Private File and Group access control with Image IIIF server

[kylehuynh205]

Condition:

• Private file system is enabled
• Group modules is enabled to handle access control

Issue:

OpenSeadragon Viewer is unable to load the image

Diagnose

Private file system and Group module blocks access if the object is private (public, works as normal)

How OpenSeadragon Viewer works ?

• Openseadragon Viewer === send request (with image URI) ===> Cantaloupe (iiif server) === send the request to Source (in our case is Drupal itself) ====> return iif json file
• If this loop returns 200, the OSD viewer will load the image, but if the object is private, it's return 403

Potential Solution:

Intercept and override header the returned request from Cantaloupe to Drupal with the following module: https://github.com/digitalutsc/private_files_adapter
==> fooling Drupal think that it's not Basic Authentication request (otherwise will be blocked when it's reach at route /system/file/{file uri}

What's next ?

• Need to test the potential solution with Book Viewer (Mirador) interface.
• Adding more access control based on roles of currently login user (May not need)

[kylehuynh205]

Book Viewer Issues:

Diagnose

Similar to the issue in OpenSeadragon, to fix it, need to pass down the JWT token in all the requests exchanged between Drupal and Cantaloupe:

Found

ProjectMirador/mirador#3081
ProjectMirador/mirador#3082
==> Solved the 403 for only the first page loading, but the thumbnails requests of other page are still missing the access control(solved by add cookie in the requests from Cantaloupe to Drupal in delegate script https://github.com/digitalutsc/private_files_adapter/blob/main/scripts/delegates.rb#L233).

Mirador configuration:
https://github.com/ProjectMirador/mirador/blob/4a54e525caccef457ed1ff789f6307168b3b8b5a/src/config/settings.js

[kstapelfeldt]

Either we integrate or we develop documentation to help implement it.