xwiki-users

xwiki-users@xwiki.org

10406 discussions

by Laurence Caraccio

Hi guys, I'm new to using xwiki, my department has an existing wiki but it's a mess and theres no documentation so I was wondering if there's anyway to get a list of all the pages so I can see what's there. Any help would be appreciated cheers. Regards, Laurence Caraccio PTC software developer Phone: 01962 81 6137 | Mobile: 077 896 202 46 (Embedded image moved to file: E-mail: LAURCACI(a)uk.ibm.com pic03233.gif)IBM IBM United Kingdom Limited Registered in England and Wales with number 741598 Registered office: PO Box 41, North Harbour, Portsmouth, Hants. PO6 3AU

14 years, 1 month

Re: [xwiki-users] Access rights management bug?

by Haru Mamburu

Hi! So, this "feature" makes absolutely useless delete rights, for example, if each and every user with edit rights can easily skip Delete and Admin Prohibition. Actually edit right behaves like admin in the allowed space. As for me it looks a little bit wierd. All users by default are simple, but as you mentioned, nothing stops the intruder with edit rights if he knows magic of URLs. For me it looks logical, that if I PROHIBITED right to delete or Admin rights - it means prohibited, but not "don't pay attention'. For security it means VERY big black whole. And actually we don't have any instrument to track or stop it (besides watching pages). For semi-open projects, or even open, like Wikipedia it creates paradise for vandals, even if you open edit rights only for registered users. Once you can find couple of hundreds pages in Recycle bin even if nobody but Admin has ability to delete pages. :-) And actually rights management contradicts wit 6 user types concept http://dev.xwiki.org/xwiki/bin/view/Design/6TypesOfXWikiUsers So, my proposal is: discuss and implement more precise rights management system in the neares future. Let's make XWiki more safe :-) Thnks a lot for help, Dmitry 21 сентября 2011, 17:39 от Guillaume Lerouge <guillaume(a)xwiki.com>: > Hi Dmitry, > > unfortunately for your use case this is a feature of XWiki. When a user is > granted edit right on a page, he is allowed to edit any object attached to > that page (this is used through the "edit inline" mode as well, when editing > in inline mode the user is actually updating the values of object properties > in the page. > > One way to work around this is by making all users "simple users" by default > so that the menus do not display the advanced edit options. However, users > that know the right URLs will still be able to access the object edition > mode. > > In short: sorry but no, not "safe" the way you mean it :-( > > Guillaume > > On Sat, Sep 17, 2011 at 6:57 AM, Haru Mamburu <haru_mamburu(a)mail.ru> wrote: > > > > > Dear Users, > > > > XE 3.1. Playing with rights I found very unpleasant and IMO dangerous > > behaviour. > > > > Two Default groups: XWikiAllGroup and XWikiAdminGroup > > > > Admin gives rigths to XWikiAllGroup to view pages - no problem. > > Admin gives rigths to XWikiAllGroup to EDIT pages. From my point of view - > > EDIT means only page EDIT in edit/inline mode, > > but not: > > - managing page access rights > > - editing in editor object mode. > > > > I even tried to prohibit to XWikiAllGroup users Administration rights, > > nothing changed. As for my project - it is a disaster. > > I must separate four categories of users: > > 1. All users - have View access to definite spaces. > > 2. SOME registered users - have edit rights for spaces/pages (edit/inline), > > create rights. BUT NO Access rights management, NO object mode editing) > > 3. Admin Users with Admin rights on several spaces to delete/undelete pages > > AND access rights management. > > 4. XWiki Admin > > > > As I discovered, I can't get split second and third group. :-( > > > > It would be wise to avoid rights management and object editing mode > > availability to "smart" users, that can bring a mess into the system in > > couple of seconds. For example, "smart user" with edit rights will easily > > prohibit access to pages to whole XWikiAllGroup OR he even can grant VIEW > > rights ONLY to XWikiAdminGroup with the same results - page becomes > > inaccessible to non-admin users. I checked everything with a Test user in > > XWikiAllGroup. > > > > I don't know if it is a bug or a feature, but for me it's a disaster :-( > > > > Is there any way to make XWiki project safe? > > > > Best Regards > > > > Dmitry Bakbardin > > _______________________________________________ > > users mailing list > > users(a)xwiki.org > > http://lists.xwiki.org/mailman/listinfo/users > _______________________________________________ > users mailing list > users(a)xwiki.org > http://lists.xwiki.org/mailman/listinfo/users >

