Prohibit access to page history
the story
Today we have ACLs that do allow access to a page by
["read", "write", "delete", "revert", "admin"]
What you can not change is the access to the history. Imagine a company that uses a wiki. It has no problem with the read access or even write access for users. What it might not want is that ALL users can read the full version history of every page. Ther might have been be some ugly errors in the past. They may want to give access to these revisions only for a specific group.
If I see this right this depends on the access to "action=info" and "action=recall". Would it be possible or a good approach to add a new keyword for the ACL mechanism? Maybe we can add other actions to this right. How should we call it? Maybe "audit" ? -- ThiloPfennig 2006-02-05 11:22:20
see also
discussion
This is somewhat related to todays "revert" right. If you have it, you get offered an easy way to revert a page by a single click (a GET request!). This is a wrong implementation (should be POST) and therefore we needed that "revert" right (although you can basically do the same, just less comfortable, with read/write rights).
So a cleanup of that stuff would include fixing that revert stuff and replace "revert" right by some "right to see history" or "right to see metadata" maybe.
Access to content of non-current (historic) page revisions is a problem anyway. All those pages have ACLs. But IIRC, we just use the ACL of the latest existing revision (that's maybe what is expected and the least troublesome, but also can cause trouble for some cases).
This is not a modification done by a quick hack, for sure.
Maybe the right to see the history should be part of the write acl right. If you can write, you obviously can see the history (current page and next version). Although there are cases when is ok for someone to read the history of the page even if he is not able to edit it.
We can add a right named history which let you see the history. Adding new acl word is very easy, it can be done in the config (acl_rights_valid), and the processing of the rights can be done easily in the actions, so it IS a modification that can be done by a quick hack for sure 
-- NirSoffer 2006-02-05 16:38:04
It's not that simple because ACLs are per-revision. -- JohannesBerg 2008-07-03 14:17:24
workaround
If you are using Apache and want to prevent access to page history you can use a RewriteRule in .htaccess like the following:
RewriteCond %{QUERY_STRING} ^action=info [OR]
RewriteCond %{QUERY_STRING} ^action=diff [OR]
RewriteCond %{QUERY_STRING} ^action=recall
RewriteRule .* - [last,F]This yeilds a 403 error when a page history link is requested.
You also can add a security policy which alows only some users to access that action. An example is at ReimarBauer/SecurityPolicy