I'm using web2py 2.7.4-stable+timestamp.2013.11.25.15.21.21 but it doesn't
appear that the patch for this is in yet.
However, instead of doing the removal of the Wiki link with jQuery on the
client, which is susceptible to being hacked by a savvy user, the following
may be more secure:
To
Works great, thanks. I've also sent Massimo a patch for tools.py to fix
it in trunk.
I hope to deploy a website soon using auth.wiki and this was one of my last
hurdles.
On Wednesday, November 7, 2012 12:25:44 AM UTC+13, villas wrote:
I do not want the wiki menu to be displayed to anyone
Hello,
I still think the [Wiki] should not be displayed if you are not logged
in. A wiki administrator would be logged in. The general public don't
need to see it.
The change is a little more complicated than I first suggested. There is
more happening after the if self.auth.user:
I do not want the wiki menu to be displayed to anyone except an 'admin' and
I hope that this option will eventually become available.
Until then, this is my workaround solution:
Create a view for the wiki controller function. Place inside that view
this script:
{{if not
Looking at the change, it looks like a non logged in person can still see
[Wiki].
Could I suggest that the append statement comes inside the if
self.auth.user test:
if self.auth.user:
menu.append((current.T('[Wiki]'), None, None, submenu))
On Friday, October 26, 2012 2:22:36 AM UTC+13,
I agree. Changed the behavior in trunk.
On Thursday, 25 October 2012 03:44:08 UTC-5, Andrew W wrote:
the [wiki] menu option is good for the person maintaining the website, but
shouldn't be seen by others (at least those not logged in) .
How do I hide it for unauthorised users ?
Any update
why is auth.wiki different from everything else in web2py?
--
7 matches
Mail list logo
