Re: [xwiki-users] polls and rights
Thanks, including it with context=new did the trick!
Olaf
Von: Edo Beutler ebeut...@synventis.com
An: O Voss richyfourtyth...@yahoo.com; XWiki Users users@xwiki.org
Gesendet: 13:22 Montag, 19.September 2011
Betreff: Re: [xwiki-users] polls and rights
Hi Olaf
Sounds like the non-admin user saves the page which needs programming
rights - which removes the programming rights and
saveWithProgrammingRights will result in an access denied. If you try
with an admin user the page gets programming rights and it works.
If I understand correctly you have these three lines in each page -
which leads to each page needing programming rights. I think it might
work if you put this code snippet in a separate page, saved by the
admin, and just include it in the template.
Cheers,
Edo
On Sat, Sep 17, 2011 at 6:14 PM, O Voss richyfourtyth...@yahoo.com wrote:
Hi again,
Now I tried to do this with templates.
I have the following code in a class sheet:
#set($sDoc = $xwiki.getDocument('MediaRating.Test'))
#set($dummy = $sDoc.setContent($doc.getName()))
#set($dummy = $sDoc.saveWithProgrammingRights())
What it should do is this: Each time a page that is based on the template is
diplayed the name of that page is writen to the content of the page
'MediaRating.Test'.
(In the following when I speak of 'creating a page' I always mean 'creating
a page based on a template with the sheet containing the code above'.)
I wrote the class, the sheet etc. all with an admin user. When I first
tested with the same admin user, it worked fine. When I switched to a normal
user and displayed the page that had been created by the admin user it still
worked. But when I created a new page with the normal user I get an error:
Failed to execute the [velocity] macro
The probably most important line in the stack trace:
Caused by: com.xpn.xwiki.XWikiException: Error number 9001 in 9: Access
denied with no programming rights document MediaRating.Test
What is most irritating is this: After switching back to an admin user I get
the same error when creating new pages with this user too. It somehow looks
as if the template has become 'dirty' by being touched from a normal user.
Any hints?
Cheers,
Olaf
Von: O Voss richyfourtyth...@yahoo.com
An: XWiki Users users@xwiki.org
Gesendet: 19:03 Dienstag, 13.September 2011
Betreff: Re: [xwiki-users] polls and rights
Thanks!
I thought I had tried that before, but I must have mixed that test with
other things before. Now it worked indeed in a small hello world test I just
did. I'll have to see if I also manage to get it working in templates and on
automatically generated documents. But you've surely sent me in the right
direction!
Cheers,
Olaf
Von: Edo Beutler ebeut...@synventis.com
An: O Voss richyfourtyth...@yahoo.com; XWiki Users users@xwiki.org
Gesendet: 14:01 Montag, 12.September 2011
Betreff: Re: [xwiki-users] polls and rights
Hi,
Unfortunately I never used the polls application, so I don't know what
it does / how it works. However I hope I can point you in the right
direction.
If a document is editable by XWikiGuest (anyone) anyone can
change it, so yes, manipulation would be possible. I think what you
are looking for are 'programming' rights. The script saving the vote
needs to be saved from a user with programming rights. The document to
which you attach the poll votes can than be saved using the method
saveWithProgrammingRights() on the Document API. This allows you to
let XWikiGuest users attach objects to a document they are not allowed
to edit.
Hope this helps
Edo
On Sat, Sep 10, 2011 at 12:55 PM, O Voss richyfourtyth...@yahoo.com wrote:
Hi,
I'm planning to do the following:
Each document based on a certain template autmatically gets it's own
standard poll. (No customisation.) Each user visiting the page can vote.
Having looked at the polls application and played around with templates a
bit, I think I know all the ingredients I will need.
I have one problem though: Anyone who votes needs write permissions on
the document that saves the votes (whereever that may be). If I'm not
mistaken that means anyone who can vote theoretically can manipulate
voting data by accessing these objects directly.
Is there any way to secure this against manipulation
a) from users who can vote?
b) from the user who created the page?
Probably that question is equivalent to: Is there a way to let users save
changes on an object only via a script while hindering that very same
user from editing it directly?
Any hints are greatly appreciated!
___
users mailing list
users@xwiki.org
http://lists.xwiki.org/mailman/listinfo/users
___
users mailing list
users@xwiki.org
http://lists.xwiki.org/mailman/listinfo/users
Re: [xwiki-users] polls and rights
Hi Olaf
Sounds like the non-admin user saves the page which needs programming
rights - which removes the programming rights and
saveWithProgrammingRights will result in an access denied. If you try
with an admin user the page gets programming rights and it works.
If I understand correctly you have these three lines in each page -
which leads to each page needing programming rights. I think it might
work if you put this code snippet in a separate page, saved by the
admin, and just include it in the template.
Cheers,
Edo
On Sat, Sep 17, 2011 at 6:14 PM, O Voss richyfourtyth...@yahoo.com wrote:
Hi again,
Now I tried to do this with templates.
I have the following code in a class sheet:
#set($sDoc = $xwiki.getDocument('MediaRating.Test'))
#set($dummy = $sDoc.setContent($doc.getName()))
#set($dummy = $sDoc.saveWithProgrammingRights())
What it should do is this: Each time a page that is based on the template is
diplayed the name of that page is writen to the content of the page
'MediaRating.Test'.
