8 Sep
2014
8 Sep
'14
8:06 p.m.
Update:
It is written here:
http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Access+Rights
"Note on permission inheritance
When a permission is explicitly set for a given group or user at a certain
scope (page, space or wiki) then other groups and users must also have the
right explicitly set as well, at this scope or a scope upstream.
For example, when you decide to explicitly allow the view right for
"GroupA" on a given space, users that are not members of "GroupA" must
have
the view right explicitly set either on the given space or on the whole
wiki to be able to view the space as well."
2014-09-08 14:53 GMT-03:00 Leonardo Kodato <leonardokodato(a)gmail.com>om>:
Hi Sergiu and Jean. Thank you for the reply.
Indeed that is a non-intuitive fact that solved my question. I just need
to allow IT dept and all the other groups will be denied. Is it writen
somewhere in Xwiki's Wiki?If not, I will insert that info here:
http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Access+Rights
One last question:
I'm developing an app that set rights automatically when
creating(display=inline) or editing(display=edit) a page.
e.g.: A userX submits a form that must be visible only to a specific
department he chooses(IT e.g.). So I must get the deptartment property from
object1.
The problem is that object1 and even the page are not created yet, so
.getObject won't work.
So, how can I get the departament field before the user sents the
request(Save the page)?
Thank you.
2014-09-08 13:31 GMT-03:00 Sergiu Dumitriu <sergiu(a)xwiki.org>rg>:
On 09/08/2014 12:15 PM, Leonardo Kodato wrote:
Hi
Users.
Let's assume that I have two groups, XWikiAllGroup and IT Department,
and I
want to deny AllGroup's access to a specific
page and allow the IT to
view
it.
The problem is that UserX is member of both of them. When I deny
XWikiAllGroup's permission, UserX is unable to view the page, when it
should be, as he is member of IT Department(allowed to view it).
How can I solve this without denying all other groups except
XwikiAllGroup?
Deny rights are always stronger than allow rights.
One non-intuitive fact about rights is that setting a right for an
entity implicitly denies that right for everybody else. So it's enough
to allow grant rights to ITDepartment, everybody else will be denied
that right.
--
Sergiu Dumitriu
http://purl.org/net/sergiu
_______________________________________________
users mailing list
users(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/users