Protected blogging plugin

From ETS

Overview of required features

• Protected web space is already provisioned for all Penn State student, faculty, and staff.
  • there is a wizard at https://protected.personal.psu.edu which manages access control - works by writing .htaccess files into personal space
• When user creates a new blog they should be given an option to create blog in public space or protected space
  • MT will have to know which blogs are public and which are protected.
  • public blogs content will still be accessible by the public just like in a standard MT install.
• a permission will be added to MT for simply "read blog".
  • All content in a protected blog will be hidden, unless user has "read blog" permission for that particular blog.
    • for example: a tag search on a specific protected blog will not return any results unless the user performing the search has "read blog" permission for that particular blog.
    • All dynamic content generated by MT will have to respect whether or not content should be protected.
  • to prevent having to double enter permissions, MT will create the .htaccess file in the blog directory to allow users with "read blog" to read the blog. If the user tries to use the ACL wizard (https://protected.personal.psu.edu) it will overwrite the MT created .htaccess, but the MT created .htaccess will return when the blog is rebuilt. This will cause confusion for some users. Should we remove the blogs directory from the PSU ACL wizard?
• All content will need to be protected from within the MT environment:
  • Users should not be able to see other users' posts
  • Search cannot return posts
  • Comments should not be seen