Re: [xwiki-users] generic XML API snippet, and SOS
Hi Yishay, On Dec 19, 2008, at 3:54 AM, Yishay Mor wrote: I've posted a snippet: http://code.xwiki.org/xwiki/bin/view/Snippets/GenericXMLapiSnippet Which adds a very simple XML API to a site. This API allows other sites to programmaticaly query the XWiki site, and display data from it in any form they choose. You can see an example here: http://patternlanguagenetwork.myxwiki.org/xwiki/bin/view/api/ genericXML In case you didn't know about it, all xwiki pages can be viewed as XML right (just add xpage=xml i the URL)? Then all you need is an XPath expression to query whatever part you're interested in. Or a XSL transformation to transform it into another XML document. The snippet looks cool but it's quite hard to understand what it does. Maybe you could add some more explanation and examples? I came across two problems in the process of writing this. One is general, and onw specific to my site - and fatal. the first problem is that is seems like this API can deliver protected data to a non-registered user. To avoid this on my site, I restricted it not to show classes under the XWiki space. Shouldn't this be blocked at a lower level? It's already blocked by the permission system and for password fields you shouldn't be able to see the value. If you don't want users to view some data you must make the page non viewable for them. The second problem was that I have some fields (propoerties) in some of the classes which I'm not using. Since I can't delete them, I decided to change the name to .unused and filter. However, once I did this it seems to have completly crashed the class at hand. I can't even look at the Class in the ClassEditor to delete the latest versions and go back to the latest good one. Here is the corrupted class: http://patternlanguagenetwork.myxwiki.org/xwiki/bin/view/Cases/CaseClass I've never seen that :) Something is indeed deeply broken since the rendering is failing to display but I don't know why. Thanks -Vincent ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
Re: [xwiki-users] generic XML API snippet, and SOS
From: Vincent Massol vinc...@massol.net I've posted a snippet: http://code.xwiki.org/xwiki/bin/view/Snippets/GenericXMLapiSnippet I see you've moved it to: http://code.xwiki.org/xwiki/bin/view/Snippets/GenericXMLApiSnippet In case you didn't know about it, all xwiki pages can be viewed as XML right [..] The snippet looks cool but it's quite hard to understand what it does. I know, but I wanted to provide client with a simple to use API that allows them to browse and retrieve the data. The content produced by ?xpage=xml is too rich :) I'll document the snippet the first problem is that is seems like this API can deliver protected data It's already blocked by the permission system and for password fields you shouldn't be able to see the value. That's what I thought. But have a look at: http://patternlanguagenetwork.myxwiki.org/xwiki/bin/view/XWiki/YishayMor vs. http://patternlanguagenetwork.myxwiki.org/xwiki/bin/view/api/genericXML?xpage=rdftargetClass=XWiki.XWikiUserstargetObject=XWiki.YishayMor Here is the corrupted class: http://patternlanguagenetwork.myxwiki.org/xwiki/bin/view/Cases/CaseClass I've never seen that :) Something is indeed deeply broken since the rendering is failing to display but I don't know why. The problem started when I renamed a property to .unused. I thought I could then add something like: #if (!$propertyName.startsWith(.)) to hide unused properties. I think what happened is this: The class definition is stored (or processed) in XML, and having a property name starting with '.' confuses the parser. For example, http://patternlanguagenetwork.myxwiki.org/xwiki/bin/view/api/genericXML?xpage=rdftargetClass=Cases.CaseClasstargetObject=fields=Name provokes this: org.apache.velocity.exception.MethodInvocationException: Invocation of method 'getDocument' in class com.xpn.xwiki.api.XWiki threw exception com.xpn.xwiki.XWikiException: Error number 3202 in 3: Exception while reading document Cases.Woodforthetrees Wrapped Exception: Error number 3202 in 3: Exception while reading document Cases.CaseClass Wrapped Exception: Error number 2002 in 2: Error parsing xml ___ Yishay Mor, Researcher, London Knowledge Lab http://www.lkl.ac.uk/people/mor.html http://www.google.com/calendar/embed?src=yishaym%40gmail.com +44-20-7837 x5737 ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
Re: [xwiki-users] generic XML API snippet, and SOS
