MediaWiki wasn't designed to hide content. The only supported method of
content hiding is hiding content on the entire wiki. Per-page,
per-namespace, per-whatever hiding isn't supported.
I'd recommend attempting to hide sensitive information even if SMW did
support that, you noticed SMW not supporting it. But even inside of
MediaWiki itself methods of bypassing view restrictions keep popping up.
Templates, export, dumps, feeds, recentchanges, and a fair number of
other things are known for breaking partial view restriction in the
past. Some of them are fixed, but it's likely that there may be more
methods of bypassing view restriction that we either don't know about
now, or will be introduced by a new feature.
Though when it comes to SMW, to be frank I don't think it should be
SMW's job to handle this. SMW is made to query the info, it's not an
access restriction extension and it's programmers shouldn't be required
to program portions of an access restriction extension into it. Adding
access restriction likely is even going to complicate queries and
perhaps rob performance. That kind of stuff might even make it harder to
get wikimedia to accept it.
~Daniel Friesen(Dantman, Nadir-Seen-Fire) of:
-The Nadir-Point Group (http://nadir-point.com)
--It's Wiki-Tools subgroup (http://wiki-tools.com)
--The ElectronicMe project (http://electronic-me.org)
-And Wikia ACG on Wikia.com (http://wikia.com/wiki/Wikia_ACG)
Jie Bao wrote:
> Hi all
> There is a need in our wiki to protect some sensitive pages. We use a
> namespace and group based approach. E.g., all pages in the "xyz" name
> space is only accessible by users in the group "abc".
> However, people out of the "abc" group can still query about triples
> of "xyz" pages. For example, a page "xyz:page1" may have
> [[category:x]] [[has title:something you can't know]].
> Then a user can query it using
> [[has title::*]]
> This query can be put on any page the user has access to, or even be
> previewed (hence the admin has no trace of who is naughty)
> Is there a way to filter out, in the result of a query, the triples a
> user are forbidden to read? Or is there a plan to add this feature in
> the near future? Thanks