14 years, 1 month

[xwiki-users] scripting - attachment combined with object

by Scott Serr

[I'm hoping that scripting belongs here an not in the dev list] I'm trying to tie an attachment to an object. Say, I want to create several TrackingClass objects on a page. But one of the properties I'd like to be a PDF and link. (Or fake it to look like it) I know the properties of a class are primitives plus a few like DbList etc. The table would have these headings: Tracking Date | Description | PDF Link At the bottom of the page I'd have an Add object form: Tracking Date: Description: Attach PDF: [Add Button] This is like the "Creating a FAQ Application" example, but with an attached file in the same form submit. I'm wondering how one might solve this problem? Thanks, Scott

14 years, 1 month

[xwiki-users] MindMap Macro : ClassNotFoundException freemind.main.FreeMindApplet.class

by Julien Hervouet

Hi, As an adept of freemind I was very happy to see that a freemind macro exist for xwiki. Unfotunately I have a ClassNotFoundException when tha applet is invoked by the macro, it seems that the FreeMind java library can not be found by the downloaded applet. Here is the Stack Trace of the exception : /Java Plug-in 1.6.0_15 Utilisation de la version JRE 1.6.0_15-b03 Java HotSpot(TM) Client VM charger : classe freemind.main.FreeMindApplet.class introuvable. java.lang.ClassNotFoundException: freemind.main.FreeMindApplet.class at sun.plugin2.applet.Applet2ClassLoader.findClass(Unknown Source) at java.lang.ClassLoader.loadClass(Unknown Source) at java.lang.ClassLoader.loadClass(Unknown Source) at sun.plugin2.applet.Plugin2ClassLoader.loadCode(Unknown Source) at sun.plugin2.applet.Plugin2Manager.createApplet(Unknown Source) at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source) at java.lang.Thread.run(Unknown Source) Caused by: java.io.IOException: open HTTP connection failed:http://code.xwiki.org/xwiki/bin/view/Macros/freemind/main/FreeMindAp… at sun.plugin2.applet.Applet2ClassLoader.getBytes(Unknown Source) at sun.plugin2.applet.Applet2ClassLoader.access$000(Unknown Source) at sun.plugin2.applet.Applet2ClassLoader$1.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) ... 7 more Exception : java.lang.ClassNotFoundException: freemind.main.FreeMindApplet.class/ The exception occurs on my instance of xwiki and on the xwiki web site at this example address : http://code.xwiki.org/xwiki/bin/view/Macros/MindMapMacro My instance of xwiki is XWiki Enterprise 1.9.3.22597 on Windows XP SP3 and as you see in the stack trace I have the last 1.6.0_15 java plugin. Can you give me an advice to resolve this problem. Thanks in advance, Julien

14 years, 1 month

[xwiki-users] Access rights management bug?

by Haru Mamburu

Dear Users, XE 3.1. Playing with rights I found very unpleasant and IMO dangerous behaviour. Two Default groups: XWikiAllGroup and XWikiAdminGroup Admin gives rigths to XWikiAllGroup to view pages - no problem. Admin gives rigths to XWikiAllGroup to EDIT pages. From my point of view - EDIT means only page EDIT in edit/inline mode, but not: - managing page access rights - editing in editor object mode. I even tried to prohibit to XWikiAllGroup users Administration rights, nothing changed. As for my project - it is a disaster. I must separate four categories of users: 1. All users - have View access to definite spaces. 2. SOME registered users - have edit rights for spaces/pages (edit/inline), create rights. BUT NO Access rights management, NO object mode editing) 3. Admin Users with Admin rights on several spaces to delete/undelete pages AND access rights management. 4. XWiki Admin As I discovered, I can't get split second and third group. :-( It would be wise to avoid rights management and object editing mode availability to "smart" users, that can bring a mess into the system in couple of seconds. For example, "smart user" with edit rights will easily prohibit access to pages to whole XWikiAllGroup OR he even can grant VIEW rights ONLY to XWikiAdminGroup with the same results - page becomes inaccessible to non-admin users. I checked everything with a Test user in XWikiAllGroup. I don't know if it is a bug or a feature, but for me it's a disaster :-( Is there any way to make XWiki project safe? Best Regards Dmitry Bakbardin

