Hi Jérôme, On Wed, Jan 19, 2011 at 20:04, Jerome Velociter <[email protected]> wrote:
> Hi developers, > > I've setup and worked on a couple of wiki farms recently, and my feedback > is > that the PR issue has become for me a major PITA. > It's worst than before, because we've introduced a lot of pages that > requires it : annotations style and script, plus the wiki macros for > activity, tag cloud, space, etc. (OK, it's not really PR, it's edit right > of > the last person who did edit it, but it's the same issue mostly : you need > to have it saved by someone with sufficient rights). > > Importing not as back-up (meaning all pages imported from the XAR are saved > by the user doing the import) is not sufficient answer, for several reason > : > * User might not have programming rights > * When user has programming rights, it's a BAD practice in terms of > security > (it means every page of the wiki initially has the PR right OK) > * Wiki creation is also done by template wiki copy, which is not covered by > this > * This problem is not just an import/creation problem, we need generally a > way to know which pages require PR, and which are missing this PR (users > can > be deleted, their rights can change, etc.). > > OK, that looks like sufficient complaining :) > Though I'll abstain myself just this one time, I could add a lot of complaining here as well :-) > Here what I propose, tell me what you think : > > 1. We define a XWiki class, like XWiki.RequiredRightClass, with a field > that > describe the required right the user saving the document must have for it > to > behave properly (for example it will be "edit" for wiki macros with a > "wiki" > scope, and "programming" for pages that uses privileged APIs, or JSR > scripts, or always use SSX, etc.) > 2. We make a simple UI (for example in the administration section of the > admin app) that list all of them, and their current status. Plus a button > to > fix the status if there is something to fix (a missing PR for example) and > if the user seeing the page has the required rights of course. > > That's what I propose for now. > +1, sounds good to me for a first version. > In the future, we could imagine that : > > 3. Programming right can only be granted on a page that requires > it explicitly. This would be a non-backward compatible change. > > Let me know what you think. > > If we agree I volunteer to implement this in 3.0 M2. > Great, thanks for tackling this issue! Guillaume > Jerome. > _______________________________________________ > devs mailing list > [email protected] > http://lists.xwiki.org/mailman/listinfo/devs _______________________________________________ devs mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/devs
