AuthzPolicy should allow restricting access to only the most recent version of a resource

[Ryan J Ollos]

It would be useful to be able to restrict access to only the most recent version of a resource. This was discussed in comment:8:ticket:8976.

One suggestion is to use the syntax @HEAD. Another possibility would be to use @None, since by convention None refers to the most recent version of a resource. What would be the most logical syntax to use?

Currently, if the user is restricted to accessing the most recent version of the using a rule such as

[wiki:WikiStart@11]
anonymous = WIKI_VIEW

the user will only be able to access that page if ?version=11 is included in the URL. Navigating to /wiki/WikiStart will result in a Forbidden error.

Another request from comment:8:ticket:8976 is to hide the History contextual navigation item and prevent navigating to /wiki/WikiPage?action=history when the user only has access to the most recent version of a resource. This is potentially more difficult because we have a way to check if the user has access to a particular resource, but it is less straightforward to check which versions of a resource the user has access to, and performance considerations may come into play.

[Ryan J Ollos]

Expanding on the last point in comment:description, one could even argue that in the strictest sense, fine-grained permissions checks should be performed on every version of a page before listing that version in the page history view.

[Ryan J Ollos]

Retargetting tickets to narrow focus for milestone:1.2. Please move the ticket back to milestone:next-dev-1.1.x if you intend to resolve it by milestone:1.2.

[Ryan J Ollos]

Similar features requested in ​SO:41624538.

[Peter Suter]

Similar request in #10334.