Yishay Mor wrote: the first problem is that is seems like this API can deliver protected data It's already blocked by the permission system and for password fields you shouldn't be able to see the value. That's what I thought. But have a look at: http://patternlanguagenetwork.myxwiki.org/xwiki/bin/view/XWiki/YishayMor vs. http://patternlanguagenetwork.myxwiki.org/xwiki/bin/view/api/genericXML?xpage=rdftargetClass=XWiki.XWikiUserstargetObject=XWiki.YishayMor The problem is not that the user profile is not readable, but that the sheet that displays the profile is protected. This is a false protection, as the user profile is readable, it simply isn't displayed. What you can get in your XML respects the access rights. Here is the corrupted class: http://patternlanguagenetwork.myxwiki.org/xwiki/bin/view/Cases/CaseClass I've never seen that :) Something is indeed deeply broken since the rendering is failing to display but I don't know why. The problem started when I renamed a property to .unused. I thought I could then add something like: #if (!$propertyName.startsWith(.)) to hide unused properties. I think what happened is this: The class definition is stored (or processed) in XML, and having a property name starting with '.' confuses the parser. Yes, that is the problem. And any action you want to perform requires that the document is first loaded, which fails. The only way around this is a direct database change (which I just did, now the class displays fine). I created http://jira.xwiki.org/jira/browse/XWIKI-3026 to remember this issue, and it will need to be solved some time later. -- Sergiu Dumitriu http://purl.org/net/sergiu/ ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
Re: [xwiki-users] generic XML API snippet, and SOS
) at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1196) at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:432) at javax.servlet.http.HttpServlet.service(HttpServlet.java:727) at javax.servlet.http.HttpServlet.service(HttpServlet.java:820) at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:502) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1124) at com.xpn.xwiki.plugin.webdav.DavFilter.doFilter(DavFilter.java:68) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1115) at com.xpn.xwiki.wysiwyg.server.filter.ConversionFilter.doFilter(ConversionFilter.java:96) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1115) at com.xpn.xwiki.web.SavedRequestRestorerFilter.doFilter(SavedRequestRestorerFilter.java:287) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1115) at com.xpn.xwiki.web.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:112) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1115) at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:361) at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216) at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:181) at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:766) at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:417) at org.mortbay.jetty.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:230) at org.mortbay.jetty.handler.HandlerCollection.handle(HandlerCollection.java:114) at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152) at org.mortbay.jetty.Server.handle(Server.java:324) at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:534) at org.mortbay.jetty.ajp.Ajp13Connection.access$2900(Ajp13Connection.java:44) at org.mortbay.jetty.ajp.Ajp13Connection$RequestHandler.content(Ajp13Connection.java:249) at org.mortbay.jetty.ajp.Ajp13Parser.parseNext(Ajp13Parser.java:602) at org.mortbay.jetty.ajp.Ajp13Parser.parseAvailable(Ajp13Parser.java:157) at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:403) at org.mortbay.jetty.bio.SocketConnector$Connection.run(SocketConnector.java:228) at org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:522) Probably this NullPointer this is bug.. Yes even if all is working well NullPointer should never append. Which version of XWiki Core/XE are you using ? xwiki version 1.7, and core i have from snapshot -11.12.2008 Thanks for the report. Thx and greetings, -- Bart?omiej Radziszewski mobile: +48 509 561 540 e-mail: b...@debian.linux.pl JID: b...@debian.linux.pl ICQ: #305569725 ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users -- Bart?omiej Radziszewski mobile: +48 509 561 540 e-mail: b...@debian.linux.pl JID: b...@debian.linux.pl ICQ: #305569725 ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users -- Thomas Mortagne -- Message: 4 Date: Fri, 19 Dec 2008 14:50:19 +0100 From: Sergiu Dumitriu ser...@xwiki.com Subject: Re: [xwiki-users] generic XML API snippet, and SOS To: XWiki Users users@xwiki.org Message-ID: 494ba69b.4020...@xwiki.com Content-Type: text/plain; charset=ISO-8859-1 Yishay Mor wrote: the first problem is that is seems like this API can deliver protected data It's already blocked by the permission system and for password fields you shouldn't be able to see the value. That's what I thought. But have a look at: http://patternlanguagenetwork.myxwiki.org/xwiki/bin/view/XWiki/YishayMor vs. http://patternlanguagenetwork.myxwiki.org/xwiki/bin/view/api/genericXML?xpage=rdftargetClass=XWiki.XWikiUserstargetObject=XWiki.YishayMor The problem is not that the user profile is not readable, but that the sheet that displays the profile is protected. This is a false protection, as the user profile is readable, it simply isn't displayed. What you can get in your XML respects the access rights. Here is the corrupted class: http://patternlanguagenetwork.myxwiki.org/xwiki/bin/view/Cases/CaseClass I've never seen that :) Something is indeed deeply broken since the rendering is failing to display but I don't know why. The problem started when I renamed