3 May
2010
3 May
'10
10:27 a.m.
There is a list called $blacklistedSpaces it is set statically in xwikivars.vm
http://svn.xwiki.org/svnroot/xwiki/platform/web/trunk/standard/src/main/web…
Spaces on this list will not be shown in the table and I think the same is true
for the tree.
You could add a $xwiki.searchDocuments("where doc.name=?",
["WebHome"])
and test each of the names in the output list with
$xcontext.hasAccessLevel("view"...
To dynamically compile a list of spaces which should be blacklisted.
Keep in mind this will incur a performance penalty since this code is executed
per page load. You could also just add the space names which you wish to hide.
Also keep in mind that this is not a real security fix because a user is allowed
to list document names using $searchDocuments("where 1=1") but it will avoid
showing
the documents to users who are not concerned with them.
Caleb
Ben Stuggler wrote:
Hi,
I have a "security" problem in the document tree. People who doesn't have
access to a specific space shouldn't even see his name in the tree results.
I'm looking for the parameter which has to be modify to solve this problem
but unfortunetely, it's very hard to find it. Can somebody help me?
=> there is a condition to had a link in the space name to see documents
inside, I think it's here that I have to modify something but I can't find
this code...
Thanks
Regards
Ben