Restrict the access of anonymous users
This plugins restricts the access of anonymous users to your GNU MediaGoblin instance. You can choose between denying the access - and allowing as needed some route paths - or allowing it by default - and denying some route paths.
Set up the private plugin
Install this Python package from PyPi.
$ pip install mediagoblin-private
Or if you’ve checked out this plugin, you should be able to build and install it in the same virtual environment than MediaGoblin. Let’s say it’s in the same parent directory, you can execute:
$ ../mediagoblin/bin/python setup.py build $ ../mediagoblin/bin/python setup.py install
Enable the mediagoblin-private plugin by adding the following line to the [plugins] section of your MediaGoblin configuration file.
Restart the MediaGoblin instance for the configuration file changes to be effective.
Configure the private plugin
You should first set deny_access value to define if the access must be denied - e.g. true, the default - or allowed - e.g. false - to anonymous users.
You can also define some route paths exceptions to reverse the restriction behaviour. It could be useful if you want to deny the access of your instance but keep some public pages, for example. You would also want to keep an open MediaGoblin instance but deny the access of anonymous users to some pages or media. Anyway, you can set the following to define your exceptions:
- path_exceptions: a list - e.g. comma-separated values - of strict route path for which the access will either be denied or allowed.
- path_regex_exceptions: a list of regular expression to match the route path to either deny or allow - see the Regular Expression HOWTO.
Note that each route of the auth controller will always be allowed.
As an example, the following deny the access of anonymous users to your MediaGoblin instance except for the homepage:
[[mediagoblin_private]] deny_access = true path_exceptions = '/',
Do not forget the trailing comma in case of a single route path!