Allow secret URL even when public pages are not allowed

Bug #1394830 reported by Kristina Hoeppner
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Mahara
Triaged
Wishlist
Unassigned

Bug Description

I suggest to separate the allowing of public pages from the use of secret URLs. In an organization that uses Mahara for assessment, you may wish to prevent users from sharing their portfolios with the public to avoid letting sensitive information be searchable in Google, but you may still want to allow them to share their portfolio with an assessor / expert who doesn't have an account on the site or use it to create an employment portfolio to share with a prospective employer who doesn't have access to the system.

Therefore, it would be good if secret URLs still worked even if the site / the institution doesn't allow public pages.

If we should keep the option that a site needs to be locked down for users with accounts only, then a second option should be created to not allow secret URLs on top of not allowing public pages.

Tags: secreturls
Revision history for this message
Emilie Lenel (emilie-lenel-g) wrote :

Hello Kristina
We have the same concern here
I do vote for this bug (don't know how to vote in the launchpad)
We had to alow public pages so that users can generate secret URL.. But we'd like to prevent users from sharing their portfolio with the public.

Revision history for this message
Kristina Hoeppner (kris-hoeppner) wrote :

Hello Emilie,

Thank you for your thumbs up on this one. If you haven't already, you can click the "This bug affects me" link below the heading of this wishlist item.

Cheers
Kristina

Revision history for this message
Aaron Wells (u-aaronw) wrote :

If the concern is to avoid letting their Pages be searchable by Google, another option would be to add a site-wide setting that adds the "<meta name="robots" content="noindex">" tag to the top of *every* Page.

We already add this tag to all Pages that aren't shared with the Public.

Additionally, this could be a per-institution or even per-user setting. LiveJournal, for instance, provides an account setting that lets you set whether or not your blog's content should be indexed by search engines or not.

tags: added: secreturls
Revision history for this message
Kristina Hoeppner (kris-hoeppner) wrote :

The user option for noindex sounds the best as the site admin or institution admin can't foresee what a user wants. Though thinking of smaller children, they may not completely understand what the option is for and thus, a noindex option could be forced.

This brings up the question also that we should consider public pages for certain roles, e.g. don't allow public pages for regular users, but for staff and admin. I filed wishlist item bug#1429325 for that.

Revision history for this message
Kristina Hoeppner (kris-hoeppner) wrote :
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.