[xwiki-users] Altering Access Rights from REST Api
Hello, I was able to create a wiki page through API. Now I wanted to restrict some of the access rights for certain users to that particular wikipage through REST Api. For example, How can we restrict a certain user from viewing a particular wiki page through REST Api? In XWiki, this could be achieved by logging in as an administrator -> Click on a wiki Page -> Click on the 'Access Rights' from 'Edit' dropdown menu -> and then checkmarking the rights to specific user or group. How can we achieve this from REST Api? Any help would be really appreciated. Thanks, Manish -- View this message in context: http://xwiki.475771.n2.nabble.com/Altering-Access-Rights-from-REST-Api-tp521... Sent from the XWiki- Users mailing list archive at Nabble.com.
Hi Manish, On 06/23/2010 12:13 AM, xManish wrote:
Hello, I was able to create a wiki page through API. Now I wanted to restrict some of the access rights for certain users to that particular wikipage through REST Api. For example, How can we restrict a certain user from viewing a particular wiki page through REST Api?
In XWiki, this could be achieved by logging in as an administrator -> Click on a wiki Page -> Click on the 'Access Rights' from 'Edit' dropdown menu -> and then checkmarking the rights to specific user or group.
How can we achieve this from REST Api?
I don't know much about the REST API, but if you edit with the object editor the page you just set access rights on you'll see that it has an object of class XWiki.XWikiRights attached. In other words, access rights are controlled with XWiki objects. So you just have to add/update/remove objects of class XWiki.XWikiRights to your page with the REST API. Hope this helps, Marius
Any help would be really appreciated.
Thanks, Manish
On 06/22/2010 11:46 PM, Marius Dumitru Florea wrote:
Hi Manish,
On 06/23/2010 12:13 AM, xManish wrote:
Hello, I was able to create a wiki page through API. Now I wanted to restrict some of the access rights for certain users to that particular wikipage through REST Api. For example, How can we restrict a certain user from viewing a particular wiki page through REST Api?
In XWiki, this could be achieved by logging in as an administrator -> Click on a wiki Page -> Click on the 'Access Rights' from 'Edit' dropdown menu -> and then checkmarking the rights to specific user or group.
How can we achieve this from REST Api?
I don't know much about the REST API, but if you edit with the object editor the page you just set access rights on you'll see that it has an object of class XWiki.XWikiRights attached. In other words, access rights are controlled with XWiki objects. So you just have to add/update/remove objects of class XWiki.XWikiRights to your page with the REST API.
Hope this helps, Marius
That's it. The REST api only provide resources for manipulating pages an objects. There are no resources for higher-level abstractions (excepts tags and comments) So as long as what you want to do is achievable by page and object manipulation (like the most of the XWiki functionalities) you are able to use the REST api to do it. Marius suggested the way to change the rights for a page and in a previous thread it was told how to create a new user. It's clear that having explicit resources for common use cases would simplify things. -Fabio
Fabio Mancinelli-4 wrote:
So as long as what you want to do is achievable by page and object manipulation (like the most of the XWiki functionalities) you are able to use the REST api to do it.
Hi Fabio, Thanks for replying to my thread. Coming to the creating user issue. Does that mean we can create a user by creating a page and have object of class XWikiUser, but won't be able to add the user details like personal information and contact information through REST Api? Or may be there is a way to do it?? Thanks, Manish -- View this message in context: http://xwiki.475771.n2.nabble.com/Altering-Access-Rights-from-REST-Api-tp521... Sent from the XWiki- Users mailing list archive at Nabble.com.
On 06/24/2010 01:10 AM, xManish wrote:
Fabio Mancinelli-4 wrote:
So as long as what you want to do is achievable by page and object manipulation (like the most of the XWiki functionalities) you are able to use the REST api to do it.
Hi Fabio, Thanks for replying to my thread. Coming to the creating user issue. Does that mean we can create a user by creating a page and have object of class XWikiUser, but won't be able to add the user details like personal information and contact information through REST Api?
All this personal information is stored in the XWiki.XWikiUsers object. Go to your profile page, edit with the object editor and expand the XWiki.XWikiUsers object. You'll see a lot of properties. I'm sure there is a way to set those properties using the REST Api. Hope this helps, Marius
Or may be there is a way to do it??
