Brad Jorsch (Anomie) writes:
Thank you, Brad. That page is a great resource.
In my case, my "restricted" wiki passes all tests on that page except the API
access.
Mainly because users can't edit (and therefore no editing tricks will access hidden
features),
we're not attempting to hide content (just old versions), and special pages are easy
to blacklist via hook.
I should mention this isn't a high-security site. I'm just removing features that
don't fit the purpose of the site.
If people see more than they should, it's no big deal.
You might try to hack something up by blacklisting
certain API modules with ApiCheckCanExecute and the like,
but such things aren't really supported.
Thanks for the tip and the warning!
DanB