Open sebix opened 3 weeks ago
Any item with an ACL that denies READ should not be present on any of the above reports.
I can reproduce the error when a 1.9 wiki is imported, but not when a wiki created as empty and populated with new items.
Editing an item on a wiki created with import19 results in correct behavior (the item is not displayed in the reports).
Any item with an ACL that denies READ should not be present on any of the above reports.
I'm not speaking about the items of the pages, but the pages themselves.
When I try +admin as anonymous user I get a message similar to "Item names must not start with '+'"
.
When I try +admin/itemsize, I get the list of items with their sizes. This seems to be a bug. All admin pages should be limited to an admin user login.
For the other views maybe we can add configuration options. IMO this cannot be solved with ACL.
With the above fix all '+admin' views are restricted to a superuser as configured in wikiconfig.py.
For the rest of your question, there is no feature to restrict the other views from being displayed.
Thanks!
@sebix can we close this issue?
The fix breaks the user view from the navigation bar. This is available for everybody and uses the view '+admin/user'
and results in a 'You are not allowed to access this resource.'
now.
I think this needs some refactoring and redesign. E.g. we can move
into the admin area only visible for an admin with login.
Any Ideas?
How can the pages
/+admin/itemsize
/+admin/interwikihelp
/+admin/highlighterhelp
/+wanteds
/all
/all/+history
/all/+tags
be restricted by ACLs? They seem not be part of a namespace and are not restricted by
acl_functions