Mahara

Allow secret URL even when public pages are not allowed

Bug #1394830 reported by Kristina Hoeppner on 2014-11-21

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	Mahara	Triaged	Wishlist	Unassigned

Bug Description

I suggest to separate the allowing of public pages from the use of secret URLs. In an organization that uses Mahara for assessment, you may wish to prevent users from sharing their portfolios with the public to avoid letting sensitive information be searchable in Google, but you may still want to allow them to share their portfolio with an assessor / expert who doesn't have an account on the site or use it to create an employment portfolio to share with a prospective employer who doesn't have access to the system.

Therefore, it would be good if secret URLs still worked even if the site / the institution doesn't allow public pages.

If we should keep the option that a site needs to be locked down for users with accounts only, then a second option should be created to not allow secret URLs on top of not allowing public pages.

Tags:

Revision history for this message

Emilie Lenel (emilie-lenel-g) wrote on 2014-11-24:

Hello Kristina
We have the same concern here
I do vote for this bug (don't know how to vote in the launchpad)
We had to alow public pages so that users can generate secret URL.. But we'd like to prevent users from sharing their portfolio with the public.

Revision history for this message

Kristina Hoeppner (kris-hoeppner) wrote on 2014-11-24:

Hello Emilie,

Thank you for your thumbs up on this one. If you haven't already, you can click the "This bug affects me" link below the heading of this wishlist item.

Cheers
Kristina

Revision history for this message

Aaron Wells (u-aaronw) wrote on 2015-03-03:

If the concern is to avoid letting their Pages be searchable by Google, another option would be to add a site-wide setting that adds the "<meta name="robots" content="noindex">" tag to the top of *every* Page.

We already add this tag to all Pages that aren't shared with the Public.

Additionally, this could be a per-institution or even per-user setting. LiveJournal, for instance, provides an account setting that lets you set whether or not your blog's content should be indexed by search engines or not.

tags:

added: secreturls

Revision history for this message

Kristina Hoeppner (kris-hoeppner) wrote on 2015-03-07:

The user option for noindex sounds the best as the site admin or institution admin can't foresee what a user wants. Though thinking of smaller children, they may not completely understand what the option is for and thus, a noindex option could be forced.

This brings up the question also that we should consider public pages for certain roles, e.g. don't allow public pages for regular users, but for staff and admin. I filed wishlist item bug#1429325 for that.

Revision history for this message

Kristina Hoeppner (kris-hoeppner) wrote on 2015-03-07:

mhh. bug 1429325

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.