пре 1 година · 67f3af875c
--- a/CHANGELOG.txt
+++ b/CHANGELOG.txt
@@ -4,7 +4,7 @@ Changelog
 
				 6.1 (xx.xx.xxxx) - IN DEVELOPMENT
			
 
				 ~~~~~~~~~~~~~~~~
			
 
				 
			
 
				- * ...
			
 
				+ * Refine wording of page & collection privacy using password is a shared password and should not be used for secure content (Rohit Sharma, Jake Howard)
			
 
				 
			
 
				 
			
 
				 6.0 (xx.xx.xxxx) - IN DEVELOPMENT
			
--- a/docs/advanced_topics/privacy.md
+++ b/docs/advanced_topics/privacy.md
@@ -4,9 +4,9 @@
 
				 
			
 
				 Users with publish permission on a page can set it to be private by clicking the 'Privacy' control in the top right corner of the page explorer or editing interface. This sets a restriction on who is allowed to view the page and its sub-pages. Several different kinds of restrictions are available:
			
 
				 
			
 
				--   **Accessible to logged-in users:** The user must log in to view the page. All user accounts are granted access, regardless of permission level.
			
 
				--   **Accessible with the following password:** The user must enter the given password to view the page. This is appropriate for situations where you want to share a page with a trusted group of people, but giving them individual user accounts would be overkill. The same password is shared between all users, and this works independently of any user accounts that exist on the site.
			
 
				--   **Accessible to users in specific groups:** The user must be logged in, and a member of one or more of the specified groups, to view the page.
			
 
				+-   **Accessible to any logged-in users:** The user must log in to view the page. All user accounts are granted access, regardless of permission level.
			
 
				+-   **Accessible with a shared password:** The user must enter the given shared password to view the page. This is appropriate for situations where you want to share a page with a trusted group of people, but giving them individual user accounts would be overkill. The same password is shared between all users, and this works independently of any user accounts that exist on the site.
			
 
				+-   **Accessible to users in specific groups:** The user must be logged in, and a member of one or more of the specified groups, in order to view the page.
			
 
				 
			
 
				 Similarly, documents can be made private by placing them in a collection with appropriate privacy settings (see: [](image_document_permissions)).
			
 
				 
			
--- a/wagtail/admin/tests/test_audit_log.py
+++ b/wagtail/admin/tests/test_audit_log.py
@@ -95,15 +95,15 @@ class TestAuditLogAdmin(WagtailTestUtils, TestCase):
 
				 
			
 
				         self.assertContains(
			
 
				             response,
			
 
				-            "Added the &#x27;Private, accessible to logged-in users&#x27; view restriction",
			
 
				+            "Added the &#x27;Private, accessible to any logged-in users&#x27; view restriction",
			
 
				         )
			
 
				         self.assertContains(
			
 
				             response,
			
 
				-            "Updated the view restriction to &#x27;Private, accessible with the following password&#x27;",
			
 
				+            "Updated the view restriction to &#x27;Private, accessible with a shared password&#x27;",
			
 
				         )
			
 
				         self.assertContains(
			
 
				             response,
			
 
				-            "Removed the &#x27;Private, accessible with the following password&#x27; view restriction",
			
 
				+            "Removed the &#x27;Private, accessible with a shared password&#x27; view restriction",
			
 
				         )
			
 
				 
			
 
				         self.assertContains(
			
--- a/wagtail/admin/tests/test_privacy.py
+++ b/wagtail/admin/tests/test_privacy.py
@@ -203,7 +203,7 @@ class TestSetPrivacyView(WagtailTestUtils, TestCase):
 
				         history_response = self.client.get(history_url)
			
 
				 
			
 
				         # Check that the expected log message is present
			
 
				-        expected_log_message = "Removed the &#x27;Private, accessible with the following password&#x27; view restriction. The page is public."
			
 
				+        expected_log_message = "Removed the &#x27;Private, accessible with a shared password&#x27; view restriction. The page is public."
			
 
				         self.assertContains(
			
 
				             history_response,
			
 
				             expected_log_message,
			
--- a/wagtail/models/view_restrictions.py
+++ b/wagtail/models/view_restrictions.py
@@ -19,13 +19,20 @@ class BaseViewRestriction(models.Model):
 
				 
			
 
				     RESTRICTION_CHOICES = (
			
 
				         (NONE, _("Public")),
			
 
				-        (LOGIN, _("Private, accessible to logged-in users")),
			
 
				-        (PASSWORD, _("Private, accessible with the following password")),
			
 
				+        (PASSWORD, _("Private, accessible with a shared password")),
			
 
				+        (LOGIN, _("Private, accessible to any logged-in users")),
			
 
				         (GROUPS, _("Private, accessible to users in specific groups")),
			
 
				     )
			
 
				 
			
 
				     restriction_type = models.CharField(max_length=20, choices=RESTRICTION_CHOICES)
			
 
				-    password = models.CharField(verbose_name=_("password"), max_length=255, blank=True)
			
 
				+    password = models.CharField(
			
 
				+        verbose_name=_("shared password"),
			
 
				+        max_length=255,
			
 
				+        blank=True,
			
 
				+        help_text=_(
			
 
				+            "Shared passwords should not be used to protect sensitive content. Anyone who has this password will be able to view the content."
			
 
				+        ),
			
 
				+    )
			
 
				     groups = models.ManyToManyField(Group, verbose_name=_("groups"), blank=True)
			
 
				 
			
 
				     def accept_request(self, request):