Thanks for the answers, I think we've reached a consensus on at least one thing : adding the metadata in pages that require PR.
I'm going to implement that for 3.0M2. If nobody opposes it, I will : * Add to the XWiki.RequiredRightClass to XWiki Enterprise xar (I think it makes more sense in XE than in the admin app), with a single field for now, which precise the right the page must be saved with. Multiselect with 2 values for now : "programming" and "edit" * Add the object to all pages requiring it. If I miss some, please help me spot them :) The rest can be implemented later, although I will also try to make a quick PoC of the admin UI for offering to fix PR. Jerome. On Wed, Jan 19, 2011 at 8:04 PM, Jerome Velociter <[email protected]> wrote: > Hi developers, > > I've setup and worked on a couple of wiki farms recently, and my feedback > is that the PR issue has become for me a major PITA. > It's worst than before, because we've introduced a lot of pages that > requires it : annotations style and script, plus the wiki macros for > activity, tag cloud, space, etc. (OK, it's not really PR, it's edit right of > the last person who did edit it, but it's the same issue mostly : you need > to have it saved by someone with sufficient rights). > > Importing not as back-up (meaning all pages imported from the XAR are saved > by the user doing the import) is not sufficient answer, for several reason : > * User might not have programming rights > * When user has programming rights, it's a BAD practice in terms of > security (it means every page of the wiki initially has the PR right OK) > * Wiki creation is also done by template wiki copy, which is not covered by > this > * This problem is not just an import/creation problem, we need generally a > way to know which pages require PR, and which are missing this PR (users can > be deleted, their rights can change, etc.). > > OK, that looks like sufficient complaining :) > > Here what I propose, tell me what you think : > > 1. We define a XWiki class, like XWiki.RequiredRightClass, with a field > that describe the required right the user saving the document must have for > it to behave properly (for example it will be "edit" for wiki macros with a > "wiki" scope, and "programming" for pages that uses privileged APIs, or JSR > scripts, or always use SSX, etc.) > 2. We make a simple UI (for example in the administration section of the > admin app) that list all of them, and their current status. Plus a button to > fix the status if there is something to fix (a missing PR for example) and > if the user seeing the page has the required rights of course. > > That's what I propose for now. > > In the future, we could imagine that : > > 3. Programming right can only be granted on a page that requires > it explicitly. This would be a non-backward compatible change. > > Let me know what you think. > > If we agree I volunteer to implement this in 3.0 M2. > > Jerome. > _______________________________________________ devs mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/devs
