Hi Vincent, On 06/06/2009 11:38 AM, Vincent Massol wrote:
Hi everyone,
Current situation =============
Right now we have 2 mechanisms in place: - hidden docs. These is done deep at the storage level and hidden docs don't appear in any HQL queries. This is - $blacklistedSpaces in xwikivars.vm which is used (or not!, that's the problem) in some wiki pages (AllDocs, Search, Dashboard, etc)
Need ====
We have a need for blacklisted/hidden docs and spaces. This is different than rights. This is just for presentation purpose.
The need I see is: - guest and simple users should not see blacklisted/hidden docs and spaces - advanced users and admin should see them
(Note: I'm not sure we have a need to blacklist docs/spaces for everyone including admins as it's currently done for hidden docs)
No, we shouldn't. Advanced users / admins are writing applications in the wiki, with code in all sorts of places. They (most of the times) know what they're doing and we should give them the chance to be in full control. I can only describe as frustrating using WebSearch to find some velocity code I wrote but don't remember where and not getting it as a result search because it's in a blacklisted space or hidden doc. Let's put it like this: there are people that program in the wiki and people that don't. The people that program in the wiki are all equal, including the XE / platform devs, so there is no reason to add supplementary hiding of data. A bad thing which I see from this "hiding for everybody" is the fact that the whole data in the wiki is no longer accessible, for _anyone_ (not even programmers or admins), you'd need to _know_ some data is somewhere to be able to retrieve it, which is bad. Programming rights should be enough to be able to retrieve anything using fairly highlevel API (not doing queries to the db).
Issues =====
1) In lots of spaces we don't exclude blacklisted spaces since at every location you have to add specific code to do the exclude. 2) Hidden docs are a problem since there are cases we want to see them all (like when creating a new wiki and you need to copy a template wiki containing hidden docs)
Proposal =======
* I believe we need to remove the filtering at the storage level. That level should return all docs matching the queries
+1 Until the hidden value for docs, we had no restriction on the programming API wrt to the search results. I don't see any reason why this notion has to be implemented at that deep level, when the need is only presentational purposes.
* We modify the default XWiki.searchDocument APIs so that they filter on hidden docs and blacklisted spaces (using the velocity $blacklistedSpaces variable). This would be changed later on when we implement the new model and introduce the notion of space. When this happen we'll be able to have hidden metadata to the Space object.
You mean the one in the com.xpn.xwiki.api.XWiki ? if so, +1. I think the only need is for public API to filter out hidden docs and blacklisted spaces by default. Priviledged API should be the responsibility of the people that "know what they're doing" which I mentioned above. I don't think a velocity variable can do it though, there are multiple APIs that don't go through velocity and should exclude the blacklisted spaces too. Maybe a config param? (xwiki.cfg or the newer .properties)
* We add a new XWiki.searchDocument API that doesn't do any filtering
do we need it? in the light of those written above... Thanks for reading this long email and coping with my inability to resume ideas, Anca
WDYT?
Thanks -Vincent
_______________________________________________ devs mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/devs