[pmwiki-users] Hiding pages and groups for not loged in visitors
Bart
pmwiki-users at mediamatrix.nl
Wed Oct 25 07:35:14 CDT 2006
Hi,
Thanks for your extended reply.
On Tue, Oct 24, 2006 at 11:40:25AM -0400, Crisses wrote:
|
| On Oct 24, 2006, at 10:15 AM, Bart wrote:
|
| >
| >Hi,
| >
| >
| >I am using Pmwiki as a kind off CMS and I like to do some hiding
| >for not
| >logged in visitors. I use authuser.php to control how can edit the
| >site.
| >
| >Things I like to accomplish preferable by customizing the local
| >config.php
|
| The only password protection that should be done from config.php is
| site-wide customizations -- such as "no one can edit any page unless
| they're logged in" -- then you would use config.php.
|
| There's good reason for this -- since people can use directives like
| (:include PageName:) in another page, the only way to have proper
| security on the site is to consistently customize groups and pages
| within the wiki itself -- then it saves the authentications needed
| with the actual page data.
Yes and I am using this for myself as a admin and the few people how edit
and correct my pages. So I use Pmwiki as a CMS managing a static looking
site and not as a wiki.
The focus of my current approach is: shielding things of for not logged in
visitors. The people how can log in is small and trusted group. So the
include issue you mentioned is not a security hole in my situation, and to be
frankly it can come in quite handy to just include block(s) of text on
different places on the site, and having the original page with the block(s)
of text not available for general visitors, only for the small trusted group
of editors, admins.
| >I want to perform the next:
| >
| >Hide a given list of groups and pages from displaying (e.g. pmwiki) on
| >typing the url (or defining the groups and pages that do show up)
| >
| >Hide a given list of groups and pages from showing up in the search
| >result
| >(or defining the groups and pages that do show up)
|
| These are a bit more advanced, but properly read-protected pages
| should not show up in pagelists and search results.
Pm once mentioned a method to hide the whole group "pmwiki" so when you
append PmWiki/DocumentationIndex to your URL a page not found shows up. Iirc
this was done with adding some lines of config to config.php
Actually this the behavior I am looking for. I can do in config.php
something like:
if (!authid) {
don't display group his and that
};
| >Only show groups pages from a give list in on the: "all recent
| >changes"
|
| That's a question I can't personally answer.
|
| >When a page has a read password set I want to control if a login
| >page is
| >presented (normal behavior) or that the page not found page is
| >presented.
|
| If you wanted this for a whole group, I would add:
|
| GroupName/GroupHeader:
|
| (:if !authid:)
| (:include LoginFormPage:)
| (:ifend:)
| (:if authid:)
| >E.g by defining a list of pages that do or do not give the login page.
| >Or if this is a real problem I like to be able turn of the whole login
| >capability for read only pages. In this way they are only
| >accessible for
| >user that have logged in in the first place.
|
| I'm not sure what you mean here.... If I'm not barking up the wrong
| tree, and you can explain this better, I'll try to answer it.
Normal behavior of Pmwiki is to present a login page if a page is password
protected for reading. I like to turn this behavior off for not logged
in visitors and instead display a "page not found", so I don't give away
password protected pages are present. Preferable doing this in a config file
e.g. for a group in the config file for that group. E.g. for group
Privatenotes Privatenotes.php
| Hope this is helpful....
|
| Crisses
Thanks for helping Crisses, hope my goals are a bit more clear now.
Unfortunately my English is not as good as I wished.
Bart
More information about the pmwiki-users
mailing list