Thanks, Manish
Marius Dumitru Florea wrote:
All this personal information is stored in the XWiki.XWikiUsers object. Go to your profile page, edit with the object editor and expand the XWiki.XWikiUsers object. You'll see a lot of properties. I'm sure there is a way to set those properties using the REST Api.
Hope this helps, Marius
Hi Marius, Thanks for the reply. I checked it out and I can saw those properties. I too believe there is a way to set those properties. I went through the Restful API documentation at http://platform.xwiki.org/xwiki/bin/view/Features/XWikiRESTfulAPI and tried to set the property like below ..... PutMethod putMethod = new PutMethod("http://localhost:8080/xwiki/rest/wikis/xwiki/spaces/XWiki/pages/user01/objec..."); putMethod.addRequestHeader("Accept", MediaType.APPLICATION_XML.toString()); httpClient.executeMethod(putMethod); ...... Can somebody find anything wrong here? Am I missing some point? Thanks, Manish -- View this message in context: http://xwiki.475771.n2.nabble.com/Altering-Access-Rights-from-REST-Api-tp521... Sent from the XWiki- Users mailing list archive at Nabble.com.
On 06/24/2010 12:10 AM, xManish wrote:
Fabio Mancinelli-4 wrote:
So as long as what you want to do is achievable by page and object manipulation (like the most of the XWiki functionalities) you are able to use the REST api to do it.
Hi Fabio, Thanks for replying to my thread. Coming to the creating user issue. Does that mean we can create a user by creating a page and have object of class XWikiUser, but won't be able to add the user details like personal information and contact information through REST Api? Or may be there is a way to do it??
Thanks, Manish
Just to be clear I'll show you how to create a user using curl (http://curl.haxx.se), a handy command line tool for sending HTTP requests. Step1: Create a page that will represent the user. This page will be located in the XWiki space and its name will correspond to the username $ curl -v -u Admin:admin -X PUT -H "Content-type: text/plain" --data-ascii '{{include document="XWiki.XWikiUserSheet"/}}' http://localhost:8080/xwiki/rest/wikis/xwiki/spaces/XWiki/pages/Foo Quick explanation: * -u Admin:admin uses HTTP basic authentication in order to authenticate the request. It will be executed as Admin. * We send PUT request * The content type is text/plain. This is accepted by the http://localhost:8080/xwiki/rest/wikis/xwiki/spaces/XWiki/pages/Foo resource and the effect is that whatever is specified as the request payload (entity) will become the page content. You could have also used the application/xml content type, but in this case you should have sent an XML document that is compliant to the REST Api model schema for Page objects defined here: http://svn.xwiki.org/svnroot/xwiki/platform/core/trunk/xwiki-rest/src/main/r... Once this command is executed you will receive back the XML representation of the newly created page and if you point your browser to http://localhost:8080/xwiki/bin/view/XWiki/Foo you will see a user page that is incomplete; in fact the message says: "This stylesheet must be applied on a document containing a XWiki.XWikiUsers object." Step2: Create a XWiki.XWikiUsers object containing user information. $ curl -v -u Admin:admin -X POST -d "className=XWiki.XWikiUsers&property#first_name=Foo&property#last_name=Foo&property#password=foo" http://localhost:8080/xwiki/rest/wikis/xwiki/spaces/XWiki/pages/Foo/objects Quick explanation: * We create a new XWiki.XWikiUsers object attached to the previously created page. This time the content type will be "application/x-www-form-urlencoded" sent by default by curl. * The entity will contain several urlencoded fields that will be used to initialize the fields of the XWikiUsers object. In particular these fields are: ** className : Tells the REST Api that we want to create an object of a given class, in this clas XWiki.XWikiUsers ** property#first_name, property#last_name, property#password : These are used to define the values that will be set to the object's property. The property# prefix is not part of the property name but it is used to distinguish metadata about the object (like the classname) from the actual object's properties. To check the available properties for the XWiki.XWikiUsers class you can look at http://localhost:8080/xwiki/bin/view/XWiki/XWikiUsers. It is *here* that you specify all the data associated to your user: her