User guide for the Private Pages feature in GeoHazardWatch.
Private pages are pages that are visible only to their creator and to administrators. All other users — including other authenticated users — are denied access and receive an Access Denied response when they attempt to view, edit, or navigate to the page.
Private pages are stored in a separate location on disk (pages/private/{creator}/) and are excluded from search results for users who do not have permission to see them.
| Property | Value |
|---|---|
| Access | Creator + Admins only |
| Search visibility | Creator + Admins see results; others see nothing |
| Attachments | Also stored privately (see Private Attachments) |
| Required pages | Cannot be made private |
| Storage | pages/private/{creator}/{uuid}.md |
| Encryption | Files on disk are plaintext; privacy is enforced at the application layer |
A page becomes private when you add the private user keyword to it.
private.The page is stored in the private area immediately and is inaccessible to other users as soon as it is saved.
private to the list of keywords.The page file is moved to the private storage area on save. Its URL, UUID, and page name remain unchanged.
| User type | Can view? | Can edit? | Can delete? | Can view history? |
|---|---|---|---|---|
| The page creator | Yes | Yes | Yes | Yes |
| Administrators | Yes | Yes | Yes | Yes |
| Other authenticated users | No (403) | No (403) | No (403) | No (403) |
| Anonymous visitors | No (403) | No | No | No |
Private pages appear in search results only for their creator and for administrators. No title, excerpt, or metadata is revealed to other users in search results.
When the private keyword is removed and the page is saved, it immediately becomes searchable by all users.
Files uploaded to a private page are stored privately and subject to the same access rules as the page itself.
attachments/private/{creator}/ rather than the standard attachments folder.private keyword), existing attachments remain in the private storage area and continue to be access-controlled. To move an attachment to the public area, delete and re-upload it after the page has been made public.private from the Keywords field.The page file is moved back to the standard pages area and immediately becomes visible to all users who have access to the platform.
Note: attachments uploaded while the page was private are not automatically moved. See Private Attachments above.
Pages in the documentation, system, and other built-in categories (stored in required-pages/) are committed to the project and are always publicly visible on the platform. Attempting to add the private keyword to a required page returns an error:
Required pages cannot be marked as private.
The current implementation is all-or-nothing: a private page is visible only to its creator and admins. There is no mechanism to share a private page with a specific non-admin user. If you need to share content with a subset of users, consider using role-based access, or publish the page and rely on standard authentication.
The private keyword enforces access control through the application — unauthorised users cannot read the page via GeoHazardWatch. However, the files on disk are stored as plain text. Anyone with direct filesystem access to the server can read private page files. Do not store credentials, secrets, or content that must be protected from server administrators.
Encryption at rest is planned as a future enhancement.
Each saved version of a private page is stored in versions/private/{uuid}/ and is subject to the same access rules. Version history is not visible to unauthorised users.
When a user who is not the creator or an admin tries to reach a private page, GeoHazardWatch returns HTTP 403 Access Denied. This applies to:
| URL pattern | Action |
|---|---|
/view/{PageName} | View page |
/edit/{PageName} | Edit page |
/history/{PageName} | View page history |
/delete/{PageName} | Delete page |
/attachments/{id} | Download attachment |
The response message is "You do not have permission to view this page." — the page is known to exist (403), but its content is withheld. This is intentional: it allows the creator to confirm the access control is working without hiding the page's existence from themselves.
private keyword when you are ready to publish.