plug-in web pages, script files, images and other resources can be hosted inside Elvis or on an external server. The Elvis server acts as a web server for the resources hosted in the <config>/plugins folder.
Elvis supports folder based security configuration through webaccess.config.xml files placed inside your plug-in folders. This article describes how to configure and use these webaccess files.
Webaccess file format
Placed in: any subfolder of the active plug-ins folder
<webaccess public="true or false"> <requiredRoles> <role>...</role> <role>...</role> </requiredRoles> </webaccess>
The webaccess file format supports two main functions:
- public="true", opens up the contents of a folder for everyone, useful if you do not have any restrictions in accessing a web page.
- requiredRoles, opens up the contents of a folder if the currently logged in user has the specified capabilities assigned, these can also be custom capabilities. Using requiredRoles is useful for web pages that are not public, like pages used by an action plug-in.
These are basic rules you have to bear in mind when applying webaccess files:
- The <config>/plugins/active folder and the <config>/plugins/plugin_base folder are the only folders hosted by the server.
- Access is denied when a folder and it's parent folders do not contain a webaccess file.
- Security is applied hierarchically to the folder the webaccess file is in, including it's sub folders, webaccess files in subfolders are in this case ignored.
Security changes are not directly applied when you add or modify a webaccess file. The webaccess files are loaded and re-loaded when plug-ins are loaded and re-loaded. Which means they are loaded at server startup, and they can be manually reloaded in System > Manage plug-ins.
The plug-in admin also shows an overview of the currently loaded webaccess settings.
Webaccess file examples.
Typical configuration for an action plug-in
<webaccess> <requiredRoles> <role>ROLE_AIR_CLIENT</role> </requiredRoles> </webaccess>
<webaccess> <requiredRoles> <role>ROLE_CUSTOM_MY_ACTION</role> </requiredRoles> </webaccess>
<webaccess> <requiredRoles> <role>ROLE_DOWNLOAD</role> <role>ROLE_CUSTOM_MY_WEB_INTERFACE</role> </requiredRoles> </webaccess>