[xwiki-users] XWiki 2 ML 4 .xar import error
Hello everyone, Tried setting up XWiki 2 ML4 as a fresh installation on a test machine. The installation went fine. However, importing the .xar file for XWiki 2 ML 4 throws the following error: Wrapped Exception: org.apache.velocity.exception.MethodInvocationException: Invocation of method 'save' in class com.xpn.xwiki.api.Document threw exception com.xpn.xwiki.XWikiException: Error number 9001 in 9: Access denied in edit mode on document XWiki.XWikiPreferences at /templates/admin.vm[line 58, column 26] at org.apache.velocity.runtime.parser.node.ASTMethod.handleInvocationException( ASTMethod.java:337) . When I tried again, it takes me to the XWiki preferences page but the page says it is locked in edit mode by XWiki.Guest. Clicking force edit throws the above mentioned error again. Is anyone else too facing the same issue. Did I miss out on anything critical during setup. The machine is the same where a test version of XWiki 2 ML 3 works just fine. ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
Re: [xwiki-users] Receiving Watch list notifications.
Woot, bravo Caleb. Seems there is a lot of people on this subject from now. I released some files about this on Flickr : http://www.flickr.com/photos/thibautdeveraux/3821532046 http://www.flickr.com/photos/thibautdeveraux/3821531914 http://www.flickr.com/photos/thibautdeveraux/3820724537 http://www.flickr.com/photos/thibautdeveraux/3820724599 (the begining of the texts is alway the same, jump at the end) Caty told me the non-panel versions were to complicated, wich is right. The fact is I think a lot about a communication board including wave integration and should separate concepts in the time to get a working design at each moment. The wave part is not finalized from now. However I think I could post the third and forth links to GoogleWave page in incubator so that it may give other people ideas. Can someone post it / make me an account on incubator ? Thanks. Thibaut 2009/8/27 clay > > Caleb, > > You're a CHAMP! > > Thanks! > > > Caleb James DeLisle wrote: > > > > You're right, xwiki needs a "watchlist" panel. The watchlist has an rss > > feed so I copied the workings of that to make a panel. You can get it > > here. > > > > > http://code.xwiki.org/xwiki/bin/view/Applications/WatchlistPanelApplication > > > > This will not interfere with notifications being emailed to you. > > > > Caleb James DeLisle > > > > clay wrote: > >> Greetings, > >> > >> Is there a way to have notifications posted to a panel for the > interested > >> user rather than through email? > >> > >> If so, is there a way to choose one, the other or both? > >> > >> Thanks! > >> > >> ___ > >> users mailing list > >> users@xwiki.org > >> http://lists.xwiki.org/mailman/listinfo/users > >> > >> > > > > ___ > > users mailing list > > users@xwiki.org > > http://lists.xwiki.org/mailman/listinfo/users > > > > > > -- > View this message in context: > http://n2.nabble.com/Receiving-Watch-list-notifications-tp3500490p3520065.html > Sent from the XWiki- Users mailing list archive at Nabble.com. > ___ > users mailing list > users@xwiki.org > http://lists.xwiki.org/mailman/listinfo/users > ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
Re: [xwiki-users] Receiving Watch list notifications.
