23 Nov
2010
23 Nov
'10
4:33 p.m.
On 11/23/2010 09:10 AM, Piotr Dziubecki wrote:
Hi,
I have a couple of questions regarding the Invitation application ( space ).
1. Is there a possibility to clear the invitation list ? I know there is a 'Rescind
Invitation' button, but
i.e. I cannot remove invitation with status 'Declined' ( This action cannot be
carried out because all of
the messages selected are of the wrong status. ) even if I have Admin rights.
If you are an administrator, you can delete records of messages from the
Invitation.InvitationMessages document where they are stored as objects. To clear all of
the
records, you can rename or delete the entire document. Obviously there are security
implications to
allowing a user to send mail from your server and then cover his tracks by deleting the
records.
2. User who sent the invitation to another potential user asked me whether he could
somehow receive an
information about the new user account details ( his login at least ). Typically we want
to invite someone
to give him an access to edit some documents and such information would help with grating
him access rights.
Is there a possibility to get to such info ?
This is not currently implemented but it sounds to me like a very good idea. Since the
Invitation
code exists at the application level, you can make the change now in
Invitation.InvitationGuestActions
Search for this text:
#setMessageStatus($message, 'accepted')
and replace with this:
#setMessageStatus($message, 'accepted', "Invitation accepted and registered
as
[[$request.getParameter('xwikiname')]]")
(That is off the top of my head, it may require some tinkering to make it work.)
3. This is more a feature request, but maybe it's already implemented. Is it possible
to specify a group to
which user will be subscribed when he accept the invitation from us ? That could ease the
process of
configuring user account a lot :)
This is not easy to implement right now. You could add a hook in the same place as where
the message
is updated but the invitation application would need to run with programming rights and it
would be
inviting security vulnerabilities.
This will become a very easy task if we switch from granting permissions based on having
one's name
listed on a "permitted list" to granting permissions based on one holding a
cryptographically signed
"hall pass".
Caleb
Thanks in advance,
Piotr
_______________________________________________
users mailing list
users(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/users