2 Mar
2008
2 Mar
'08
2:14 p.m.
Hello,
I would like to ask if it is possible to give a user the rights to view and
edit a page, and prevent that user from viewing and changing the access
rights of that page.
My approach was:
- In the "Space Rights" I disabled Admin rights for TestUser, for the space
"Main"
- In the "Main" space, I created a TestPage on which TestUser has the rights
to view and edit
However, when TestUser edits TestPage, he can also view the page rights and
modify them. Can this be disabled?
Regards,
Ovidiu
2 Mar
2 Mar
3:33 p.m.
Ovidiu Gheorghies wrote:
Hello,
I would like to ask if it is possible to give a user the rights to view
and edit a page, and prevent that user from viewing and changing the
access rights of that page.
My approach was:
- In the "Space Rights" I disabled Admin rights for TestUser, for the
space "Main"
- In the "Main" space, I created a TestPage on which TestUser has the
rights to view and edit
However, when TestUser edits TestPage, he can also view the page rights
and modify them. Can this be disabled?
Regards,
Ovidiu
Hello,
The usual approach regarding rights is:
- Rights are set at the global and space level. Although it is possible
to define rights per page, it is less common to do so.
- In the space or global preferences, the administrator defines rights
for all the pages in that space/wiki.
- The non-administrators are prevented from further editing the space
rights by defining restricting rights on the space preferences page.
This is done by editing the page access rights for <Space>.WebPreferences
Although now a user can alter the rights for one page, not all the
rights can be granted/restricted on the page level. Administration,
programming and registration rights can only be granted/blocked
globally. This means that the worse a user can do is revoke other'
view/edit rights for one page.
However, with a little hacking, the platform code can be changed to:
- treat rights object differently, so that only users with
administration rights can change the rights (needs a deeper knowledge of
how the platform works),
or
- completely ignore page access rights, except for the space preferences
page (a bit simpler than the previous to implement, but looses some
granularity). This can even be done in a pluggable XWikiRightService
implementation as an alternative to the default one.
--
Sergiu Dumitriu
http://purl.org/net/sergiu/
3 Mar
3 Mar
11:41 p.m.
Ovidiu Gheorghies wrote:
Hello,
I would like to ask if it is possible to give a user the rights to view
and edit a page, and prevent that user from viewing and changing the
access rights of that page.
My approach was:
- In the "Space Rights" I disabled Admin rights for TestUser, for the
space "Main"
- In the "Main" space, I created a TestPage on which TestUser has the
rights to view and edit
However, when TestUser edits TestPage, he can also view the page rights
and modify them. Can this be disabled?
And of course, the most simple workaround is to edit the skin and hide
the rights editor, but this is just hiding, not solving the issue.
--
Sergiu Dumitriu
http://purl.org/net/sergiu/
6094
days inactive
6095
days old
2 comments
2 participants
participants (2)
-
Ovidiu Gheorghies -
Sergiu Dumitriu