Re: [xwiki-devs] [Proposal] Members of subwiki migration

Hi Guillaume, I am definitely -1 to systematically replace XWikiAllGroup by XWikiMemberGroup in any subwiki: 1) because I do not see the meaning of XWikiMemberGroup in the myxwiki.orguse case. 2) because XWikiAllGroup is an habits for many existing user 3) because existing application/extension/scripts may attribute rights to XWikiAllGroup 4) because this could cause confusion if some right are attributed to XWikiAllGroup and others to XWikiMemberGroup, by a mixup of old and new habits. Since we definitely want to use implicit XWikiAllGroup, I do understand that you need a solution for workspace that may be joined by global users. The below proposal should allow you to do so without migrating existing installation. It apply only to subwikis. After thinking about the different possibilities, my best bet to a smooth migration is to keep XWikiAllGroup for its previous meaning: "All authenticated users having access to this wiki" (unless implicit, which restrict it currently to "All Local Users"). Keeping the meaning and potential usage of the group is the key IMO. To support selected global users to enter the implicit XWikiAllGroup, I simply suggest to add implicitly a group as a member of XWikiAllGroup. It could be called XWikiGlobalMemberGroup to be more explicit, and always be a member of the implicit XWikiAllGroup when xwiki.authentication.group.allgroupimplicit=2. Then: A) when xwiki.authentication.group.allgroupimplicit=0, and XWikiAllGroup (not implicit) does not have a member XWikiGlobalMemberGroup. Do not do any migration, and keep the current join behavior, using exclusively XWikiAllGroup for both local and global users. B) when xwiki.authentication.group.allgroupimplicit=1, keep the existing behavior, obviously prevent any global user to join, do not provide global user scope in wiki creation, and warn on the wiki setting if the user scope is incompatible with the current implicit setting. C) when xwiki.authentication.group.allgroupimplicit=2, check at startup that a XWikiGlobalMemberGroup exists, else create it and migrate any global users in XWikiAllGroup to XWikiGlobalMemberGroup. D) when xwiki.authentication.group.allgroupimplicit=2, or when xwiki.authentication.group.allgroupimplicit=0 and XWikiAllGroup contains XWikiGlobalMemberGroup, use the new behavior, allowing creation of all user scopes, removing any warnings, joining global users to the XWikiGlobalMemberGroup (and local users to the XWikiAllGroups if not implicit). The net benefit of the above proposal is to keep actual habits and existing use cases untouched. Moreover, the security is ensured to be kept as it is with no risk of side effect, which is priority. WDTH ? Obviously, my +1 for the above proposal. Thanks, On Tue, Jan 21, 2014 at 6:50 PM, Guillaume "Louis-Marie" Delhumeau < gdelhumeau(a)xwiki.com&gt; wrote: > 2014/1/21 Guillaume "Louis-Marie" Delhumeau &lt;gdelhumeau(a)xwiki.com&gt; > >> Just to add some precisions: >> >> = What the migrator do = >> 1. Create a group XWikiMemberGroup, with XWikiAllGroup as the first > member. >> 2. All global users of XWikiAllGroup are put inside XWikiMemberGroup and >> removed from XWikiAllGroup. >> 3. All rights concerning XWikiAllGroup are changed (ex: "view for >> XWikiAllGroup" -> "view for XWikiMemberGroup"). It does not break > anything >> since XWikiAllGroup is a member of XWikiMemberGroup. >> 4. All candidacies (ie: join requests, etc...) are moved form >> XWikiAllGroup to XWikiMemberGroup, to be consistent. >> > > Of course, this migration is only done on subwikis. > > >> >> >> >> >> 2014/1/21 Guillaume "Louis-Marie" Delhumeau &lt;gdelhumeau(a)xwiki.com&gt; >> >>> Sergiu: >>> Exactly, I don't have to have all global users in the this group. Only >>> those who are considered as "members" (ie: they have joined the wiki). >>> >>> >>> 2014/1/21 Sergiu Dumitriu &lt;sergiu(a)xwiki.com&gt; >>> >>>> Why not make virtual XWikiAllGroup also contain global users? >>>> >>>> We can make: >>>> >>>> xwiki.authentication.group.allgroupimplicit=0 -> no >>>> xwiki.authentication.group.allgroupimplicit=1 -> yes, all local users >>>> xwiki.authentication.group.allgroupimplicit=2 -> yes, local and global >>>> >>>> Or do you want to have only some global users, not all of them? >>>> >>>> On 01/21/2014 11:31 AM, Guillaume "Louis-Marie" Delhumeau wrote: >>>>> Hi developers! >>>>> >>>>> In Workspaces, we used to add global users in the XWikiAllGroup page >>>> of a >>>>> subwiki to indicate that they are members of that wiki. >>>>> >>>>> Now, we have an option called "user scope", and we can have both >>>> global & >>>>> local users in a subwiki. That means we have global & local users in >>>>> XWikiAllGroup. >>>>> >>>>> Then, it is a problem because it can not work when XWikiAllGroup is a >>>>> virtual group [1]. >>>>> >>>>> Then, I have proposed to create a new group, called XWikiMemberGroup, >>>> that >>>>> hold the members of the subwiki. (Note: XWikiAllGroup will be a > member >>>> of >>>>> XWikiMemberGroup, in order to say "a local user is a member"). >>>>> >>>>> So, I have written a migration (again!) [2], to create the new group >>>> with >>>>> the current content of XWikiAllGroup. In this migration, I also >>>> changes all >>>>> existing rights that occur on XWikiAllGroup to make them effective > for >>>>> XWikiMemberGroup. I did not want to duplicate these rights by just >>>> adding >>>>> the sames for XWikiMemberGroup. I think it is easier for the user to >>>> only >>>>> take care of the XWikiMemberGroup. But it looks a bit "magical", and >>>> some >>>>> people don't like it. >>>>> >>>>> I would like to have your opinion. >>>>> >>>>> +1 for adding XWikiMemberGroup and to "migrate" rights (replace all >>>> rights >>>>> given to XWikiAllGroup by rights given to XWikiMemberGroup). >>>>> >>>>> Thanks, >>>>> Louis-Marie >>>>> >>>>> >>>>> [1] http://jira.xwiki.org/browse/XWIKI-9886 - Enabling virtual >>>>> XWikiAllGroup breaks wiki membership >>>>> [2] >>>> https://github.com/xwiki/xwiki-platform/compare/feature-wiki-members - >>>>> Git branch for this proposal