This question about Using an extension: Answered
How does PublishPlugin handle ALLOWTOPICVIEW? (Bug?)
I'm publishing a web in which specific pages use the setting ALLOWTOPICVIEW to limit access (could be in a topic containing admin passwords).
Problem: Topics that limit access using
are published just the same as any other topic = secret content is published. is this a bug, or a deliberate feature?
Question: How can I publish the web in such a way that access restrictions are enforced?
Suggestion: Are the access restrictions based on the specific wiki user who is doing the publish action? If so, would it be enough to create a PublishingUser for this purpose, and make sure that this user has access to exactly the intended pages? I'm hesitant to just experiment
because I don't want to change too many settings in our wiki, that's why I ask here instead.
I've experimented now (despite mentioned hesitations) and come to this conclusion:
The access rights of the current user are inherited to the PublishPlugin, meaning that the permissions of the current user determine what pages get published.
If certain pages should not be published, then the process should be performed by a user that doesn't have access to these pages.
In my experiment, I created a new user JohannesGutenberg
that had view access to the web but not to the secret pages. I also needed to
on that web's PublishPluginHistory. (Note: Add that setting right at the top of the page, followed by a line with
, to make sure that the setting is not lost when the plugin re-writes that page.)
The secret pages are simply missing in the published pages (you get HTTP Error 404
when you click a link to such a page).
If you have more complex access permissions that are mutually exclusive or overlapping, then you might need to use specific
settings in each relevant page.
- 29 Apr 2010