How do I prevent anonymous users from using page history?
Code Changes Required
This configuration requires changing the Confluence code in your installation. You will need to reapply these changes whenever you upgrade Confluence. Proceed with caution.
Purpose
Currently there is no way to restrict anonymous users from viewing the page history through the UI. Page history can be accessed, even by anonymous users, from Tools > Page History.
Solution
In order to restrict this function for anonymous users, you'll need to edit viewpreviousversions.vm from <confluence-install>/confluence/pages/, and copy and paste the following code:
<html>
<head>
<title>$action.getText("title.view.previous.versions") - $!page.title</title>
</head>
#applyDecorator("root")
#decoratorParam("helper" $action.helper)
#decoratorParam("mode" "view-information")
#decoratorParam("calendar-width" "200px")
#decoratorParam("context" "$action.page.type")
## PERMISSION TO CHECK IF USER IS ANONYMOUS, IF ANONYMOUS THERE IS NO HISTORY FOR IT :)
#if ($action.remoteUser != $null)
#requireResource("confluence.web.resources:page-history")
<form name="diff" method="GET" action="diffpagesbyversion.action">
<input type="submit" value="$action.getText('compare.selected')">
<input type="hidden" name="pageId" value="$action.pageId">
<style>
.tableview td {white-space:nowrap; vertical-align:top;}
</style>
<table id="page-history-container" width="100%" cellspacing="0" class="tableview">
<tr>
<th> </th>
<th>$action.getText("heading.version.number")</th>
<th>$action.getText("heading.version.date")</th>
<th>$action.getText("heading.comment")</th>
#if( $action.isRevertPermitted())
<th>$action.getText("heading.operations")</th>
#end
</tr>
<tr id="rowForVersion$page.version">
<td width="%1"><input type="checkbox" name="selectedPageVersions" value="$page.version" #if ($action.isSelectedVersion($page.version)) checked #end></td>
<td align="left">
<strong>
<a href="viewpage.action?pageId=$page.id">$action.getText("current.version")</a>
(v. $page.version)
</strong>
</td>
<td align="middle">
<strong>
$dateFormatter.formatDateTime($page.lastModificationDate)
</strong>
</td>
<td style="white-space:normal;">
<strong>#usernameLink ($page.lastModifierName)</strong>#if ($page.versionCommentAvailable):
<br><span class="change-comment">$page.renderedVersionComment</span>#end ## Only put in a break if there's a comment
</td>
#if( $action.isRevertPermitted())
<td> </td>
#end
</tr>
#if( $previousVersions )
#foreach( $oldPage in $previousVersions )
<tr id="rowForVersion$oldPage.version">
<td width="%1"><input type="checkbox" name="selectedPageVersions" value="$oldPage.version" #if ($action.isSelectedVersion($oldPage.version)) checked #end></td>
<td align="left">
<a href="viewpage.action?pageId=${oldPage.id}">v. $oldPage.version</a>
</td>
<td align="middle">
$dateFormatter.formatDateTime( $oldPage.lastModificationDate )
</td>
<td style="white-space:normal;">
<strong>#usernameLink ($oldPage.lastModifierName)</strong>#if ($oldPage.versionCommentAvailable):
<br><span class="change-comment">($oldPage.renderedVersionComment)</span>#end ## Only put in a break if there's a comment
</td>
#if( $action.isRevertPermitted())
<td align="middle">
#if ($oldPage.version>0)
<a href="revertpagebacktoversion.action?pageId=$page.id&version=${oldPage.version}">$action.getText("restore.this.version")</a>
#end
</td>
#end
</tr>
#end
#end
</table>
</form>
<p><a href="${req.contextPath}/pages/viewinfo.action?pageId=${page.id}">$action.getText('return.to.page.info')</a></p>
#else
## CUSTOM MESSAGE TO ANONYMOUS USER
<ul>Unfortunately, as an anonymous user you do not have permission to view page history. For further information please contact your Confluence Administrator.</ul>
#end
#end
</html>
The code above contains a custom message if the user is not authenticated (anonymous). Simply edit the section ##CUSTOM MESSAGE TO ANONYMOUS USER with the message you wish to show (if any) and save the template, and you're done.
Last modified on Feb 26, 2016
Powered by Confluence and Scroll Viewport.