9 Dec
2010
9 Dec
'10
3:30 p.m.
On 12/09/2010 02:28 AM, Paul Harris wrote:
On 9 December 2010 09:21, Paul
Harris<harris.pc(a)gmail.com> wrote:
Switching on some rights automatically has the effect of switching off
the default rights, which means if a right is not explicitly granted, it
is considered forbidden. Not very intuitive, I know.
Hi again,
I wanted to protect my "Website Admin" from any non-admins,
So I edited the Rights to that space, and clicked the 'View' button on
'XWikiAllGroup' until it was a red cross.
Then I checked in the other webbrowser (logged in as a regular user), and
sure enough, I couldn't view the page.
However, I then went to this address:
http://domain.com/xwiki/edit/Website+Admin/
and the regular user was able to edit the page! which also includes a
'Preview' button, which shows them a View!
not good.
After I removed ALL the rights to the AllUsers group, I noticed that
unregistered users are able to view the space.
What happens when I add more groups to the wiki, will those users be able to
view the space? Or will they be covered by AllUsers?
I don't find this intuitive... I haven't thought this through, but I
would've preferred to be able to switch OFF all rights, and then switch on
the rights to the users/groups I want to edit. At the moment there are a
few places where you could accidentally leave access open to spaces that
should not be open.
--
Sergiu Dumitriu
http://purl.org/net/sergiu/