19 Dec
2008
19 Dec
'08
2:50 p.m.
Yishay Mor wrote:
The problem is not that the user profile is not readable, but that the
sheet that displays the profile is protected. This is a false
protection, as the user profile is readable, it simply isn't displayed.
What you can get in your XML respects the access rights.
The problem started when I renamed a property to ".unused". I thought I
could then add something like:
#if (!"$propertyName.startsWith("."))
to hide unused properties.
I think what happened is this:
The class definition is stored (or processed) in XML, and having a property
name starting with '.' confuses the parser.
Yes, that is the problem. And any action you want to perform requires
that the document is first loaded, which fails. The only way around this
is a direct database change (which I just did, now the class displays
fine). I created http://jira.xwiki.org/jira/browse/XWIKI-3026 to
remember this issue, and it will need to be solved some time later.
--
Sergiu Dumitriu
http://purl.org/net/sergiu/
the first
problem is that is seems like this API can deliver protected
data
It's already blocked by the permission system and for password fields you
shouldn't be able to see the value.
That's what I thought. But have a look at:
http://patternlanguagenetwork.myxwiki.org/xwiki/bin/view/XWiki/YishayMor
vs.
http://patternlanguagenetwork.myxwiki.org/xwiki/bin/view/api/genericXML?xpa…
Here is the corrupted class:
http://patternlanguagenetwork.myxwiki.org/xwiki/bin/view/Cases/CaseClass
I've
never seen that :) Something is indeed deeply broken since the
rendering is failing to display but I don't know why.