31 Aug
2012
31 Aug
'12
3:21 p.m.
just created http://jira.xwiki.org/browse/XWIKI-8168
Thank you for your prompt reply!
On Fri, Aug 31, 2012 at 1:22 PM, Thomas Mortagne
<thomas.mortagne(a)xwiki.com>wrote;wrote:
On Fri, Aug 31, 2012 at 12:34 PM, Gabriele Giammatteo
<gabriele.giammatteo(a)gmail.com> wrote:
Dear all,
I discovered an unexpected behaviour in my installation of "XWIKI
ENTERPRISE 4.2.2".
I have in space Main a set of "public" pages meaning that can be viewed
by
un-registerd users and a set of
"private" pages that needs to be
logged-in
to view them. I achieved such a configuration by
(starting from the
initial
configuration) denying View permission for
un-registered users at wiki
level (hence by default the wiki is private) and granting explicitly, for
each page I want to be public, the View permission for un-registered
users.
Now, I want to export the space Main in html format. Following the guide
at
[1], I'm using this URL:
http://<SERVER>/xwiki/bin/export/Main/<PAGE>?format=html&pages=Main.%25
If PAGE=MyPrivatePage (a private page) and I'm not logged-in, the browser
redirects me to the login page. Correct.
If PAGE=MyPublicPage (a public page) and I'm not logged-in the export
works. Then opening the zip archive returned, I found that it contains
also
private pages!
In the matter of facts, as un-registered user I did an export of the
entire
space starting from a page viewable by
unregistered users and I obtained
in
the zip ALL pages including pages that I cannot
normally view from the
browser!
For what I understood, xwiki checks access rights for PAGE, but if
allowed,
then the export includes all pages regardless
whether the user that is
requesting the export can view those pages or not.
Maybe I just set permissions in the wrong way. Can someone give me a hint
on this?
You just found a bug I think. From what I can see, the right of the
current user is not really taken into account in the code that do the
HTML export.
Would be nice if you could report it on http://jira.xwiki.org/browse/XWIKI
.
Thank you very much,
Gabriele
[1] http://platform.xwiki.org/xwiki/bin/view/Features/Exports
_______________________________________________
users mailing list
users(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/users
--
Thomas Mortagne
_______________________________________________
users mailing list
users(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/users