Open gregory-moka opened 5 years ago
Thank you for bringing this to my attention, I have released a new version that will return a 404 not found if the guest/user is not in the privilege group when they try to access the help page by direct url
Ok, in my version, I have used the role setting to display custom message : So, if you link the page to your ticket, partner still have a page, without error :)
<t t-if="request.env.user.partner_id.name == 'Public user'">
<p style="text-align: center;">To access to this page, please <a href="/web/login">login</a></p>
</t>
<t t-if="request.env.user.partner_id.name != 'Public user'">
<h1 class="text-center" t-field="help_page.name"/>
<div id="wrap" class="oe_structure help_page oe_empty pt32 pb32" t-field="help_page.content" style="min-height:200px;"/>
<hr/>
<!-- Submit Feedback part -->
</t>
Hi, thank you for your code contribution, while this is good for a simple login / logged out check, the system allows you to define groups e.g. only people with accounting group can access these help pages.
Hello,
the help page doesn't repect the privilege groups, and, once you get the url, you can reach an help page without being logged in. So, search engine robots can crowl them, and display content to everyone.
Is there a way to prevent those 2 "issues" ?