Open sebix opened 3 weeks ago
RogerHaase
commented
3 weeks ago Any item with an ACL that denies READ should not be present on any of the above reports.
I can reproduce the error when a 1.9 wiki is imported, but not when a wiki created as empty and populated with new items.
Editing an item on a wiki created with import19 results in correct behavior (the item is not displayed in the reports).
sebix
commented
3 weeks ago Any item with an ACL that denies READ should not be present on any of the above reports.
I'm not speaking about the items of the pages, but the pages themselves.
UlrichB22
commented
2 weeks ago When I try +admin as anonymous user I get a message similar to "Item names must not start with '+'".
When I try +admin/itemsize, I get the list of items with their sizes. This seems to be a bug. All admin pages should be limited to an admin user login.
For the other views maybe we can add configuration options. IMO this cannot be solved with ACL.
UlrichB22
commented
1 week ago With the above fix all '+admin' views are restricted to a superuser as configured in wikiconfig.py.
For the rest of your question, there is no feature to restrict the other views from being displayed.
sebix
commented
1 week ago Thanks!
UlrichB22
commented
1 week ago @sebix can we close this issue?
UlrichB22
commented
1 day ago The fix breaks the user view from the navigation bar. This is available for everybody and uses the view '+admin/user' and results in a 'You are not allowed to access this resource.' now.
I think this needs some refactoring and redesign. E.g. we can move
into the admin area only visible for an admin with login.
Any Ideas?
How can the pages
/+admin/itemsize/+admin/interwikihelp/+admin/highlighterhelp/+wanteds/all/all/+history/all/+tagsbe restricted by ACLs? They seem not be part of a namespace and are not restricted by
acl_functions