New setting to hide private archives from unauthorized users in the index (!110) · Merge requests · GNU Mailman / HyperKitty

Jake Scaltreto requested to merge jscaltreto/hyperkitty:hide-private into master Aug 25, 2018

This adds a new setting, HYPERKITTY_HIDE_PRIVATE_LISTS, to hide lists from to archives index that the current user does not have access to view. The setting is False by default, preserving the existing behavior.

The current behavior is to include all available list archives (barring vhost filtering) in the index when sorting by name or creation time. If a user is not authorized to view an archive certain information is not displayed and clicking the link will produce a 403 error. However, it may be desirable to exclude inaccessible archives from the index entirely for certain installations. This setting will allow site administrators to block unauthorized users from even seeing the existence of a private archive.

I believe this fixes #166 (closed)

New setting to hide private archives from unauthorized users in the index

Merge request reports