Private Pages

User guide for the Private Pages feature in GeoHazardWatch.

Table of Contents

1. Overview
2. Marking a Page as Private
3. Who Can See a Private Page
4. Search Behaviour
5. Private Attachments
6. Making a Private Page Public Again
7. Limitations
8. Access Denied Behaviour
9. Tips and Best Practices

Overview

Private pages are pages that are visible only to their creator and to administrators. All other users — including other authenticated users — are denied access and receive an Access Denied response when they attempt to view, edit, or navigate to the page.

Private pages are stored in a separate location on disk (pages/private/{creator}/) and are excluded from search results for users who do not have permission to see them.

Key facts at a glance

Marking a Page as Private

A page becomes private when you add the private user keyword to it.

Creating a new private page

1. Click New Page or navigate to a page name that does not exist yet.
2. In the Keywords field on the edit form, type private.
3. Write your content and click Save.

The page is stored in the private area immediately and is inaccessible to other users as soon as it is saved.

Making an existing page private

1. Open the page and click Edit.
2. In the Keywords field, add private to the list of keywords.
3. Click Save.

The page file is moved to the private storage area on save. Its URL, UUID, and page name remain unchanged.

Who Can See a Private Page

Search Behaviour

Private pages appear in search results only for their creator and for administrators. No title, excerpt, or metadata is revealed to other users in search results.

When the private keyword is removed and the page is saved, it immediately becomes searchable by all users.

Private Attachments

Files uploaded to a private page are stored privately and subject to the same access rules as the page itself.

• When you upload a file to a private page, it is stored in attachments/private/{creator}/ rather than the standard attachments folder.
• Attempting to fetch the attachment URL directly returns 403 Forbidden for anyone who does not have access to the parent page.
• If the page is later made public (by removing the private keyword), existing attachments remain in the private storage area and continue to be access-controlled. To move an attachment to the public area, delete and re-upload it after the page has been made public.

Making a Private Page Public Again

1. Open the page and click Edit.
2. Remove private from the Keywords field.
3. Click Save.

The page file is moved back to the standard pages area and immediately becomes visible to all users who have access to the platform.

Note: attachments uploaded while the page was private are not automatically moved. See Private Attachments above.

Limitations

Required pages cannot be private

Pages in the documentation, system, and other built-in categories (stored in required-pages/) are committed to the project and are always publicly visible on the platform. Attempting to add the private keyword to a required page returns an error:

Required pages cannot be marked as private.

Sharing with specific users

The current implementation is all-or-nothing: a private page is visible only to its creator and admins. There is no mechanism to share a private page with a specific non-admin user. If you need to share content with a subset of users, consider using role-based access, or publish the page and rely on standard authentication.

Files on disk are not encrypted

The private keyword enforces access control through the application — unauthorised users cannot read the page via GeoHazardWatch. However, the files on disk are stored as plain text. Anyone with direct filesystem access to the server can read private page files. Do not store credentials, secrets, or content that must be protected from server administrators.

Encryption at rest is planned as a future enhancement.

Version history is also private

Each saved version of a private page is stored in versions/private/{uuid}/ and is subject to the same access rules. Version history is not visible to unauthorised users.

Access Denied Behaviour

When a user who is not the creator or an admin tries to reach a private page, GeoHazardWatch returns HTTP 403 Access Denied. This applies to:

The response message is "You do not have permission to view this page." — the page is known to exist (403), but its content is withheld. This is intentional: it allows the creator to confirm the access control is working without hiding the page's existence from themselves.

Tips and Best Practices

• Use private pages for drafts. Write and revise content privately, then remove the private keyword when you are ready to publish.
• Attachments stay private. If you plan to make a page public, remember to delete and re-upload any attachments so they move to the public area.
• Naming. Private page names follow the same rules as regular page names. Only the creator and admins can see them, so choose names that are meaningful to you.
• Admin review. Administrators can always read and edit private pages. This ensures nothing is permanently hidden from site management.
• Not for secrets. Private pages are hidden from other users, but not encrypted on disk. Do not store passwords, API keys, or other sensitive credentials.