2011-11-15
pbmichel
In many of my DokuWiki instances, I'd like to restrict the access to old revisions, but not disable the feature altogether. In theory, of course, the right to read a page automatically gives you the ability to have all old revisions. In practice, however, it makes a huge difference.
My observation is, that at least in my settings, I'd love to bind the right to see, revert, etc. old revisions to the EDIT right. It kinda makes sense to me, too, as the ones being able to create new revisions have access to the old ones.
The following two very tiny patches achieve this binding, yet I am not confident revision information does not "leak" anywhere else.
Specifically the RSS feed option is untouched and gives away revision information, if not configured to not do so.
Ideally, I'd love to see a config option to toggle the raise from READ to EDIT right for revision information.
<code>
diff -r 90e5fae6302a -r 1032d23d5f30 inc/actions.php
--- a/inc/actions.php Sun Oct 02 11:46:22 2011 +0200
+++ b/inc/actions.php Tue Oct 04 18:51:54 2011 +0200
@@ -243,7 +243,7 @@
global $INFO;
global $conf;
- if(in_array($act,array('save','preview','edit','recover'))){
+ if(in_array($act,array('save','preview','edit','recover','revisions','diff'))){
if($INFO['exists']){
if($act == 'edit'){
//the edit function will check again and do a source show
@@ -272,6 +272,8 @@
}else{
$permneed = AUTH_ADMIN;
}
+ }elseif($act == 'show' && $INFO['rev']) {
+ $permneed = AUTH_EDIT;
}else{
$permneed = AUTH_READ;
}
</code>
and
<code>
diff -r 90e5fae6302a -r 1032d23d5f30 inc/template.php
--- a/inc/template.php Sun Oct 02 11:46:22 2011 +0200
+++ b/inc/template.php Tue Oct 04 18:51:54 2011 +0200
@@ -552,6 +552,7 @@
}
break;
case 'revisions':
+ if(!$INFO['writable']) { return false; }
$type = 'revs';
$accesskey = 'o';
break;
</code>