[feature request] disable books download
Closed this issue · 9 comments
I'd like to publish my library states, such as books I have and which ones are read, but not allow download the files as for instance they might be Kickstarter reward PDFs, purchased .epub etc
I can not see a (theme) option to remove the download link or (better) a check in for instance fetch.php that would check this.
Workaround is to add to Apache config something like but this leads to a page with the header and no content rather than disabling the link and just printing the file type label.
RewriteCond %{REQUEST_URI} /download/
RewriteRule . 500
Have you tried removing all the formats by overriding the default of $config['cops_prefered_format']
in local.php
:
/*
* Prefered format for HTML catalog
* The two first will be displayed in book entries
* The other only appear in book detail
*/
$config['cops_prefered_format'] = ['EPUB', 'PDF', 'AZW3', 'AZW', 'MOBI', 'CBR', 'CBZ'];
Alternatively, prevent certain formats with $config['cops_ignored_formats']
:
/*
* Specify the ignored formats that will never display in COPS
*/
$config['cops_ignored_formats'] = [];
Good idea, but that hides the format icon, rather than removing the ability to click it. So you can't tell a book is PDF vs EPUB or whatever.
In addition URLs like
..../download/9827374824/Apocalypse%20-%20Bob%20Smith.epub
still work, and these URLs are trivial to guess.
You could develop a template that doesn't include the download links at all in main.php and bookdetail.php, set that template as default and then remove the other templates. That wouldn't prevent download for people that can figure out the link, but along with your Apache config hack it could work.
You could potentially also make a copy of your Calibre Library that doesn't include the book files - e.g. omit the epub, mobi, pdf etc.
Your could use rsync
(or robocopy
in Windows to copy just the library files needed by excluding some filename patterns.
rsync -av --exclude={'*.epub','*.mobi','*.pdf'} ~/Calibre\ Library/* rsync://{server_address}:8873/books
Hi @tomchiverton - is this a feature you'd like for everyone, or would you prefer to be able to download/view files for authenticated or internal users only?
As you and @dunxd mentioned, you can block access to URLs and/or files on the server side, and show/hide formats on the browser side, but that doesn't cover everything.
Before I add another $config['cops_download_files'] option (and the code behind it) I'd like to understand what else do you see needed in this use case?
In line with @dunxd answer, $config['cops_ignored_formats']
is now used to filter out books for these formats too.
This should stop any access based on dataId
in COPS, since it simply won't get it from the database anymore...
For example:
// stop access to epub and pdf, but allow access to others...
$config['cops_ignored_formats'] = ['EPUB', 'PDF'];
That might be enough for your use case (or not) - please let us know...
Hi.
A simple "for everyone" switch to disable would be enough for me. My use case is a public listing.
Ideally, a way to enable/disable based on logged in (or not) username / group would be even better I suppose.
Thanks @tomchiverton
To disable access for everyone, with the changes above you can add the formats in $config['cops_ignored_formats']
This will be included in the next release...
If you want to enable/disable for authenticated users, that requires adding a bit of logic, since authentication actually happens after config/local.php
is loaded. For basic authentication, something like this would work:
if (empty($_SERVER['PHP_AUTH_USER'])) {
// stop access to epub and pdf, but allow access to others...
$config['cops_ignored_formats'] = ['EPUB', 'PDF'];
} else {
// allow all formats...
$config['cops_ignored_formats'] = [];
}
For other options like proxy authentication see $config['cops_http_auth_user']
That allows you to have specific config/local.<username>.php
options per user if you want to.
There is no provision for configuration per user group, as that notion doesn't exist in COPS at the moment, but if you have a specific use case - happy to discuss and see what we can do :-)
Included in release 3.3.1