<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>Hi Mark,</p>
<p>reading your use case made me think of some open bugs we have,
the first being maybe a similar use case to yours:<br>
</p>
<p><a
href="https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16694"><b>BugĀ 16694</b></a>
<span id="summary_container"> - <span
id="short_desc_nonedit_display">Limit SIP2 auth by patron
attribute</span>
</span></p>
<p><a
href="https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=10077"><b>BugĀ 10077</b></a>
<span id="summary_container"> - <span
id="short_desc_nonedit_display">Pass extended patron
attributes via Borrower SIP protocol</span></span></p>
<p><span id="summary_container"><span
id="short_desc_nonedit_display">Hope this helps,</span></span></p>
<p><span id="summary_container"><span
id="short_desc_nonedit_display">Katrin<br>
</span></span></p>
<br>
<div class="moz-cite-prefix">On 12.10.2018 19:46, Mark Alexander
wrote:<br>
</div>
<blockquote type="cite" cite="mid:1539365380-sup-1998@x201s">
<pre wrap="">Our little library is preparing to use the Kanopy video streaming
service. Kanopy can use SIP2 to query our Koha server for the purpose
of user authentication. That's great; I can enable SIP2 pretty
easily.
The problem is that our librarian wants to put limits on which patrons
can use Kanopy. The idea is that we don't want to allow more than
one person per household to be able stream videos; otherwise mom, pop,
and all the kids could go crazy one weekend on a Buffy The Vampire Slayer
binge, for example.
But Kanopy and Koha don't have a way to impose this kind of limit.
So I came up with the following idea, which does seem to work in
my test VM:
1. Add a new patron attribute called "KANOPY_OK", which has a yes/no value.
Set it to yes for those patrons that will be allowed access to Kanopy.
2. Hack the SIP server code for "handle patron status" to check the incoming client's
IP address against a Kanopy-provided list of IP addresses. If there is a match,
authenticate the patron only if their "KANOPY_OK" atribute is "yes" (actually "1").
But I hate the fact that I had to hack Koha to do this (see part of
the hack below). Am I'm going at this the wrong way? Would it make
more sense to enhance the plugin architecture to add a SIP2 patron
filter function like the one below? Is this just too ugly to ever
be considered seriously?
Thanks in advance,
Mark
P.S. Here's the main part of the hack, which is a function that is called
from handle_patron_status and handle_patron_info.
my @kanopy_ips = (
"208.66.24.46",
"104.239.197.182",
"18.209.148.51",
"34.232.89.121",
"34.234.81.211",
"34.235.227.70",
"34.235.53.173",
"52.203.108.44"
);
sub sip2_check_patron {
my ( $patron, $server ) = @_;
if ( $patron ) {
my $ipaddr = $server->{server}->{client}->peerhost;
foreach my $kanopy ( @kanopy_ips ) {
if ( $ipaddr =~ /^(::ffff:)?\Q$kanopy\E$/ ) {
my $borrowernumber = $patron->{borrowernumber};
my $value = C4::Members::Attributes::GetBorrowerAttributeValue( $borrowernumber, 'KANOPY_OK' $
return $value eq "1";
}
}
}
return 1;
}
_______________________________________________
Koha-devel mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Koha-devel@lists.koha-community.org">Koha-devel@lists.koha-community.org</a>
<a class="moz-txt-link-freetext" href="http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel">http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel</a>
website : <a class="moz-txt-link-freetext" href="http://www.koha-community.org/">http://www.koha-community.org/</a>
git : <a class="moz-txt-link-freetext" href="http://git.koha-community.org/">http://git.koha-community.org/</a>
bugs : <a class="moz-txt-link-freetext" href="http://bugs.koha-community.org/">http://bugs.koha-community.org/</a>
</pre>
</blockquote>
<br>
</body>
</html>