Sergiu Dumitriu wrote:
> Yishay Mor wrote:
>>>>> This has happened a few times on
>>>>>> http://patternlanguagenetwork.myxwiki.org/, and I can't explain it.
>>>>>> I set the access rights to allow view by all, but edit is restricted.
>>> I'm
>>>>>> seeing documents rolled back to older versions by XWikiGuest. Example:
>>>>>>
>>> http://patternlanguagenetwork.myxwiki.org/xwiki/bin/view/Patterns/tabletopconceptmapping
>>>>> On this document the guest has been granted edit rights. Look at the
>>>>> rights editing for it, and select Users, and you will see that
>>>>> Unregistered Users has set view, comment and edit.
>>> I still see edit selected... And as a guest I can indeed edit the
>>> document. Just to make sure we're on the same page, I'm looking at
>>>
>>> http://patternlanguagenetwork.myxwiki.org/xwiki/bin/edit/Patterns/tabletopconceptmapping?editor=rights
>>>
>> This is really puzzling. I don't understand how the guest user has obtained
>> edit rights on some objects and not on others. Just to be on the safe side,
>> I ran the script below:
>>
>> #set ($hql = ", BaseObject as obj where obj.name=doc.fullName and
>> obj.className='Patterns.PatternClass' and obj.name
>> <>'Patterns.PatternClassTemplate'")
>> #set ($items= $xwiki.searchDocuments($hql))
>> #foreach ($item in $items)
>> * $item
>> #set ($itemDoc = $xwiki.getDocument($item))
>> #set ($rights = $itemDoc.getObject("XWiki.XWikiRights", true))
>> #set ($result = $rights.set("levels", "edit"))
>> #set ($result = $rights.set("users", "XWiki.XWikiGuest"))
>> #set ($result = $rights.set("allow", 0))
>> #end
>
> Without a $itemDoc.save(), this is kind of useless...
>
> I didn't check long enough, but I've seen that the guest right is set
> right from the first version. I don't know how does your site works, but
> could it be caused by the fact that a new pattern has the "owner"
> (wrongly) set to XWikiGuest, and you have a script that grants view and
> edit rights to the owner right after the document was created?
>
> I tested by creating a new document having Patterns.PatternClassTemplate
> as a template, and while the template has 3 rights objects, the first
> one specifying that XWikiAdminGroup can edit, the created document had
> the first object also specify that XWikiGuest can edit, not just the admins.
>
> Furthermore, I manually edited the Pattern object and set a different
> owner (Yishay Mor), and automatically the first rights object was
> changed to specify that Yishay Mor has edit rights, and not XWikiGuest.
>
> So, better check how is the owner of a pattern set.
>
One more thing, is there a reason why Patterns.PatternClassSheet uses
#includeInContext("scripts.DesObjClassSheet") instead of
#includeMacros("scripts.DesObjClassSheet")? This causes the problem with
documents displaying velocity syntax the first time they are loaded, and
the right content after refreshing.
--
Sergiu Dumitriu
http://purl.org/net/sergiu/
_______________________________________________
users mailing list
users@xwiki.org
http://lists.xwiki.org/mailman/listinfo/users
