Feature Proposal: Simplify hiding the System web documentation.

Motivation

MichaelDaum pointed out several times that Search Engines like Google will reduce the rank of sites showing duplication of content. Making the System web documentation available to guests is a big part of this. We can make this whole process a lot easier.

Description and Documentation

We need to identify and add "ALLOWTOPICVIEW = *" settings to any topics that are use operationally in other webs, or are needed directly by unauthenticated users.

This proposal does NOT change WebPreferences to block guest access, but is intended to ensure that Foswiki remains fully functional should a site chose to block access.

Examples

CommentPluginTemplate.txt	Questionable - possibly referenced from other webs.	edit
JQueryAjaxHelper.txt	Might be referenced from other guest accessible webs. (Included from more.tmpl)	edit
DefaultUserRegistration.txt	Included from UserRegistration.	edit
LanguageSelector.txt	Included from top bar even when I18N is disabled.	edit
PatternSkinHorizontalNavigationExample.txt	Optionally included from view.pattern.tmpl by setting.	edit
ResetPassword.txt	Directly used.	edit
UserRegistration.txt	Directly used.	edit
WebAtomBase.txt	Included.	edit
WebBottomBarExample.txt	Included from viewbottombar.pattern.tmpl	edit
WebChanges.txt	Included.	edit
WebChangesAlert.txt	Included by WebNotify. (Obsolete)	edit
WebChangesAdvanced.txt	Included.	edit
WebIndex.txt	Included.	edit
WebLeftBarExample.txt	Included from viewsidebar.pattern.tmpl.	edit
WebLeftBarLogin.txt	Included from WebLeftBarExample.	edit
WebLeftBarWebsList.txt	Included from WebLeftBarExample.	edit
WebNotifyHelp	Included by WebNotify.	edit
WebPreferencesHelp.txt	Included from WebPreferences.	edit
WebRssBase.txt	Included.	edit
WebSearch.txt	Included.	edit
WebTopBarExample.txt	Included from viewtopbar.pattern.tmpl	edit
WebTopicList.txt	Included.	edit

Impact

• Sites with a default install: should be no impact as all these topics are readable anyway.
• Sites already with protected System Web: This might make applying an update package easier as all of these topics are included in the update package.

Adding ALLOWTOPICVIEW = * to JQueryAjaxHelper is not backwards compatible with Foswiki 1.x.

WhatDoesItAffect:

%WHATDOESITAFFECT%

edit

Implementation

-- Contributors: GeorgeClark - 30 Oct 2015

Discussion

-- GeorgeClark - 30 Oct 2015

Set this as planned for 2.1. But considering that anyone who has made these customizations will be broken by our update packages, we might consider adding the ALLOW settings as part of a 2.0.x patch. It may make it easier for sites to apply the patch releases.

-- GeorgeClark - 30 Oct 2015

Note that ALLOWTOPICVIEW = * would be required for a couple of plugins as well shipping config topics in System. Alas ALLOWTOPICVIEW = * isn't backwards compatible. I once applied this ACL to SolrPlugin 's system topics and people upgrading it on a 1.1.x engine complained. So I backed out of this approach...

As an alternative we could merge AutoTemplatePlugin 's RulebasedViewTemplates into AutoViewTemplatePlugin and apply a view template to all System web topics so that viewing them as a guest is either redirecting to Main.WebHome or render any other kind of sorry-content-blocked page.

-- MichaelDaum - 30 Oct 2015

I have a patch already retrofitted to 1.1.x that could add the ALLOW=* wildcard. I got bogged down trying to fit the CGI and Perl deprecations fixes into a 1.1.x patch contrib that would buy 1.1 users time. This is what I've got bundled so far in PatchRelease01x01Contrib (in Release01x01 branch)

• Item11267: Fixes Item12225 - extension using new Version strings break configure. Applies to Foswiki 1.1.5 and earlier.
• Item12285: Security fixes related to the Maketext vulnerability. Applies to Foswiki 1.1.6 and earlier.
• Item12391: More Maketext validations - Security issue applies to Foswiki 1.1.7 and earlier.
• Item12414: Newer versions of File::Temp cause die in Foswiki::Sandbox::sysCommand() (Applies to Foswiki-1.1.6, Foswiki-1.1.7 and Foswiki-1.1.8 )
• Item12616: Warnings and Errors due to newer versions of perl. (Fixed in Foswiki 1.1.9)
• Item12849: Add ACL * wildcard for backwards compatibilty with Foswiki 2.0. Applies to all Foswiki 1.1 versions.
• Item13775: Warnings due to CGI::param called in list context.
• Item13777: Backport changes in URLPARAM and SEARCH for extension compatibility.

-- GeorgeClark - 30 Oct 2015

Marked as Accepted for 2.1. I clarified the proposal and modified the summary to agree with the topic name. This proposal will not change the System web settings.

-- GeorgeClark - 13 Nov 2015

Commenting is disabled while not logged in