Caleb, You're a CHAMP! Thanks! Caleb James DeLisle wrote: > > You're right, xwiki needs a "watchlist" panel. The watchlist has an rss > feed so I copied the workings of that to make a panel. You can get it > here. > > http://code.xwiki.org/xwiki/bin/view/Applications/WatchlistPanelApplication > > This will not interfere with notifications being emailed to you. > > Caleb James DeLisle > > clay wrote: >> Greetings, >> >> Is there a way to have notifications posted to a panel for the interested >> user rather than through email? >> >> If so, is there a way to choose one, the other or both? >> >> Thanks! >> >> ___ >> users mailing list >> users@xwiki.org >> http://lists.xwiki.org/mailman/listinfo/users >> >> > > ___ > users mailing list > users@xwiki.org > http://lists.xwiki.org/mailman/listinfo/users > > -- View this message in context: http://n2.nabble.com/Receiving-Watch-list-notifications-tp3500490p3520065.html Sent from the XWiki- Users mailing list archive at Nabble.com. ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
Re: [xwiki-users] database insertion
Alexandre Souza wrote: > Hi, > > I am developing a script to generate several html pages and inclusion in the > XWiki database, but after add the page in *xwikidoc table* successfully it > is not loaded in the xwiki. > There is another procedure to be done after inclusion data in mysql > database? You should never manipulate XWiki data using direct SQL access. The ID of a document is actually a key to finding the right document, and only a certain value (the java hashcode) can be used for each document, so generating it from outside Java is hard. My advice is to use either a Java or Groovy code that uses the xwiki API to insert documents in the database. An example of such a script can be seen at http://svn.xwiki.org/svnroot/xwiki/sandbox/tools/cryptpasswords/ -- Sergiu Dumitriu http://purl.org/net/sergiu/ ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
Re: [xwiki-users] viewer=code
Ajdin Brandic wrote: > Is there an option (settings) to disable this (viewer=code) on a site? First thing to keep in mind is that any user that can *edit* documents on your wiki will always be able to retrieve the source code of documents. Now, if you want to disable the display of code to users, you should edit the following templates and add a rights check at the start: code.vm, xml.vm, changes*.vm, editwiki.vm, editwysiwyg.vm, editwysiwygnew.vm, inline.vm, plaincode.vm This snippet prevents guest access: #if($context.user == 'XWiki.XWikiGuest') #stop #end -- Sergiu Dumitriu http://purl.org/net/sergiu/ ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
Re: [xwiki-users] viewer=code
Blocking users from copying a script is tricky business. To start with,
an exception will cause the content to be dumped in the error message.
You might try this:
create a page (I will call it Main.banned, but you can call it what you
like.) This will contain your secret groovy script.
put this in it
public class MySecretClass{
public String go(){
//your code goes here, it can only output things through
//the return statement, println and errors will not be shown.
String out = "hello world!";//my test code :)
return out;
}
}
NOTE: there are no <% or {{groovy}} marks
Set the permissions of this page so that only you are allowed to view it.
create another page (which users are allowed to view.) in this page put:
{{velocity}}
#set($myclass = $xwiki.parseGroovyFromPage("Main.banned"))
$myclass.go()
{{/velocity}}
now unregistered users and users without permission can view the page
with the velocity code (which executes the groovy page), but not view
the page with the groovy code (with viewer=code or otherwise.)
In the event of an exception in your groovy code, the user will see a
velocity exception, and the exact error (eg
StringIndexOutOfBoundsException -1) will be shown, but not the groovy code.
I have tested this and it works. A user without any special permissions
can copy the velocity code and run it themselves, but I can't see any
way for them to read the groovy code.
Hope this helps,
Caleb James DeLisle
Thomas Mortagne wrote:
> viewer=code does not make any difference between any specific content,
> it simply print the document content which can contains wiki syntax,
> velocity , groovy etc... a better name would be viewer=source
>
> On Wed, Aug 26, 2009 at 18:36, Ajdin Brandic wrote:
>
>> Will it show Groovy as well as Velocity code?
>>
>> Ajdin
>>
>> -Original Message-
>> From: users-boun...@xwiki.org [mailto:users-boun...@xwiki.org] On Behalf
>> Of Marius Dumitru Florea
>> Sent: 26 August 2009 17:18
>> To: XWiki Users
>> Subject: Re: [xwiki-users] viewer=code
>>
>> Ajdin Brandic wrote:
>>
>>> Lets say I'm doing some user input checking to prevent spam. Since I
>>> am using myxwiki.org service and have no access to the back end code I
>>>
>>> could have some hard coded sensitive info in my script (ie. u/p to
>>> twitter or facebook).
>>>
>> Afaik, there is no view-code right so any user with view access is able
>> to see the code of the page.
