Feature Request: Wiki ACLs (Access control for individual pages)
It would be nice if redmine would support ACLs (access control) for individual wiki pages or groups of wiki pages.
We'd like to give out wiki access to sub-contractors, but only to the parts of the wiki that are their business.
In our case that means a given sub-contractor should see:
- The wiki pages relevant to his project
- Parts of the global wiki documentation that we deem non-confidential
That sub-contractor should generally not be able to see anything else. In particular not pages that are meant for other sub-contractors and internal documents that we just don't want them to see.
To achieve this goal we have experimented with creating sub-projects for individual sub-contractors but this approach is very cumbersome and error-prone. For example we are forced to copy individual pages from our global documentation to the sub-project wikis to make them available to the contractor - that duplication doesn't scale and is unmaintainable.
To better handle such situations I propose the following implementation (or similar):
- Provide a way to tag wiki-pages with ACL-Tokens. This could be achieved with inline code, e.g. a magic line like "#ACL read,write ContractorRole" somewhere in the page source would grant read/write access to that role. Or redmine could provide nice GUI elements to achieve the same task.
- Provide a per-project toggle to set the wiki pages to "Allow-default" or "Deny-default".
- Provide a per-project list of default access patterns. For example in a given project we may like to set all pages whose names start with "Internal" to be set to "Deny-Default" and "read/write for RoleDevTeam". Such a patterns list would make it easy and straightforward to divide a wiki into any number of access-zones.
Well, that would be my ideas, I'm sure they can be improved - please discuss.
#3 Updated by Sven Schwyn about 4 years ago
I second Bernhard: A checkbox to set the page "public" or "private" would be sufficient. However, "private" pages should only be visible if a user is both logged in and member of the project the wiki is hooked to. Furthermore, wiki links from public to private pages should display an access denied info.
#6 Updated by Felipe Reyes almost 4 years ago
I think that use case proposed by Jimi Jones is the really useful one, moinmoin wiki has that kind of ACL and is very powerful and flexible, probably to avoid the gui part (that could be complex and hard to build a simple and usable one) in a first stage use the magic first line #ACL.
Is this posible that could be implemented like a plugin?, My knowledge of ruby on rails is zero, but maybe somebody at my work aims to develop a plugin.
#16 Updated by Raidel del Peso over 2 years ago
Also might be useful to extend this feature to a wiki format tag (like < pre>) that can be inserted anywhere where wiki format is accepted (issues description, etc) making parts of an issue description private is very useful
even tagging an issue notes as private or "hidden to not registered users"
#19 Updated by Iwao AVE! almost 2 years ago
public/private setting is not good enough for our needs because our company uses Redmine to communicate with our clients and there's no public users (every user has to login).
Setting a minimum role for each wiki page would be sufficient, though.
The role of the client is 'Reporter' and some wiki pages should be visible/editable only to 'Developer' and 'Manager' (i.e. members of our comapny).