----- Original Message -----
Sent: Tuesday, January 02, 2007 5:06
AM
Subject: RE: [xwiki-users] User and the
XWiki.XWikiUsers Object
#3 is happening as the user list uses a standard object
to maintain the user (in essence it's actually just an enhanced class
object).
Odd thing is that even a registered user should not have
edit object under the menu (mine didn't under 0.9.840, but then I used a
customized gui for mine).
Most times, you don't want users ever modifying the
objects directly as this can affect your classes horribly (as it does for
users).
Here is a band-aid fix that you can implement quickly
without much tinkering.
If this is slipping through, you can
prevent it yourself:
NOTE: EDITING FILES AND STYLES ON XWIKI CAN RENDER
YOUR XWIKI INOPERABLE, AND IS DONE AT YOUR OWN RISK.
1) Edit your skin. If you're not
using a custom skin, you can find it under
(../edit/XWiki/MySkin?xpage=editobject will take you directly to the place you
need).
2) What you're looking for is a "View
Header" entry. If you don't have this on your skin, then you need to
modify the file "webapps\xwiki\templates\viewheader.vm" on your
webserver. Place the content into an external editor, eg Notepad or
Eclipse. I usually neaten up the code a bit so that I can see what's
going on, it doesn't cause any damage if you take a little
care.
3) Find the following line:
"xpage=editobject" - without the quotes.
The line should read
something like #xwikiitem($doc.getURL("edit", "xpage=editobject")
"editobject")
4) The simple way is to make a change so
it looks something like this instead:
#if($xwiki.hasAdminRights())
#xwikiitem($doc.getURL("edit", "xpage=editobject")
"editobject")
#end
The change above is not the only
way to do this, but it will ensure though that only Admin users
should see that menu entry; while not breaking it's accessability should
you want to allow it through other means (eg through a link in a
document).
This can be tested quickly by
registering a new dummy user to see whether they can see this option in the
menu.
Hey there, new to all of this wiki stuff and I
love this emerging technology.
Well, to the point. I was experimenting
around on my own site and playing around with the user objects.
I do not think it is wise to allow newly
registered users to edit thier objects,
I registered a test user.
Went to his User Page,
edited the objects
and removed the XWiki.XWikiUser
object.
To me this had an interesting effect.
1) The user only would get challenged for a
e-mail address confirmation.
2) The user could not do anything (At least not
that i found yet) Yipee good security
3) The user did not show up on the
administrator's user list.
Although the first 2 are great, #3 to me is
a problem, unless there is another way of discovering this user?
Well, when I added the XWikiUsers object back all
of the user information was back (Though shouldn't it be purged when the class
is removed?)
Basically I am concerned with people creating
accounts, removing this Object and not comming back to my website because they
screwed up their account and I will only know if they take the time to e-mail
me.
--
You receive this message as a subscriber of the
xwiki-users@objectweb.org mailing list.
To unsubscribe:
mailto:xwiki-users-unsubscribe@objectweb.org
For general help:
mailto:sympa@objectweb.org?subject=help
ObjectWeb mailing lists service
home page: http://www.objectweb.org/wws