>>
>> Marius
>>
>>
>>> Ajdin
>>>
>>> -Original Message-
>>> From: users-boun...@xwiki.org [mailto:users-boun...@xwiki.org] On
>>> Behalf Of Marius Dumitru Florea
>>> Sent: 26 August 2009 16:07
>>> To: XWiki Users
>>> Subject: Re: [xwiki-users] viewer=code
>>>
>>> Hi Ajdin,
>>>
>>> Ajdin Brandic wrote:
>>>
Is there an option (settings) to disable this (viewer=code) on a
>> site?
>>
>>> I don't know if there is a way to disable the viewer=code from the UI
>>> but I know you can prevent it by editing templates/view.vm around this
>>> line:
>>>
>>> #template("${viewer}.vm")
>>>
>>> or by renaming templates/code.vm (but that leads to a blank page which
>>>
>>> is not user friendly).
>>>
>>> Btw, why do you want to hide the code?
>>>
>>> Hope this helps,
>>> Marius
>>>
>>>
Ajdin
NOTICE
This message and any files transmitted with it is intended for the
>>> addressee only and may contain information that is confidential or
>>> privileged. Unauthorised use is strictly prohibited. If you are not
>>> the addressee, you should not read, copy, disclose or otherwise use
>>> this message, except for the purpose of delivery to the addressee.
>>>
Any views or opinions expressed within this e-mail are those of the
>>> author and do not necessarily represent those of Coventry University.
>>>
___
users mailing list
users@xwiki.org
http://lists.xwiki.org/mailman/listinfo/users
>>> ___
>>> users mailing list
>>> users@xwiki.org
>>> http://lists.xwiki.org/mailman/listinfo/users
>>> ___
>>> users mailing list
>>> users@xwiki.org
>>> http://lists.xwiki.org/mailman/listinfo/users
>>>
>> ___
>> users mailing list
>> users@xwiki.org
>> http://lists.xwiki.org/mailman/listinfo/users
>>
>>
>>
>>
>> NOTICE
>>
>> This message and any files transmitted with it is intended for the addressee
>> only and may contain information that is confidential or privileged.
>> Unauthorised use is strictly prohibited. If you are not the addressee, you
>> should not read, copy, disclose or otherwise use this message, except for
>> the purpose of delivery to
[xwiki-users] database insertion
Hi, I am developing a script to generate several html pages and inclusion in the XWiki database, but after add the page in *xwikidoc table* successfully it is not loaded in the xwiki. There is another procedure to be done after inclusion data in mysql database? Thanks, Alexandre ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
[xwiki-users] [ANN] XWiki Enterprise 2.0 Milestone 4 released
The XWiki development team is pleased to announce the release of XWiki Enterprise 2.0 Milestone 4. Go grab it at http://www.xwiki.org/xwiki/bin/view/Main/Download This is the fourth and last milestone for the XWiki enterprise 2.0 version. Changes from 2.0 Milestone 3: * Introduce new Colibri skin * Improvements and bugfixes in the new network event distribution system * Improvements in the scheduler * Improvements in the watchlist * Introduce activity stream plugin * Add macros categories support * Add attachment support to mail created from template As usual we need the community to heavily test this release before the final release to catch all the remaining issues. You can look at http://dev.xwiki.org/xwiki/bin/view/Drafts/EventClustering to test the new event based clustering support. For more information see the Release notes at: http://www.xwiki.org/xwiki/bin/view/Main/ReleaseNotesXWikiEnterprise20M4 Thanks -The XWiki dev team ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
Re: [xwiki-users] viewer=code
viewer=code does not make any difference between any specific content,
it simply print the document content which can contains wiki syntax,
velocity , groovy etc... a better name would be viewer=source
On Wed, Aug 26, 2009 at 18:36, Ajdin Brandic wrote:
> Will it show Groovy as well as Velocity code?
