#1057: Hiding restricted collections to not authorized users
------------------------+-------------------------------------------------
Reporter: skaplun | Owner:
Type: enhancement | Status: new
Priority: minor | Component: WebSearch
Version: | Keywords: authorization restricted collection
------------------------+-------------------------------------------------
Today, if a restricted collection is attached to the current tree of
collection, an unauthorized user can still check its existence (e.g. by
looking at splash pages generated off-line by webcoll or by scrolling the
list of collections available in advanced search).
An admin might want to instead choose to fully hide restricted collections
to unauthorized users by trading for performance.
A new flag could be introduced in ''invenio.conf'', such as
{{{CFG_WEBSEARCH_HIDE_RESTRICTED_COLLECTIONS}}} with these values:
0. Restricted collections are ''not hidden''
1. Restricted collections are ''hidden to guest users and to authenticated
user who are not authorized to access them'' (this can be implemented by
having webcoll generating splash pages assuming always guest users and
thus hiding all restricted collections)
2. Restricted collections are ''hidden to unauthorized users but visible
to authorized one, even when not authenticated'' (useful in case
authorization based on IP-address exists). This would basically mean that
webcoll is no longer generating pre-computed splash-pages, but these are
computed on the fly for every user (possibly cached per session).
The three values are progressively heavier in terms of computation.
--
Ticket URL: <http://invenio-software.org/ticket/1057>
Invenio <http://invenio-software.org>