14 years, 1 month

[xwiki-users] How to delete Deleted Attachments while FS is on?

by Haru Mamburu

Hi! XEM 3.1. I turned on filesystem storage, attached file, then deleted it. Due to http://jira.xwiki.org/browse/XWIKI-6918 and no acces via WebDAV yet (http://jira.xwiki.org/browse/XWIKI-6989) - there is no way to review deleted attachments in recycle bin and delete it. As far as I understand - manual delition via filesystem operations is wrong way to do this because of lost metadata. Is there any way to delete deleted attachments correctly until XWIKI-6918 would be fixed and XE would upgraded to fixed one? Kind regards Dmitry Bakbardin

14 years, 1 month

[xwiki-users] WebDav

by Gerritjan Koekkoek

On the xwiki.org there is a feature on XWiki presented; The WebDAV feature exposes wiki content (attachments, page content) through the well-known WebDAV protocol. This allows using WebDAV clients like DAVExplorer, file browsers like the Windows Explorer (XP), the Finder (MAC) or Nautilus (Linux) to directly browse and edit wiki content just as you would do for files in your local file system. Does this feature require configuration of the server. Do I understand that by dropping photo's in a folder I could add photo's the the XWiki photoalbum although the XWiki stores all the attachments in a mySql database? We have a server on version 2.7.1 Gerritjan

14 years, 1 month

[xwiki-users] Filesystem Storage and Pictures

by lists＠yhmail.de

Hello! after ?[xwiki-users] Attachment loss after restarting tomcat? I managed to configure the paths and now the attachments seem to be there permanently. However I do encounter a new strange behavior with pictures now. When I upload a PNG ? Image and embed it into the page it is there at first when I reload the page the image is gone and the page won?t stop loading. Any other attachment (e.g. a pdf) can be loaded. Any Ideas what might be wrong? Thanks again, Stephanie

14 years, 1 month

[xwiki-users] [Community] XWiki.org Redesign Planning and call for participation

by Ecaterina Moraru (Valica)

Hi all, Some time ago we discussed [1] a proposal http://incubator.myxwiki.org/xwiki/bin/view/Improvements/XWikiOrgProposal2 about changing the way our community website (www.xwiki.org) looks like (improved homepage, improved navigation, new logo [2], new skin, community wiki [3], etc.). Since then there have been some small collaborative efforts to make this new site come true and I want to thank for their help to Sergiu Dumitriu, Marta Girdea, Jean-Vincent Drean, Raluca Stavro, Vincent Massol, Silvia Rusu, Raluca Moisa, Stefan Orzu and all the people that gave feedback. In order to speed up the process we also created a development wiki http://newxwiki.xwiki.org/ where you can log in with your xwiki.org credentials and work on the improvements you want to make. After the work is finished it will be ported to xwiki.org. This way you can experiment the way your code looks like and behaves without interfering with the live site. Also me and Silvia created a planning for the development of the new site http://incubator.myxwiki.org/xwiki/bin/view/Improvements/XWikiOrgPlanning and we have split it into 4 stages. We are currently in Stage 1 of the development. Each entry has it own link with more information/mockups/code about the feature. Also features that have been started have also a JIRA issue attached to them. We would be very happy if the community could get involved in helping us making this happen. We still need work on deciding the content for some sections, we need better design proposals for some elements and we need lots of implementation work to make everything a reality. If you want to participate you should pick something from the planning and announce it on this thread so that we know what feature is taking care of. Thank you, Caty References: [1] [Proposal] XWiki.org horizontal navigation + home page http://markmail.org/thread/tfmrludhw2yh5tcn [2] [Proposal] XWiki.org Logo Challenge - Round 2 http://xwiki.markmail.org/thread/pkdd5kijpt2yqeph [3] [Proposal] XWiki.org Community Page http://markmail.org/thread/b3pctp2kepcprfaf

14 years, 1 month

[xwiki-users] AUTO: MaryEllen Coleman/Poughkeepsie/IBM is out of the office. (returning 09/20/2011)

by MaryEllen Coleman

I am out of the office until 09/20/2011. I need to attend to a personal issue; back on Tuesday, 9/20. Note: This is an automated response to your message "users Digest, Vol 50, Issue 22" sent on 9/18/2011 6:00:10. This is the only notification you will receive while this person is away.

14 years, 1 month

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

xwiki-users