13 Sep
2011
13 Sep
'11
7:03 p.m.
Thanks!
I thought I had tried that before, but I must have mixed that test with other things
before. Now it worked indeed in a small hello world test I just did. I'll have to see
if I also manage to get it working in templates and on automatically generated documents.
But you've surely sent me in the right direction!
Cheers,
Olaf
________________________________
Von: Edo Beutler <ebeutler(a)synventis.com>
An: O Voss <richyfourtythree(a)yahoo.com>om>; XWiki Users <users(a)xwiki.org>
Gesendet: 14:01 Montag, 12.September 2011
Betreff: Re: [xwiki-users] polls and rights
Hi,
Unfortunately I never used the polls application, so I don't know what
it does / how it works. However I hope I can point you in the right
direction.
If a document is editable by XWikiGuest (anyone) .... anyone can
change it, so yes, manipulation would be possible. I think what you
are looking for are 'programming' rights. The script saving the vote
needs to be saved from a user with programming rights. The document to
which you attach the poll votes can than be saved using the method
saveWithProgrammingRights() on the Document API. This allows you to
let XWikiGuest users attach objects to a document they are not allowed
to edit.
Hope this helps
Edo
On Sat, Sep 10, 2011 at 12:55 PM, O Voss <richyfourtythree(a)yahoo.com> wrote:
Hi,
I'm planning to do the following:
Each document based on a certain template autmatically gets it's own standard poll.
(No customisation.) Each user visiting the page can vote.
Having looked at the polls application and played around with templates a bit, I think I
know all the ingredients I will need.
I have one problem though: Anyone who votes needs write permissions on the document that
saves the votes (whereever that may be). If I'm not mistaken that means anyone who can
vote theoretically can manipulate voting data by accessing these objects directly.
Is there any way to secure this against manipulation
a) from users who can vote?
b) from the user who created the page?
Probably that question is equivalent to: Is there a way to let users save changes on an
object only via a script while hindering that very same user from editing it directly?
Any hints are greatly appreciated!
_______________________________________________
users mailing list
users(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/users