get_session, $user, $eprint );

}

Changed 4 years ago by sf03r@…

  • status changed from new to closed
  • resolution set to fixed

resolved in r5759

Note: See TracTickets for help on using tickets.