Read-only access for non-authenticated users

[GoogleCodeExporter]

It would be nice to provide the option to configure Nurpawiki so that
non-authenticated users can view the wiki but without permissions to modify it.

This is quite easy to do except that all of the code needs to be carefully
reviewed for security holes before enabling something like this.

Original issue reported on code.google.com by jjhel...@gmail.com on 13 Dec 2007 at 5:04

[GoogleCodeExporter]

Pushing to a future release.  This requires some thinking on a reasonable set of
privileges for guest users.

Original comment by jjhel...@gmail.com on 16 Dec 2007 at 4:45

• Added labels: Milestone-Release1.1
• Removed labels: Milestone-Release1.0

[GoogleCodeExporter]

Implemented in r312.

Extract from design notes:

Provide a function with_read_only_credentials that can be used in a similar 
manner
ask with_user_login but so that it would only check config options for
allow_ro_guests. If config allows RO access, then it would just let users go 
further
into the site. If RO access is disallowed, then we could pass the user through
standard authentication with with_user_login (inside 
with_read_only_credentials).

Services that either modify the DB or show private data would remain to be 
protected
with with_user_login and would thus be prompted with a login screen if 
attempted to
access.

If logged in as guest, "Howdy user" text should note that you're logged in as a 
guest
and it should provide a login link. Login screen is easy to implement using a 
page
/login that uses with_user_login. 

* * 

The with_read_only_credentials was renamed to with_guest_login but otherwise the
implementation is pretty similar.

Original comment by jjhel...@gmail.com on 27 Dec 2007 at 11:57

• Changed state: Fixed