>
> Ajdin
>
> -Original Message-
> From: users-boun...@xwiki.org [mailto:users-boun...@xwiki.org] On Behalf
> Of Marius Dumitru Florea
> Sent: 26 August 2009 17:18
> To: XWiki Users
> Subject: Re: [xwiki-users] viewer=code
>
> Ajdin Brandic wrote:
>> Lets say I'm doing some user input checking to prevent spam. Since I
>> am using myxwiki.org service and have no access to the back end code I
>
>> could have some hard coded sensitive info in my script (ie. u/p to
>> twitter or facebook).
>
> Afaik, there is no view-code right so any user with view access is able
> to see the code of the page.
>
> Marius
>
>>
>> Ajdin
>>
>> -Original Message-
>> From: users-boun...@xwiki.org [mailto:users-boun...@xwiki.org] On
>> Behalf Of Marius Dumitru Florea
>> Sent: 26 August 2009 16:07
>> To: XWiki Users
>> Subject: Re: [xwiki-users] viewer=code
>>
>> Hi Ajdin,
>>
>> Ajdin Brandic wrote:
>>> Is there an option (settings) to disable this (viewer=code) on a
> site?
>>
>> I don't know if there is a way to disable the viewer=code from the UI
>> but I know you can prevent it by editing templates/view.vm around this
>> line:
>>
>> #template("${viewer}.vm")
>>
>> or by renaming templates/code.vm (but that leads to a blank page which
>
>> is not user friendly).
>>
>> Btw, why do you want to hide the code?
>>
>> Hope this helps,
>> Marius
>>
>>> Ajdin
>>>
>>>
>>>
>>>
>>> NOTICE
>>>
>>> This message and any files transmitted with it is intended for the
>> addressee only and may contain information that is confidential or
>> privileged. Unauthorised use is strictly prohibited. If you are not
>> the addressee, you should not read, copy, disclose or otherwise use
>> this message, except for the purpose of delivery to the addressee.
>>> Any views or opinions expressed within this e-mail are those of the
>> author and do not necessarily represent those of Coventry University.
>>> ___
>>> users mailing list
>>> users@xwiki.org
>>> http://lists.xwiki.org/mailman/listinfo/users
>> ___
>> users mailing list
>> users@xwiki.org
>> http://lists.xwiki.org/mailman/listinfo/users
>> ___
>> users mailing list
>> users@xwiki.org
>> http://lists.xwiki.org/mailman/listinfo/users
> ___
> users mailing list
> users@xwiki.org
> http://lists.xwiki.org/mailman/listinfo/users
>
>
>
>
> NOTICE
>
> This message and any files transmitted with it is intended for the addressee
> only and may contain information that is confidential or privileged.
> Unauthorised use is strictly prohibited. If you are not the addressee, you
> should not read, copy, disclose or otherwise use this message, except for the
> purpose of delivery to the addressee.
>
> Any views or opinions expressed within this e-mail are those of the author
> and do not necessarily represent those of Coventry University.
> ___
> users mailing list
> users@xwiki.org
> http://lists.xwiki.org/mailman/listinfo/users
>
--
Thomas Mortagne
___
users mailing list
users@xwiki.org
http://lists.xwiki.org/mailman/listinfo/users
Re: [xwiki-users] viewer=code
Will it show Groovy as well as Velocity code?
Ajdin
-Original Message-
From: users-boun...@xwiki.org [mailto:users-boun...@xwiki.org] On Behalf
Of Marius Dumitru Florea
Sent: 26 August 2009 17:18
To: XWiki Users
Subject: Re: [xwiki-users] viewer=code
Ajdin Brandic wrote:
> Lets say I'm doing some user input checking to prevent spam. Since I
> am using myxwiki.org service and have no access to the back end code I
> could have some hard coded sensitive info in my script (ie. u/p to
> twitter or facebook).
Afaik, there is no view-code right so any user with view access is able
to see the code of the page.
