It would be nice to provide the option to configure Nurpawiki so that non-authenticated users can view the wiki but without permissions to modify it.

This is quite easy to do except that all of the code needs to be carefully reviewed for security holes before enabling something like this.

Pushing to a future release. This requires some thinking on a reasonable set of privileges for guest users.

Implemented in r312.

Extract from design notes:

Provide a function with_read_only_credentials that can be used in a similar manner ask with_user_login but so that it would only check config options for allow_ro_guests. If config allows RO access, then it would just let users go further into the site. If RO access is disallowed, then we could pass the user through standard authentication with with_user_login (inside with_read_only_credentials).

Services that either modify the DB or show private data would remain to be protected with with_user_login and would thus be prompted with a login screen if attempted to access.

If logged in as guest, "Howdy user" text should note that you're logged in as a guest and it should provide a login link. Login screen is easy to implement using a page /login that uses with_user_login.

• *

The with_read_only_credentials was renamed to with_guest_login but otherwise the implementation is pretty similar.