name, last name, blog, password, etc. Once this command is executed you will receive back the XML representation of the newly created object and if you point your browser to http://localhost:8080/xwiki/bin/view/XWiki/Foo now you will see a complete user page with all the correct details. Step3: Add the newly created user to the XWikiAllGroup in order to make it correctly access the wiki. $ curl -v -u Admin:admin -X POST -d "className=XWiki.XWikiGroups&property#member=XWiki.Foo" http://localhost:8080/xwiki/rest/wikis/xwiki/spaces/XWiki/pages/XWikiAllGrou... This should be pretty clear now. You just add a XWiki.XWikiGroups object to the XWiki.XWikiAllGroups page and set the member field of this object the user id, in this case XWiki.Foo Now you should be able to login to the wiki using the new user (i.e., Foo, password foo). Actually there is another step to be done before Step3. In fact, if you login as Foo and you go to the Foo profile you will see that you won't be able to edit it. This is because you need to set the access rights to this page in order to make Foo able to edit it. I leave this as an exercise. (Hint: look to the XWiki.XWikiRights objects attached to a user created in the standard way) Hope this helps. -Fabio
On 06/24/2010 04:25 PM, xManish wrote:
Marius Dumitru Florea wrote:
All this personal information is stored in the XWiki.XWikiUsers object. Go to your profile page, edit with the object editor and expand the XWiki.XWikiUsers object. You'll see a lot of properties. I'm sure there is a way to set those properties using the REST Api.
Hope this helps, Marius
Hi Marius, Thanks for the reply. I checked it out and I can saw those properties. I too believe there is a way to set those properties. I went through the Restful API documentation at http://platform.xwiki.org/xwiki/bin/view/Features/XWikiRESTfulAPI and tried to set the property like below ..... PutMethod putMethod = new PutMethod("http://localhost:8080/xwiki/rest/wikis/xwiki/spaces/XWiki/pages/user01/objec..."); putMethod.addRequestHeader("Accept", MediaType.APPLICATION_XML.toString()); httpClient.executeMethod(putMethod); ...... Can somebody find anything wrong here? Am I missing some point?
First. The resource "http://localhost:8080/xwiki/rest/wikis/xwiki/spaces/XWiki/pages/user01/objec..." is not correct. Here it seems that you are using URIs as if they were variable names! The resource should be "http://localhost:8080/xwiki/rest/wikis/xwiki/spaces/XWiki/pages/user01/objec..." The value will be given through the PUT request body, that you didn't initialize in your code. Using curl, for example you would have done something like this: $ curl -v -u Admin:admin -X PUT -H "Content-type: text/plain" --data-ascii "Real User01 Name" http://localhost:8080/xwiki/rest/wikis/xwiki/spaces/XWiki/pages/user01/objec... To see how this is translated in Java you can hava a look at the functional tests for the REST Api. You can find them here: http://svn.xwiki.org/svnroot/xwiki/enterprise/trunk/distribution-test/rest-t... And in particular, for objects and properties you can have a look at: http://svn.xwiki.org/svnroot/xwiki/enterprise/trunk/distribution-test/rest-t... Hope it helps, Fabio
Fabio Mancinelli-4 wrote:
Using curl, for example you would have done something like this:
$ curl -v -u Admin:admin -X PUT -H "Content-type: text/plain" --data-ascii "Real User01 Name" http://localhost:8080/xwiki/rest/wikis/xwiki/spaces/XWiki/pages/user01/objec...
To see how this is translated in Java you can hava a look at the functional tests for the REST Api. You can find them here:
http://svn.xwiki.org/svnroot/xwiki/enterprise/trunk/distribution-test/rest-t...
And in particular, for objects and properties you can have a look at:
http://svn.xwiki.org/svnroot/xwiki/enterprise/trunk/distribution-test/rest-t...
Thanks Fabio. Thanks a bunch. Thankyou for guiding me to the java file. It cleared out all the doubts on my mind. I was able to do my pending tasks. :) -Manish -- View this message in context: http://xwiki.475771.n2.nabble.com/Altering-Access-Rights-from-REST-Api-tp521... Sent from the XWiki- Users mailing list archive at Nabble.com.
On 06/24/2010 05:21 PM, Fabio Mancinelli wrote:
On 06/24/2010 12:10 AM, xManish wrote:
Fabio Mancinelli-4 wrote:
So as long as what you want to do is achievable by page and object manipulation (like the most of the XWiki functionalities) you are able to use the REST api to do it.
