On 01/19/2011 08:04 PM, Jerome Velociter wrote: > Hi developers, > > I've setup and worked on a couple of wiki farms recently, and my feedback is > that the PR issue has become for me a major PITA. > It's worst than before, because we've introduced a lot of pages that > requires it : annotations style and script, plus the wiki macros for > activity, tag cloud, space, etc. (OK, it's not really PR, it's edit right of > the last person who did edit it, but it's the same issue mostly : you need > to have it saved by someone with sufficient rights). > > Importing not as back-up (meaning all pages imported from the XAR are saved > by the user doing the import) is not sufficient answer, for several reason : > * User might not have programming rights > * When user has programming rights, it's a BAD practice in terms of security > (it means every page of the wiki initially has the PR right OK) > * Wiki creation is also done by template wiki copy, which is not covered by > this > * This problem is not just an import/creation problem, we need generally a > way to know which pages require PR, and which are missing this PR (users can > be deleted, their rights can change, etc.). > > OK, that looks like sufficient complaining :) > > Here what I propose, tell me what you think : > > 1. We define a XWiki class, like XWiki.RequiredRightClass, with a field that > describe the required right the user saving the document must have for it to > behave properly (for example it will be "edit" for wiki macros with a "wiki" > scope, and "programming" for pages that uses privileged APIs, or JSR > scripts, or always use SSX, etc.) > 2. We make a simple UI (for example in the administration section of the > admin app) that list all of them, and their current status. Plus a button to > fix the status if there is something to fix (a missing PR for example) and > if the user seeing the page has the required rights of course.
+1 as a quick fix. > That's what I propose for now. > > In the future, we could imagine that : > > 3. Programming right can only be granted on a page that requires > it explicitly. This would be a non-backward compatible change. In the future this will be done with signed scripts. The work is halfway done, with the xwiki-crypto module in place. That way you'd be sure only trusted scripts are executable. > Let me know what you think. > > If we agree I volunteer to implement this in 3.0 M2. -- Sergiu Dumitriu http://purl.org/net/sergiu/ _______________________________________________ devs mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/devs