Marius
>
> Ajdin
>
> -Original Message-
> From: users-boun...@xwiki.org [mailto:users-boun...@xwiki.org] On
> Behalf Of Marius Dumitru Florea
> Sent: 26 August 2009 16:07
> To: XWiki Users
> Subject: Re: [xwiki-users] viewer=code
>
> Hi Ajdin,
>
> Ajdin Brandic wrote:
>> Is there an option (settings) to disable this (viewer=code) on a
site?
>
> I don't know if there is a way to disable the viewer=code from the UI
> but I know you can prevent it by editing templates/view.vm around this
> line:
>
> #template("${viewer}.vm")
>
> or by renaming templates/code.vm (but that leads to a blank page which
> is not user friendly).
>
> Btw, why do you want to hide the code?
>
> Hope this helps,
> Marius
>
>> Ajdin
>>
>>
>>
>>
>> NOTICE
>>
>> This message and any files transmitted with it is intended for the
> addressee only and may contain information that is confidential or
> privileged. Unauthorised use is strictly prohibited. If you are not
> the addressee, you should not read, copy, disclose or otherwise use
> this message, except for the purpose of delivery to the addressee.
>> Any views or opinions expressed within this e-mail are those of the
> author and do not necessarily represent those of Coventry University.
>> ___
>> users mailing list
>> users@xwiki.org
>> http://lists.xwiki.org/mailman/listinfo/users
> ___
> users mailing list
> users@xwiki.org
> http://lists.xwiki.org/mailman/listinfo/users
> ___
> users mailing list
> users@xwiki.org
> http://lists.xwiki.org/mailman/listinfo/users
___
users mailing list
users@xwiki.org
http://lists.xwiki.org/mailman/listinfo/users
NOTICE
This message and any files transmitted with it is intended for the addressee
only and may contain information that is confidential or privileged.
Unauthorised use is strictly prohibited. If you are not the addressee, you
should not read, copy, disclose or otherwise use this message, except for the
purpose of delivery to the addressee.
Any views or opinions expressed within this e-mail are those of the author and
do not necessarily represent those of Coventry University.
___
users mailing list
users@xwiki.org
http://lists.xwiki.org/mailman/listinfo/users
Re: [xwiki-users] viewer=code
Ajdin Brandic wrote:
> Lets say I'm doing some user input checking to prevent spam. Since I am
> using myxwiki.org service and have no access to the back end code I
> could have some hard coded sensitive info in my script (ie. u/p to
> twitter or facebook).
Afaik, there is no view-code right so any user with view access is able
to see the code of the page.
Marius
>
> Ajdin
>
> -Original Message-
> From: users-boun...@xwiki.org [mailto:users-boun...@xwiki.org] On Behalf
> Of Marius Dumitru Florea
> Sent: 26 August 2009 16:07
> To: XWiki Users
> Subject: Re: [xwiki-users] viewer=code
>
> Hi Ajdin,
>
> Ajdin Brandic wrote:
>> Is there an option (settings) to disable this (viewer=code) on a site?
>
> I don't know if there is a way to disable the viewer=code from the UI
> but I know you can prevent it by editing templates/view.vm around this
> line:
>
> #template("${viewer}.vm")
>
> or by renaming templates/code.vm (but that leads to a blank page which
> is not user friendly).
>
> Btw, why do you want to hide the code?
>
> Hope this helps,
> Marius
>
>> Ajdin
>>
>>
>>
>>
>> NOTICE
>>
>> This message and any files transmitted with it is intended for the
> addressee only and may contain information that is confidential or
> privileged. Unauthorised use is strictly prohibited. If you are not the
> addressee, you should not read, copy, disclose or otherwise use this
> message, except for the purpose of delivery to the addressee.
>> Any views or opinions expressed within this e-mail are those of the
> author and do not necessarily represent those of Coventry University.
