On Fri, Oct 31, 2008 at 10:20 AM, javi bueno malagutidomp@hotmail.com wrote:
Hi, thank you for the information. I have found another extension similar to Page-by-page and I cannot do it works fine. I am doing something wrong. The extension is named CrudeProtection : http://www.mediawiki.org/wiki/Extension:CrudeProtection and the restriction only works when I create the page. For example : <protect>User1</protect> gives permissions to read the page to User1. If I create it using User2, an "Access Denied" page is shown on the screen ( Fine! ), but then, if I try to read the page again I (User2) can see it.
Anybody knows what I am doing wrong? Why is the restriction working only on page creation?
Ugh...
The "What it does not do" is longer than my arm. http://www.mediawiki.org/wiki/Extension:CrudeProtection#What_it_does_not_do....
No surprise if that thing is broken, and the author of a article can bypass the "protection". Your example seems rigth. <protect>User1</protect> sould "Disallow all and Allow User1". But is not what is doing, and is allow User2. It looks broken to me. More broken than what "What it does not do" suggest, that is already very broken.
A fun experimental idea:
1) Force all users to logon with a .htpassword, so apache know the name of the user
2) Some sort of conditional mod_rewrite rule that send wiki.php?page=John/ArtibleFoo to forbiddenacces.php, if username is not John ( it seems it will use %{REMOTE_USER} and RemoteConv somehow). Disabling acces based on authentificated user + url build. This will force users to build urls in a particular way ( everything inside John/ is private to John) but that is. Anyway I don't know how to build that particular set of mod_rewrite rules, or If is posible.