Steven Heynderickx wrote on 14 Jan 2010 20:29
If you activate comments per page… they can become visible outside the save-zone… logically probably because they are not part of the page but included isn't it?… So if anyone would comment… let's presume the client - company relation (use case of Leiger) where the client creates a ticket… if the communication would continue in comments on that page… they can be visible to others that are able to create pages, and that would be everybody since every client (customer) can create a ticket (page)
I can also create a listpages that reveals the full content of a private page. Have a look at http://testerszone.wikidot.mywikidot.com/listpages that is the full content of a private page.
Then the ListPages issue needs to be fixed … and it seems that it will not be fixed until a later implementation of this feature:
I suppose Cross-Site Includes would need to know if a category is private as well…
As for the Comments module — making the whole forum category private might help. But of course that removes the chance of a public forum on the same site.
The obvious choice is to avoid the Comments module entirely.
Creating a new category (ticketpost) which is private and holds a customer's replies to the ticket would work one-way only… the problem comes when a moderator or administrator wants to reply to the customer. Only the post creator would be able to see their posts, meaning that there is no way of the customer seeing anything that a moderator/admin has created.
Maybe just going back to basics and using the Edit-Append button will work? We need ways to control it though — such as adding information about who appended the new code to the page, and placing a border around their message…
~ Leiger - Wikidot Community Admin - Volunteer
Wikidot: Official Documentation | Wikidot Discord server | NEW: Wikiroo, backup tool (in development)
? Two entirely different discussions happening here, it seems.
Steven, you are asking how customers can create pages in a private category?
And you are also pointing to the fact that site members can pull data from private pages?
The second is intentional, as explained in the private category sketch. This is how the first version will work.
Portfolio
No I'm not, I created a testsite I made private pages and I'm doing experiments to see how private "private" is
The only thing I ask is whether or not my assumption that "threads per page are not part of a page, but are included" is correct… but that was rather rethorical with the "isn't it?" at the end.
Further I did the experiment to see if a non-member can see the content of a listpage that is situated on a public page, but where the listpage contains comments of a private page. And the Listpage was visible.
So I started thinking… I wich case could this happen? And then I remembered Leiger's Idea of the tickets in a company - customer relation. They both want that their communication via the site is private, they both have editing rights for the page they create. So the customer COULD make a Listpage on his page… getting info from private parts of the site… So that idea has security-gaps.
I'm telling this… I am not asking anything
@ Leiger, Indeed if [[includes]] are also visibe then CSI will probably fail too
A - S I M P L E - P L A N by ARTiZEN a startingpoint for simple wikidot solutions.
OK, did you read the specifications? Especially the line that divides the page, with "In the initial version, there is no further security."
Portfolio
And CSI should maybe also be added. For the "private" future :-)
A - S I M P L E - P L A N by ARTiZEN a startingpoint for simple wikidot solutions.