Unauthorized pages can be listed by other plugins

[nliautaud]

For now unauthorized pages are still accessible by other plugins, even if they are removed from $pages.
In Pico 0.x I think I was loading this plugin first to avoid this issue, by underscoring its name.

What would be the correct way to hide these pages from other plugins in Pico 1.x ? A way to modify $pages first ? Maybe @PhrozenByte or @smcdougall ?

Related to #9.

[PhrozenByte]

In Pico 0.x I think I was loading this plugin first to avoid this issue

Yes, execution order matters. You can add a numeric prefix to the PicoUsers directory, telling Pico to load it before any non-prefixed plugin (what should be the default). However, only plugins that really depend on being executed before certain other plugins should be prefixed. Plugins that manipulate the $pages array should be prefixed with a number between 40 and 59. It's not recommended to use the min/max values of the given range, so 45 is probably a good choice for what you're doing (i.e. 45-PicoUsers/).

Please refer to the class docs of Pico::loadPlugins() for more info:

    /**
     * Loads plugins from Pico::$pluginsDir in alphabetical order
     *
     * Plugin files MAY be prefixed by a number (e.g. 00-PicoDeprecated.php)
     * to indicate their processing order. Plugins without a prefix will be
     * loaded last. If you want to use a prefix, you MUST consider the
     * following directives:
     * - 00 to 19: Reserved
     * - 20 to 39: Low level code helper plugins
     * - 40 to 59: Plugins manipulating routing or the pages array
     * - 60 to 79: Plugins hooking into template or markdown parsing
     * - 80 to 99: Plugins using the `onPageRendered` event
     *
     * @see    Pico::getPlugin()
     * @see    Pico::getPlugins()
     * @return void
     * @throws RuntimeException thrown when a plugin couldn't be loaded
     */
    protected function loadPlugins()
    {
        // ...
    }

[nliautaud]

Thanks, I missed that. That's fixed !