Access controls

Uniqki has two types of pages including non-wiki and wiki pages, and supports read access controls for both types of pages using the $READ_ACCESS setting. Because Uniqki generates static HTML files and is not involved in delivering their contents to visitors, the web server has to secure the HTML files if any of non-wiki or wiki pages has a non-open read access control. For example, if $READ_ACCESS is open or open:open (open for both non-wiki and wiki pages), you don’t have to do anything because HTML files need not be secured at all.

1   Read access

Except for open or open:open, you have to secure HTML files to control read access and redirect any requests to Uniqki. For the Apache server, the directives in Figure 1 can be added to .htaccess. What these directives do is to redirect any HTML requests to the Uniqki script so that Uniqki can handle the requests according to the read access setting.

RewriteEngine On
RewriteBase /
# RewriteBase /subdir
RewriteCond %{REQUEST_URI} !^/u$
# RewriteCond %{REQUEST_URI} !^/subdir/u$
RewriteRule ^([^/]*)$ u/$1 [R,L]
RewriteRule ^u/$ u [R,L]
RewriteRule ^u/(?:.*/)?(u\.tpl/.*)$ $1 [R,L]
RewriteRule ^([^/]*)\.html$ u/$1 [R,L]
RewriteRule ^(u/[^/]*)\.html$ $1 [R,L]
RewriteCond %{REQUEST_URI} !^/u($|[/?]|\.tpl/)
# RewriteCond %{REQUEST_URI} !^/subdir/u($|[/?]|\.tpl/)
RewriteRule .* "-" [F]
Figure 1: Restrict direct access to HTML files for Apache

$READ_ACCESS can be set to one of the following read access controls:

open or open:open
Your site is fully readable by anyone.
open:closed
Open non-wiki and closed wiki pages. Non-wiki pages are readable by anyone, but wiki pages are only readable by logged-in users. This setting alone doesn’t actually secure wiki pages because your site is static and Uniqki cannot do anything about the HTML files it has created. You have to use the web server’s directives to secure the HTML files as shown in Figure 1.
open:admin
Open non-wiki and admin-only wiki pages. Non-wiki pages are readable by anyone, but wiki pages are only readable by admin users.
closed:open
Closed non-wiki and open wiki pages. Non-wiki pages are only readable by logged-in users, but wiki pages are readable by anyone.
closed or closed:closed
Closed non-wiki and wiki pages. Both non-wiki and wiki pages are only readable by logged-in users.
closed:admin
Closed non-wiki and admin-only wiki pages. Non-wiki pages are only readable by logged-in users and wiki pages are only readable by admin users.
admin:open
Admin-only non-wiki and open wiki pages. Non-wiki pages are only readable by admin users, but wiki pages are readable by anyone.
admin:closed
Admin-only non-wiki and closed wiki pages. Non-wiki pages are only readable by admin users and wiki pages are only readable by logged-in users.
admin or admin:admin
Admin-only non-wiki and wiki pages. Both non-wiki and wiki pages are only readable by admin users.

2   Write access

Non-wiki pages can only be created and edited by administrators because these pages can have powerful commands on top of the wiki-like syntax that allows for executing Perl code. Wiki pages do not allow Perl code and may be created and edited by visitors without login or users with login depending on the $WRITE_ACCESS and $WIKI_PAGES_ALLOWED settings. $WRITE_ACCESS can be set to one of the following values:

open
Anyone can edit existing wiki pages and may create new wiki pages that are allowed by $WIKI_PAGES_ALLOWED.
closed
Only logged-in users can edit existing wiki pages and may create new wiki pages that are allowed by $WIKI_PAGES_ALLOWED.
admin
Only admin users can edit existing wiki pages and may create new wiki pages that are allowed by $WIKI_PAGES_ALLOWED. However, admin users can create any wiki pages using the non-wiki edit command regardless of the $WIKI_PAGES_ALLOWED setting.