Hi (tried sending this previously, but the mailing list seemed non-responsive – apologies if you get it more than once!),

I’m trying to allow access to thumbnails of non-public documents.

I’ve already added a thumbnail_security option (all_public, small_public and none_public) to the documents, and the generated thumbnails now inherit a security based on this value.

By default, when a request for a thumbnail is submitted e.g. http://repo.ac.uk/123/1.hassmallThumbnailVersion/filename.png, the HTTP response is based on the security of the parent document, not the thumbnail document.

When the request is processed (in ~/archives/ARCHIVEID/cfg/cfg.d/security.pl), the $doc is the parent document.

$c->{can_request_view_document} = sub

{

        my( $doc, $r ) = @_;

…

}

The $r passed to can_request_view_document does contain the correct document in $r->pnotes->{dataobj}, but is there an elegant way of determining that the request is for a related-document?

This seems to work OK:

my $tn_doc =  $r->pnotes->{dataobj};

if( defined $tn_doc && $tn_doc->get_value( "security" ) eq "public" && $status eq "archive" )

{

    return( “ALLOW” );

}

but it feels a little ‘hacky’. Is there a better way to achieve this?

Cheers,

John