>> ___
>> users mailing list
>> users@xwiki.org
>> http://lists.xwiki.org/mailman/listinfo/users
> ___
> users mailing list
> users@xwiki.org
> http://lists.xwiki.org/mailman/listinfo/users
> ___
> users mailing list
> users@xwiki.org
> http://lists.xwiki.org/mailman/listinfo/users
___
users mailing list
users@xwiki.org
http://lists.xwiki.org/mailman/listinfo/users
Re: [xwiki-users] viewer=code
Lets say I'm doing some user input checking to prevent spam. Since I am
using myxwiki.org service and have no access to the back end code I
could have some hard coded sensitive info in my script (ie. u/p to
twitter or facebook).
Ajdin
-Original Message-
From: users-boun...@xwiki.org [mailto:users-boun...@xwiki.org] On Behalf
Of Marius Dumitru Florea
Sent: 26 August 2009 16:07
To: XWiki Users
Subject: Re: [xwiki-users] viewer=code
Hi Ajdin,
Ajdin Brandic wrote:
> Is there an option (settings) to disable this (viewer=code) on a site?
I don't know if there is a way to disable the viewer=code from the UI
but I know you can prevent it by editing templates/view.vm around this
line:
#template("${viewer}.vm")
or by renaming templates/code.vm (but that leads to a blank page which
is not user friendly).
Btw, why do you want to hide the code?
Hope this helps,
Marius
>
> Ajdin
>
>
>
>
> NOTICE
>
> This message and any files transmitted with it is intended for the
addressee only and may contain information that is confidential or
privileged. Unauthorised use is strictly prohibited. If you are not the
addressee, you should not read, copy, disclose or otherwise use this
message, except for the purpose of delivery to the addressee.
>
> Any views or opinions expressed within this e-mail are those of the
author and do not necessarily represent those of Coventry University.
> ___
> users mailing list
> users@xwiki.org
> http://lists.xwiki.org/mailman/listinfo/users
___
users mailing list
users@xwiki.org
http://lists.xwiki.org/mailman/listinfo/users
___
users mailing list
users@xwiki.org
http://lists.xwiki.org/mailman/listinfo/users
Re: [xwiki-users] viewer=code
Hi Ajdin,
Ajdin Brandic wrote:
> Is there an option (settings) to disable this (viewer=code) on a site?
I don't know if there is a way to disable the viewer=code from the UI
but I know you can prevent it by editing templates/view.vm around this line:
#template("${viewer}.vm")
or by renaming templates/code.vm (but that leads to a blank page which
is not user friendly).
Btw, why do you want to hide the code?
Hope this helps,
Marius
>
> Ajdin
>
>
>
>
> NOTICE
>
> This message and any files transmitted with it is intended for the addressee
> only and may contain information that is confidential or privileged.
> Unauthorised use is strictly prohibited. If you are not the addressee, you
> should not read, copy, disclose or otherwise use this message, except for the
> purpose of delivery to the addressee.
>
> Any views or opinions expressed within this e-mail are those of the author
> and do not necessarily represent those of Coventry University.
