Hi Andreas, The XWiki access right system is simple and complex at the same time !! There are reasons for the different available options.. Now there are some 'incompatibilities' between features.. The way things are evaluated are: User 'X' comes with action 'A' on Space 'S' and page 'P' 1/ Is there an 'Always authenticated' on the action (view or edit). If so guest (non authenticated) are thrown out -> rule number 1 makes the login page not show the skin in the case of the skin being stored in the wiki (and not in the file system which is the other option) -> everything this rule does can be done with the following right settings. This rule is more here as a matter of security if you want to make sure your own users or space admins will never be able to open any page for non authenticated users. Now this is incompatible with having a skin stored in the wiki 2/ Check if user has admin rights on the whole Wiki. If so OK 3/ Check if user has admin rights on the space 'S'. If so OK 4/ Check if user has allow rights at the page level (If so OK) 4b/ If somebody has these rights then NOT OK 4c/ If no right, check if user has deny right (If so NOT OK) 5/ If no right at the previous level, check rights at the space level (If so OK) 5b/ If somebody has these rights, NOT OK 5c/ If no right, check if user has deny right at the space level (If so NOT OK) 6/ If no right at the previous level, check rights at the xwiki level (If so OK) 6b/ If somebody has these rights, NOT OK 6c/ If no right, check if user has deny right at the XWiki level (If so NOT OK) 7/ If no right at all, then it's OK Ludovic Andreas Haumer wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hi Ludovic,
Ludovic Dubost schrieb:
This is kind of a feature..
When the skin is wiki-based (as opposed to the 'default' skin stored in the file-system), you can't neither 'always authentication on view', neither forbid viewing of the skin page..
Either fallback to the default skin (in the preferences), or deactivate 'always authentication on view' and give view rights to all users to the skin page
I have to admit that I still don't really understand the details of access rights concepts in XWiki. There are many places where one can configure some parts of wiki access rights and as a whole it's a little bit confusing to me ... :-(
I wanted to create a Wiki which can only be used by authenticated users. That's why I had the setting of "Always authenticate on viewing" of the "Parameters" section of XWiki.XWikiPreferences to "yes"
I now changed that to "No" and noticed that users still have to authenticate before they can view any content of the wiki. Also, the CSS problem on the login page is still there. Perhaps users do not have the necessary view rights? But I have given the XWiki.XWikiAllGroup "view" rights on the XWiki.XWikiGlobalRights level...
What does the "Always authenticate on viewing" parameter do, anyway?
I also tried to change the skin configuration, but I haven't really figured how I should do this. First, I had the skin "XWiki.MySkin" configured (XWiki preferences, section "Skin", attribute "Skin"). Lacking a better idea, I changed that to the value "default" (is that the right value? There is no list or drop-down menu where one can choose the right value).
With the skin setting of "default" it _looks_ like the CSS problem is gone, though I'm not really sure as sometimes old cookie settings and cached pages in the browser invalidate my test results. I need firther testing I guess...
A lot of questions, some more grey hairs... ;-)
- - andreas
- -- Andreas Haumer | mailto:[email protected] *x Software + Systeme | http://www.xss.co.at/ Karmarschgasse 51/2/20 | Tel: +43-1-6060114-0 A-1100 Vienna, Austria | Fax: +43-1-6060114-71 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFDX8wUxJmyeGcXPhERAp3wAJ9/7AQY+bAX7akhapK9M6GOlhJy1wCguQpD Fp+TFyS/FD02wn4Yt6DpCl8= =O343 -----END PGP SIGNATURE-----
------------------------------------------------------------------------
-- You receive this message as a subscriber of the [email protected] mailing list. To unsubscribe: mailto:[email protected] For general help: mailto:[email protected]?subject=help ObjectWeb mailing lists service home page: http://www.objectweb.org/wws
-- Ludovic Dubost XPertNet: http://www.xpertnet.fr/ Blog: http://www.ludovic.org/blog/ XWiki: http://www.xwiki.com Skype: ldubost AIM: nvludo Yahoo: ludovic