Document readability and visibility
OpenWGA knows two different concepts which determines if a document that is fetched in some request is actually displayed: Readability and visibility. It is important to differ between these concepts as they have different semantics and purposes.
Readability is an authorisation feature which prohibits certain users from seeing certain content documents. There is no way that a user can see any data from a content document that is not readable to him on a regular user session. Even it's existence is not exposed to him.
Readability can be enforced in one of two ways:
- By specifying a list of user names, groups and roles in the "READERS" metadata field of a page. Only users whose names, groups or roles are contained in this field will be able to read the contents of this page plus all contents of child pages down the hierarchy
- By specifying a list of user names, groups and roles in the "READERS" metadata field of an individual content document. Only users whose names, groups or roles are contained in this field will be able to read this specific content. This is an obsolete feature which by now can be only activated via publisher option "Use readers on content documents" on the web app configuration.
See Authorisation fields on data documents for details about these fields.
Readability is a security feature which can and should be used to restrict the access to sensitive data on a per-person basis. As such it is enforced on the WGAPI level of the OpenWGA application so that no higher application layers have a change to expose read-protected data.
Visibility is a publishing feature which should hide content documents that in their current state should not be visible. There are four ways that a content document can be invisible:
- Because according to its metadata field "STATUS" it is not in workflow state "released"
- Because the current time does not match its visibility period, defined by metadata fields "VALIDFROM" and "VALIDTO"
- Because it is set to be hidden from the role of the currently used WebTML navigation artifact, defined by metadata field "ISHIDDENFROM"
- Because its general visibility flag in metadata field "VISIBLE" is set to false
The important difference to readability is that WebTML programming can avoid to test for visibility on a user session, so that a user may actually see a content that normally is invisible:
- A <tml:query> and <tml:foreach> can choose to retrieve and display unreleased contents by setting attributes onlypublished to "false"
- WebTML context changes with context paths - like done with WebTML attribute context - avoid visibility tests, except for the workflow state which is respected
- An author logged in to OpenWGA Content Manager will see all invisible contents, because it enables the "authoring mode" on the users session