> ___
> users mailing list
> users@xwiki.org
> http://lists.xwiki.org/mailman/listinfo/users
___
users mailing list
users@xwiki.org
http://lists.xwiki.org/mailman/listinfo/users
[xwiki-users] viewer=code
Is there an option (settings) to disable this (viewer=code) on a site? Ajdin NOTICE This message and any files transmitted with it is intended for the addressee only and may contain information that is confidential or privileged. Unauthorised use is strictly prohibited. If you are not the addressee, you should not read, copy, disclose or otherwise use this message, except for the purpose of delivery to the addressee. Any views or opinions expressed within this e-mail are those of the author and do not necessarily represent those of Coventry University. ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
[xwiki-users] AUTO: MaryEllen Coleman/Poughkeepsie/IBM is out of the office. (returning 09/02/2009)
I am out of the office until 09/02/2009. I will not have access to email. For wiki assistance, please contact Kim Dillon. Note: This is an automated response to your message "users Digest, Vol 25, Issue 49" sent on 8/26/09 4:06:27. This is the only notification you will receive while this person is away. ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
Re: [xwiki-users] Bug: create/delete wiki rights from account not named "Admin"
Hi Trevor, I just want to complete what Guillaume had said. For any documents it exists 2 authors: - the last _author_ of the document, the one that have saved any information into the document - the last _content author_ of the document, the one that have saved the _content_ of the document The first one is show in the about div at the bottom of each document, the second one is very hidden and could only be checked in an XAR export, a raw XML view of the document or using code. For some operations, like accessing the internal privileged API from velocity or running groovy scripts, the _content author_ of the document containing the (velocity) code (or the one your are looking at for groovy) should have programming rights. Currently, with the new rendering engine, the document on which the content author is checked is always the document your are looking at, not necessarily the one that directly contains the code. This should be improved later, when the new 2.0 macros received more context information. Therefore, the rights to do an operation has usually nothing to do with the programming rights of the currently connected user. AFAIK, there is almost no case where the currently connected user is check against programming rights in a standard XWiki. So most of the page of a basic XWiki does not require such rights, some does. And due to the way new wikis are setup, generally by an import procedure, there may be additional issues, regarding programming rights: - most pages has XWiki.Admin as content author at initial stage - in a farm, those having XWiki.Admin as content author in another wiki than the main one, does not have programming rights (XWIKI-4066) - importing non-backup pack does not help in fixing content authors (XWIKI-3725) So this is currently a bad idea to remove XWiki.Admin, and I generally change its password to some random one for securing that somewhat internal account. As Guillaume said, there is room for improvement: - ensure proper context for 2.0 macros (in progress I think) - ensure better support of content authors during import (XWIKI-3725, XWIKI-4066, XWIKI-4073) - allow importing backup pack (like the XWiki provided ones) as non- backup one, this would allow importing non-backup pack with another admin as content author - it could also be useful for admin to see who is the content author more easily, since there is no interface showing them Hope that this will help you understanding potential programming issues. Regards, Denis On 24 août 09, at 17:37, Guillaume Lerouge wrote: > Hi Trevor, > > On Mon, Aug 24, 2009 at 5:06 PM, Trevor wrote: > >> In setting up our XWiki farm, I came across a couple of bugs. >> In general, should we always bring up bugs on the mailing list >> first before >> entry into jira? >> >> I deleted the account named "Admin" after setting up other >> individuals as >> administrators. A user with "admin" rights (or even "delete" >> rights) could >> no longer create or delete wikis from the "wikis" page of the XEM. >> However, >> if I recreated an account named "Admin", then a user with "admin" >> rights >> *could* create/delete wikis from that page, even though they're not >> logged >> in as user "Admin". >> >> The rights checking on that page must be hardcoded to check if user >> "Admin" >> has the rights, instead of checking the user who's actually logged >> in and >> making the page request. >> >> XEM 1.9.3 > > > That's most probably due to a programming rights issue. In XWiki, > certain > pieces of code (namely Groovy code) can be executed only if the last > user to > have saved the document where such code is stored has programming > rights. > This is to prevent arbitrary code execution and privilege escalation > in the > wiki. > > If I'm correct, all you need to do after deleting the "Admin" > account is to > save the page where the Groovy code is stored with one of your other > admins, > after making sure that admin has the programming right set as true > at the > global level of your farm. > > We're aware that the way this mechanism works is not ideal in cases > such as > yours and we'll fix its logic at one point, but for the time being > that's > how things work. > > So it's not quite a bug but I agree there's room for improvement. > > As for discussing issues on the mailing lists before posting on > JIRA, well, > the discussion will take place in JIRA comments if it has to > anyway ;-) > > Thanks for your feedback, > > Guillaume > > >> >> >> Trevor >> ___ >> users mailing list >> users@xwiki.org >> http://lists.xwiki.org/mailman/listinfo/users >> > > > > -- > Guillaume Lerouge > Product Manager - XWiki > Skype: wikibc > Twitter: glerouge > http://guillaumelerouge.com/ > ___ > users mailing list > users@xwiki.org > http://lists.xwiki.org/mailm
