#3 is happening as the user list uses a standard object to
maintain the user (in essence it's actually just an enhanced class
object).
Odd thing is that even a registered user should not have
edit object under the menu (mine didn't under 0.9.840, but then I used a
customized gui for mine).
Most times, you don't want users ever modifying the objects
directly as this can affect your classes horribly (as it does for
users).
Here is a band-aid fix that you can implement quickly
without much tinkering.
If this is slipping through, you can prevent it
yourself:
NOTE: EDITING FILES AND STYLES ON XWIKI CAN RENDER
YOUR XWIKI INOPERABLE, AND IS DONE AT YOUR OWN RISK.
1) Edit your skin. If you're not using a custom
skin, you can find it under (../edit/XWiki/MySkin?xpage=editobject will take you
directly to the place you need).
2) What you're looking for is a "View
Header" entry. If you don't have this on your skin, then you need to
modify the file "webapps\xwiki\templates\viewheader.vm" on your webserver.
Place the content into an external editor, eg Notepad or Eclipse. I
usually neaten up the code a bit so that I can see what's going on, it doesn't
cause any damage if you take a little care.
3) Find the following line:
"xpage=editobject" - without the quotes.
The line should read something
like #xwikiitem($doc.getURL("edit", "xpage=editobject")
"editobject")
4) The simple way is to make a change so
it looks something like this instead:
#if($xwiki.hasAdminRights())
#xwikiitem($doc.getURL("edit", "xpage=editobject")
"editobject")
#end
The change above is not the only way to do
this, but it will ensure though that only Admin users should see
that menu entry; while not breaking it's accessability should you want to
allow it through other means (eg through a link in a
document).
This can be tested quickly by registering a new
dummy user to see whether they can see this option in the
menu.
Hey there, new to all of this wiki stuff and I love
this emerging technology.
Well, to the point. I was experimenting
around on my own site and playing around with the user objects.
I do not think it is wise to allow newly registered
users to edit thier objects,
I registered a test user.
Went to his User Page,
edited the objects
and removed the XWiki.XWikiUser
object.
To me this had an interesting effect.
1) The user only would get challenged for a e-mail
address confirmation.
2) The user could not do anything (At least not
that i found yet) Yipee good security
3) The user did not show up on the administrator's
user list.
Although the first 2 are great, #3 to me is a
problem, unless there is another way of discovering this user?
Well, when I added the XWikiUsers object back all
of the user information was back (Though shouldn't it be purged when the class
is removed?)
Basically I am concerned with people creating
accounts, removing this Object and not comming back to my website because they
screwed up their account and I will only know if they take the time to e-mail
me.