On Tue, 2009-02-24 at 12:00 +0100, users-request(a)xwiki.org wrote: I was using the script below. the idea is: - object should have "owner" and "contributors" - "owner" and "contributors" have edit rights - initially, "owner" is set to the document creator There where a few problems with this. $ownr = $doc.getCreator() would fail, so I reverted to $ownr = $context.user. also, save() failed, so I rely on the user saving the document. ---------- code ----------------------- #if ((!$ownr || $ownr == "") && !$doc.getURL.endWith("ClassSheet")) #set ($ownr = $doc.getCreator()) #if (!$ownr || $ownr == "") #set ($ownr = $context.user) #end $doc.set("Owner",$ownr,$obj) #end #if (!$obj.Contributors) #set ($contributors = "") #else #set ($contributors = $obj.Contributors+",") #end ##if ($context.user == $ownr) #set($editors = $contributors+$ownr) #macro(allowEdit $users) #if($users && $xwiki.checkAccess($doc.getFullName(),"edit")) #set ($rights = $doc.getObject("XWiki.XWikiRights", true)) #set ($result = $rights.set("levels", "edit")) #set ($result = $rights.set("users", $users)) #set ($result = $rights.set("allow", 1)) ## $doc.save() #end #end #end ---------- /code ----------------------- I think the problem was that either the classsheet had XWikiGuest set as owner, and that was copied, or that the property was set when an unauthorised viewer visited the document. I now added: #if ((!$ownr || $ownr == "" || $ownr == "XWiki.XWikiGuest") && ! $doc.getURL.endWith("ClassSheet")) but I still think something here is a strange. I'm not sure, I think I wanted to pass on some global variables, and so I thought I needed to include the whole page in context rather than the macros. I've changed this now, we'll see what happens. thanks!!