Reputation: 1022
TRAC user permissions - do not allow to access page history
In our group we had plain text passwords on our TRAC wiki pages. Now we are granting external users access to those wiki pages. Of course we removed the passwords from the page.
BUT: In the page history you can still see the passwords.
My question is: Is there a way to restrict the user rights to only see the current version of the page and not the page's history?
Upvotes: 0
Views: 114
Answers (1)
Reputation: 2390
Not with Trac core alone.
To be exact, likely you cannot see the passwords in the history (commented version lineup), but in the wiki page view of previous versions. This is where the issue starts to get complicated. Technically it is the same page view template, just with older content retrieved from the stack of wiki content by page name and version.
What you want is to just allow latest version views, but lock older ones. You write a mini-plugin to filter all version requests and redirect for user sessions without appropriate permission, say you define an extra permission WIKI_VIEW_REV and allow to inherit it by WIKI_ADMIN (and of course implicitly TRAC_ADMIN too).
Upvotes: 2
Related Questions
- How to hide some text on TRAC wiki-page from anonymous user?
- Block access to history for anonymous users on Mediawiki?
- Securing trac from anonymous users?
- Disable Trac Authentication for local Usage
- how to prevent accessing web page using history in asp.net
- how to disable site content from history for unauthenticated user?
- How to view own permissions in Trac?
- Disable Trac wiki links
- Privacy prevent page from showing on back button
- Prevent user keeping browsing information from my website