10 Sep
2015
10 Sep
'15
1:17 p.m.
On Thu, Sep 10, 2015 at 3:50 AM, Alex Henrie <alexhenrie24(a)gmail.com> wrote:
2015-09-05 3:17 GMT-06:00 vincent(a)massol.net
<vincent(a)massol.net>et>:
The simplest thing you could do is to add a skin extension [1] that hides
the unwanted edit modes, either through CSS or through JavaScript. The
second option would be to customize the skin [2] and hide the options
directly from the skin (server side, in the .vm files).
This will still allow some users to directly use a hand-crafter URL (i.e.
by bypassing the UI) to access the other edit modes, but those would be
isolated cases and should not be an issue.
Thanks,
Eduard
----------
[1] http://platform.xwiki.org/xwiki/bin/view/DevGuide/SkinExtensionsTutorial
[2] http://platform.xwiki.org/xwiki/bin/view/DevGuide/Skins
ok, I understand what you mean now: you’d like
the ability to lock down
existing applications, i.e. prevent users of them from
making structural
changes to them.
That’s a valid use case and we support it :)
Basically there are 2 use cases:
* Letting users make changes to applications because this allows
multiple users to
develop collaboratively apps using XWiki. The idea is
that of refactoring and an app is never ever finished and can always be
improved.
* However you may only want some experienced
users or devs to do that
and not anyone.
What happens is that the app has 2 types of wiki pages (aka documents):
* Technical pages that make the app
* Data pages which are created by the user when he/she uses the app
So what we do is that when we develop apps we usually create 2 spaces,
one for the
technical pages and one for the data pages. In this manner we
can set permissions very easily on the space containing the technical pages
so that only some authorized group or users have edit rights on them.
Maybe in your case all that is required is to ask the phenotips
developers to not
allow all users to have edit rights by default on the
technical pages of this app (and restrict them to admins by default for
example)?
PhenoTips already prevents ordinary users from editing technical
pages, period. What I really want is to go a step further and only
allow the inline form editor (editor=inline) to be used to edit data
pages. I do not want users to be able to add classes, objects, or
wikitext to pages (editor=class, editor=object, editor=wiki) outside
of what the editor written specifically for PhenoTips would allow.
Again, this feature is not a dealbreaker, but it could avoid abuse of
the system.
-Alex
_______________________________________________
users mailing list
users(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/users