On Fri, Oct 31, 2008 at 10:20 AM, javi bueno <malagutidomp(a)hotmail.com> wrote:
Hi, thank you for the information. I have found
another extension similar to Page-by-page and I cannot do it works fine. I am doing
something wrong. The extension is named CrudeProtection :
http://www.mediawiki.org/wiki/Extension:CrudeProtection and the restriction only works
when I create the page. For example : <protect>User1</protect> gives
permissions to read the page to User1. If I create it using User2, an "Access
Denied" page is shown on the screen ( Fine! ), but then, if I try to read the page
again I (User2) can see it.
Anybody knows what I am doing wrong? Why is the restriction working only on page
creation?
Ugh...
The "What it does not do" is longer than my arm.
http://www.mediawiki.org/wiki/Extension:CrudeProtection#What_it_does_not_do…
No surprise if that thing is broken, and the author of a article can
bypass the "protection". Your example seems rigth.
<protect>User1</protect> sould "Disallow all and Allow User1". But
is
not what is doing, and is allow User2. It looks broken to me. More
broken than what "What it does not do" suggest, that is already very
broken.
A fun experimental idea:
1) Force all users to logon with a .htpassword, so apache know the
name of the user
2) Some sort of conditional mod_rewrite rule that send
wiki.php?page=John/ArtibleFoo to forbiddenacces.php, if username is
not John ( it seems it will use %{REMOTE_USER} and RemoteConv
somehow). Disabling acces based on authentificated user + url
build. This will force users to build urls in a particular way (
everything inside John/ is private to John) but that is. Anyway I
don't know how to build that particular set of mod_rewrite rules, or
If is posible.
--
--
ℱin del ℳensaje.