Hi Fabio, Thanks for replying to my thread. Coming to the creating user issue. Does that mean we can create a user by creating a page and have object of class XWikiUser, but won't be able to add the user details like personal information and contact information through REST Api? Or may be there is a way to do it??
Thanks, Manish
Just to be clear I'll show you how to create a user using curl (http://curl.haxx.se), a handy command line tool for sending HTTP requests.
Step1: Create a page that will represent the user. This page will be located in the XWiki space and its name will correspond to the username
$ curl -v -u Admin:admin -X PUT -H "Content-type: text/plain" --data-ascii '{{include document="XWiki.XWikiUserSheet"/}}' http://localhost:8080/xwiki/rest/wikis/xwiki/spaces/XWiki/pages/Foo
Quick explanation:
* -u Admin:admin uses HTTP basic authentication in order to authenticate the request. It will be executed as Admin.
* We send PUT request
* The content type is text/plain. This is accepted by the http://localhost:8080/xwiki/rest/wikis/xwiki/spaces/XWiki/pages/Foo resource and the effect is that whatever is specified as the request payload (entity) will become the page content. You could have also used the application/xml content type, but in this case you should have sent an XML document that is compliant to the REST Api model schema for Page objects defined here: http://svn.xwiki.org/svnroot/xwiki/platform/core/trunk/xwiki-rest/src/main/r...
Once this command is executed you will receive back the XML representation of the newly created page and if you point your browser to http://localhost:8080/xwiki/bin/view/XWiki/Foo you will see a user page that is incomplete; in fact the message says: "This stylesheet must be applied on a document containing a XWiki.XWikiUsers object."
Step2: Create a XWiki.XWikiUsers object containing user information.
$ curl -v -u Admin:admin -X POST -d "className=XWiki.XWikiUsers&property#first_name=Foo&property#last_name=Foo&property#password=foo" http://localhost:8080/xwiki/rest/wikis/xwiki/spaces/XWiki/pages/Foo/objects
Quick explanation:
* We create a new XWiki.XWikiUsers object attached to the previously created page. This time the content type will be "application/x-www-form-urlencoded" sent by default by curl.
* The entity will contain several urlencoded fields that will be used to initialize the fields of the XWikiUsers object. In particular these fields are:
** className : Tells the REST Api that we want to create an object of a given class, in this clas XWiki.XWikiUsers
** property#first_name, property#last_name, property#password : These are used to define the values that will be set to the object's property. The property# prefix is not part of the property name but it is used to distinguish metadata about the object (like the classname) from the actual object's properties. To check the available properties for the XWiki.XWikiUsers class you can look at http://localhost:8080/xwiki/bin/view/XWiki/XWikiUsers. It is *here* that you specify all the data associated to your user: her name, last name, blog, password, etc.
Once this command is executed you will receive back the XML representation of the newly created object and if you point your browser to http://localhost:8080/xwiki/bin/view/XWiki/Foo now you will see a complete user page with all the correct details.
Step3: Add the newly created user to the XWikiAllGroup in order to make it correctly access the wiki.
$ curl -v -u Admin:admin -X POST -d "className=XWiki.XWikiGroups&property#member=XWiki.Foo" http://localhost:8080/xwiki/rest/wikis/xwiki/spaces/XWiki/pages/XWikiAllGrou...
This should be pretty clear now. You just add a XWiki.XWikiGroups object to the XWiki.XWikiAllGroups page and set the member field of this object the user id, in this case XWiki.Foo
Now you should be able to login to the wiki using the new user (i.e., Foo, password foo).
Actually there is another step to be done before Step3. In fact, if you login as Foo and you go to the Foo profile you will see that you won't be able to edit it. This is because you need to set the access rights to this page in order to make Foo able to edit it.
I leave this as an exercise. (Hint: look to the XWiki.XWikiRights objects attached to a user created in the standard way)
Very nice explanation, should go on xwiki.org as a tutorial. -- Sergiu Dumitriu http://purl.org/net/sergiu/
participants (4)
-
Fabio Mancinelli -
Marius Dumitru Florea -
Sergiu Dumitriu -
xManish