AuthzPolicy should allow restricting access to only the most recent version of a resource
|Reported by:||Ryan J Ollos||Owned by:|
Description (last modified by )
It would be useful to be able to restrict access to only the most recent version of a resource. This was discussed in comment:8:ticket:8976.
One suggestion is to use the syntax
@HEAD. Another possibility would be to use
@None, since by convention
None refers to the most recent version of a resource. What would be the most logical syntax to use?
Currently, if the user is restricted to accessing the most recent version of the using a rule such as
[wiki:WikiStart@11] anonymous = WIKI_VIEW
the user will only be able to access that page if
?version=11 is included in the URL. Navigating to
/wiki/WikiStart will result in a Forbidden error.
Another request from comment:8:ticket:8976 is to hide the History contextual navigation item and prevent navigating to
/wiki/WikiPage?action=history when the user only has access to the most recent version of a resource. This is potentially more difficult because we have a way to check if the user has access to a particular resource, but it is less straightforward to check which versions of a resource the user has access to, and performance considerations may come into play.