As an administrator of an xwiki, I often find myself debugging permissions
problems. When this is done over a wide area (say, the person being in the
UK, and I'm on the west coast of the US), it is very problematic.
It would be really nice to see what permissions a particular user had on a
page, or to "become" the user in question and see it for myself.
Is such a function available, and if so - how can I use it?
-Adrian
Hi all,
The precise role of "programming rights" is not clear to me. I realise
it is used to prevent Groovy scripting (which can do all kinds of
mischief like System.exit() :) ), but it also blocks a number of API
functions. I can't quite see a pattern to the functions it blocks.
This is a problem for me, because I have sometimes suggested a
Velocity code snippet to a user but they could not execute it due to
lack of rights. There has always been a workaround, but as an admin, I
can't tell if I'm using functions which require the rights or not.
Also, I'm currently having a hard time with a plugin, of which the
main functionality executes fine when triggered from Velocity from a
doc saved with programming rights, but falls over in all kinds of ways
when I try to call it from a save notification implementation (in
which the context's rights depend on the user saving the doc, I
think).
Regards,
Robin.
Thanks to Ludovic, with change of servers, my XWikis are performing much better and more stable in the last few days! It is easier to attract more users.
Wei-hsing
I'm the XWiki bug man this week; got some time off from fighting fires.
Here's another:
I note that (at least) for pages with Javascript in their content,
XWikiDocument.getLinkedPages() returns entries that are not XWiki links
but subscript expressions from the Javascript code. This happens
regardless of whether there is a {pre} tag surrounding the Javascript in
the document.
I suspect it's because there's just a simple regular expression search
through the un-rendered content.
Brian M. Thomas - Senior Technical Architect
AT&T Services, Inc.
One SBC Center, Room 24D3
St. Louis, MO 63101
314 235 3141
The xwikidoc table in the database has a column, xwd_fullname, which is
not, as I suspected it to be, just an alias for xwd_web + '.' +
xwd_name, but an actual column. The code, however, seems to ignore this
field, at least when invoking the view command on it.
Does this field actually have a purpose? If so, what? If it's for
searching performance, could a database constraint be added to it so
that its value is always correct? I suppose that I'll have to admit
that the reason I've run into this is that I naively changed the field
on one document, not realizing that it wasn't just a handy composite
field. I don't remember all the details, but I do remember that a
document with the old name still appeared to exist even though there was
no row in the table with that value in the xwd_fullname column.
Brian M. Thomas - Senior Technical Architect
AT&T Services, Inc.
One SBC Center, Room 24D3
St. Louis, MO 63101
314 235 3141
As a member of an organization whose name has an ampersand in it, I am
pleased to say that I am discovering many of the ways that XML and HTML
can choke on it. This is because as a developer, I thoroughly enjoy
finding bugs (in other people's code).
However, I am spending more time than I want (greater than zero) using
my admin privileges to clean up after users who shouldn't have to worry
about what kind of text they enter into their documents - in particular,
they shouldn't have to know that every time they type the company name,
it has to be AT&T.
First the document headings in the RSS feeds caused readers to fail,
then the CSS validator refuses even to look at a document, and now the
Tomcat logfile is growing by dozens of megabytes per minute on a system
with ten or fewer active users. All because somebody innocently entered
"AT&T" somewhere in a document.
I have found several methods for transforming text, such as
$xwiki.getURLEncoded(String) and $doc.getEscapedContent() (which
apparently hides the entire content of a document from Velocity, but not
from Radeox). There is also the Javascript in some form documents that
makes sure that accented characters don't get into document names.
Nowhere, however, have I yet found a method that will generally escape
things in user-entered text that will break XML parsing.
Is there such a thing? I note several regular expressions in some of
the config files for Radeox, etc; there ought - somewhere - to be a
general method for doing this, n'est-ce pas?
Brian M. Thomas - Senior Technical Architect
AT&T Services, Inc.
One SBC Center, Room 24D3
St. Louis, MO 63101
314 235 3141
