On Jun 6, 2009, at 1:36 PM, Anca Paula Luca wrote: > Hi Vincent, > > On 06/06/2009 11:38 AM, Vincent Massol wrote: >> Hi everyone, >> >> Current situation >> ============= >> >> Right now we have 2 mechanisms in place: >> - hidden docs. These is done deep at the storage level and hidden >> docs >> don't appear in any HQL queries. This is >> - $blacklistedSpaces in xwikivars.vm which is used (or not!, that's >> the problem) in some wiki pages (AllDocs, Search, Dashboard, etc) >> >> Need >> ==== >> >> We have a need for blacklisted/hidden docs and spaces. This is >> different than rights. This is just for presentation purpose. >> >> The need I see is: >> - guest and simple users should not see blacklisted/hidden docs and >> spaces >> - advanced users and admin should see them >> >> (Note: I'm not sure we have a need to blacklist docs/spaces for >> everyone including admins as it's currently done for hidden docs) > > No, we shouldn't. Advanced users / admins are writing applications > in the wiki, > with code in all sorts of places. They (most of the times) know what > they're > doing and we should give them the chance to be in full control. I > can only > describe as frustrating using WebSearch to find some velocity code I > wrote but > don't remember where and not getting it as a result search because > it's in a > blacklisted space or hidden doc. > > Let's put it like this: there are people that program in the wiki > and people > that don't. The people that program in the wiki are all equal, > including the XE > / platform devs, so there is no reason to add supplementary hiding > of data. > A bad thing which I see from this "hiding for everybody" is the fact > that the > whole data in the wiki is no longer accessible, for _anyone_ (not even > programmers or admins), you'd need to _know_ some data is somewhere > to be able > to retrieve it, which is bad. Programming rights should be enough to > be able to > retrieve anything using fairly highlevel API (not doing queries to > the db). > >> >> Issues >> ===== >> >> 1) In lots of spaces we don't exclude blacklisted spaces since at >> every location you have to add specific code to do the exclude. >> 2) Hidden docs are a problem since there are cases we want to see >> them all (like when creating a new wiki and you need to copy a >> template wiki containing hidden docs) >> >> Proposal >> ======= >> >> * I believe we need to remove the filtering at the storage level. >> That >> level should return all docs matching the queries > > +1 > > Until the hidden value for docs, we had no restriction on the > programming API > wrt to the search results. I don't see any reason why this notion > has to be > implemented at that deep level, when the need is only presentational > purposes. > >> * We modify the default XWiki.searchDocument APIs so that they filter >> on hidden docs and blacklisted spaces (using the velocity >> $blacklistedSpaces variable). This would be changed later on when we >> implement the new model and introduce the notion of space. When this >> happen we'll be able to have hidden metadata to the Space object. > > You mean the one in the com.xpn.xwiki.api.XWiki ?
yes > if so, +1. I think the only need is for public API to filter out > hidden docs and > blacklisted spaces by default. Priviledged API should be the > responsibility of > the people that "know what they're doing" which I mentioned above. > > I don't think a velocity variable can do it though, there are > multiple APIs that > don't go through velocity and should exclude the blacklisted spaces > too. Maybe a > config param? (xwiki.cfg or the newer .properties) Yes, I guess a property is fine since it can be overriden in the wiki (in XWikiPreferences). +1 to that. Thanks -Vincent >> * We add a new XWiki.searchDocument API that doesn't do any filtering > > do we need it? in the light of those written above... > > Thanks for reading this long email and coping with my inability to > resume ideas, > Anca > >> >> WDYT? >> >> Thanks >> -Vincent _______________________________________________ devs mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/devs
