Revision [13965]
This is an old revision of PageCloaking made by BrianKoontz on 2006-04-27 14:19:55.
Page Cloaking
Wiki pages that are not readable by the current user (or guest) should not have their tags displayed in links, indexes, or other lists. While some wiki purists may cringe at the idea of "information hiding," please keep in mind that page cloaking works in conjunction in ACLs, so those same purists will already have a gripe about ACLs, which means the issue has already been hashed and rehashed.
The basis of page cloaking is simple: Verify that a page is visible (readable) to the current user. If it is not, then not only should the page not be displayed, but the page tag (title) itself shouldn't appear either. This isn't meant as a security feature, but rather a feature of convenience: Users shouldn't have to be tempted by pages they do not have access to. A determined individual could simply try different page tag permutations from the URL. There's really no way around this: Even if a generic message is displayed advising the page is unavailable, attempts to edit the page would fail.
There are two approaches to this problem, both of which rely on a few extra functions in wikka.php:
// Filter out pages for which current user does not have ACL
// "read" permissions
function FilterInvisiblePages(&$pages) {
foreach($pages as $index=>$page) {
$tag = $page['tag'];
if(!$this->IsVisible($page)) {
unset($pages[$index]);
}
}
}
// Determine if a page is visible (readable) to the current user.
// May load ACLs if they haven't been loaded already.
function IsVisible($page) {
$tag = $page['tag'];
$owner = $page['owner'];
$isPublic = 0;
if(eregi("public", $owner)) $isPublic = 1;
// ACLs aren't set until after the LoadPage() call, so we
// need to check and load them if they haven't been already
if(!$this->ACLs_loaded)
$this->ACLs = $this->LoadAllACLs($tag);
if(!$isPublic && !$this->HasAccess("read", $tag)) {
return false;
}
return true;
}
// "read" permissions
function FilterInvisiblePages(&$pages) {
foreach($pages as $index=>$page) {
$tag = $page['tag'];
if(!$this->IsVisible($page)) {
unset($pages[$index]);
}
}
}
// Determine if a page is visible (readable) to the current user.
// May load ACLs if they haven't been loaded already.
function IsVisible($page) {
$tag = $page['tag'];
$owner = $page['owner'];
$isPublic = 0;
if(eregi("public", $owner)) $isPublic = 1;
// ACLs aren't set until after the LoadPage() call, so we
// need to check and load them if they haven't been already
if(!$this->ACLs_loaded)
$this->ACLs = $this->LoadAllACLs($tag);
if(!$isPublic && !$this->HasAccess("read", $tag)) {
return false;
}
return true;
}
Approach #1
Identify each action/handler that retrieves a page from one of the page loading functions in wikka.php, then pass that page to IsVisible(). Or, if multiple pages are retrieved, pass them as an array to FilterInvisiblePages().
For instance, if one desired to cloak pages on the RecentChanges page, the first line in actions/recentchanges.php:
if ($pages = $this->LoadRecentlyChanged())
would be modified to something like this:
$pages = $this->LoadRecentlyChanged();
FilterInvisiblePages($pages);
if($pages)
FilterInvisiblePages($pages);
if($pages)
The advantage here is that cloaking can be selectively applied. The disadvantage is if you want cloaking system-wide, you will have to track down each and every action/handler that loads one or more pages and call FilterInvisiblePages() or IsVisible() as appropriate.
Approach #2
For system-wide page cloaking, it is far less labor-intensive to implement all of the changes in wikka.php (as well as an optional parameter in wikka.config.php). The change to wikka.config.php consists of an additiona l parameter than enables or disables page cloaking:
"display_visible_only" => "1",
Here is a file, suitable for feeding to patch (patch -p0 < cloaking.patch), that make an effort to implement cloaking system-wide:
%%(php)
