- Issue created by @bkosborne
Bibcite link plugins are used when displaying a list of links on a Bibcite reference for doing things like viewing a Google Scholar version of the reference or for downloading the reference in BibTeX or EndNote formats. There's no support for these plugins to run access checks, meaning when we ask the plugin manager for a list of links, it just generates them all, even if the user doesn't have access to the link created by them.
For example, the Bibcite Export sub-module provides links for several of the export formats. Accessing the links requires a permission "access bibcite export". Now if anonymous users are not given this permission, they will still see the link even though they get access denied when following it.
While we could just inject the current user service to the FormatExportLink
link plugin deriver in bibcite_export and have the buildUrl
return NULL if the user doesn't have the "access bibcite export" permission, I think this won't work well with caching. So I think in addition to this, we need link plugins to support cache metadata so we can declare a cache context requirement on user permissions.
Needs work
3.0
Code