10 Sep
2015
10 Sep
'15
2:50 a.m.
2015-09-05 3:17 GMT-06:00 vincent(a)massol.net <vincent(a)massol.net>et>:
ok, I understand what you mean now: you’d like the
ability to lock down existing applications, i.e. prevent users of them from making
structural changes to them.
That’s a valid use case and we support it :)
Basically there are 2 use cases:
* Letting users make changes to applications because this allows multiple users to
develop collaboratively apps using XWiki. The idea is that of refactoring and an app is
never ever finished and can always be improved.
* However you may only want some experienced users or devs to do that and not anyone.
What happens is that the app has 2 types of wiki pages (aka documents):
* Technical pages that make the app
* Data pages which are created by the user when he/she uses the app
So what we do is that when we develop apps we usually create 2 spaces, one for the
technical pages and one for the data pages. In this manner we can set permissions very
easily on the space containing the technical pages so that only some authorized group or
users have edit rights on them.
Maybe in your case all that is required is to ask the phenotips developers to not allow
all users to have edit rights by default on the technical pages of this app (and restrict
them to admins by default for example)?
PhenoTips already prevents ordinary users from editing technical
pages, period. What I really want is to go a step further and only
allow the inline form editor (editor=inline) to be used to edit data
pages. I do not want users to be able to add classes, objects, or
wikitext to pages (editor=class, editor=object, editor=wiki) outside
of what the editor written specifically for PhenoTips would allow.
Again, this feature is not a dealbreaker, but it could avoid abuse of
the system.
-Alex