(In the following when I speak of 'creating a page' I always mean 'creating a
page based on a template with the sheet containing the code above'.)
I wrote the class, the sheet etc. all with an admin user. When I first tested
with the same admin user, it worked fine. When I switched to a normal user
and displayed the page that had been created by the admin user it still
worked. But when I created a new page with the normal user I get an error:
Failed to execute the [velocity] macro
The probably most important line in the stack trace:
Caused by: com.xpn.xwiki.XWikiException: Error number 9001 in 9: Access
denied with no programming rights document MediaRating.Test
What is most irritating is this: After switching back to an admin user I get
the same error when creating new pages with this user too. It somehow looks
as if the template has become 'dirty' by being touched from a normal user.
Any hints?
Cheers,
Olaf
Von: O Voss richyfourtyth...@yahoo.com
An: XWiki Users users@xwiki.org
Gesendet: 19:03 Dienstag, 13.September 2011
Betreff: Re: [xwiki-users] polls and rights
Thanks!
I thought I had tried that before, but I must have mixed that test with other
things before. Now it worked indeed in a small hello world test I just did.
I'll have to see if I also manage to get it working in templates and on
automatically generated documents. But you've surely sent me in the right
direction!
Cheers,
Olaf
Von: Edo Beutler ebeut...@synventis.com
An: O Voss richyfourtyth...@yahoo.com; XWiki Users users@xwiki.org
Gesendet: 14:01 Montag, 12.September 2011
Betreff: Re: [xwiki-users] polls and rights
Hi,
Unfortunately I never used the polls application, so I don't know what
it does / how it works. However I hope I can point you in the right
direction.
If a document is editable by XWikiGuest (anyone) anyone can
change it, so yes, manipulation would be possible. I think what you
are looking for are 'programming' rights. The script saving the vote
needs to be saved from a user with programming rights. The document to
which you attach the poll votes can than be saved using the method
saveWithProgrammingRights() on the Document API. This allows you to
let XWikiGuest users attach objects to a document they are not allowed
to edit.
Hope this helps
Edo
On Sat, Sep 10, 2011 at 12:55 PM, O Voss richyfourtyth...@yahoo.com wrote:
Hi,
I'm planning to do the following:
Each document based on a certain template autmatically gets it's own
standard poll. (No customisation.) Each user visiting the page can vote.
Having looked at the polls application and played around with templates a
bit, I think I know all the ingredients I will need.
I have one problem though: Anyone who votes needs write permissions on the
document that saves the votes (whereever that may be). If I'm not mistaken
that means anyone who can vote theoretically can manipulate voting data by
accessing these objects directly.
Is there any way to secure this against manipulation
a) from users who can vote?
b) from the user who created the page?
Probably that question is equivalent to: Is there a way to let users save
changes on an object only via a script while hindering that very same user
from editing it directly?
Any hints are greatly appreciated!
___
users mailing list
users@xwiki.org
http://lists.xwiki.org/mailman/listinfo/users
___
users mailing list
users@xwiki.org
http://lists.xwiki.org/mailman/listinfo/users
___
users mailing list
users@xwiki.org
http://lists.xwiki.org/mailman/listinfo/users
Re: [xwiki-users] polls and rights
Hi again,
Now I tried to do this with templates.
I have the following code in a class sheet:
#set($sDoc = $xwiki.getDocument('MediaRating.Test'))
#set($dummy = $sDoc.setContent($doc.getName()))
#set($dummy = $sDoc.saveWithProgrammingRights())
What it should do is this: Each time a page that is based on the template is
diplayed the name of that page is writen to the content of the page
'MediaRating.Test'.
(In the following when I speak of 'creating a page' I always mean 'creating a
page based on a template with the sheet containing the code above'.)
I wrote the class, the sheet etc. all with an admin user. When I first tested
with the same admin user, it worked fine. When I switched to a normal user and
displayed the page that had been created by the admin user it still worked. But
when I created a new page with the normal user I get an error:
Failed to execute the [velocity] macro
The probably most important line in the stack trace:
Caused by: com.xpn.xwiki.XWikiException: Error number 9001 in 9: Access denied
with no programming rights document MediaRating.Test
What is most irritating is this: After switching back to an admin user I get
the same error when creating new pages with this user too. It somehow looks as
if the template has become 'dirty' by being touched from a normal user.
Any hints?
Cheers,
Olaf
Von: O Voss richyfourtyth...@yahoo.com
An: XWiki Users users@xwiki.org
Gesendet: 19:03 Dienstag, 13.September 2011
Betreff: Re: [xwiki-users] polls and rights
Thanks!
I thought I had tried that before, but I must have mixed that test with other
things before. Now it worked indeed in a small hello world test I just did.
I'll have to see if I also manage to get it working in templates and on
automatically generated documents. But you've surely sent me in the right
direction!
Cheers,
Olaf
Von: Edo Beutler ebeut...@synventis.com
An: O Voss richyfourtyth...@yahoo.com; XWiki Users users@xwiki.org
Gesendet: 14:01 Montag, 12.September 2011
Betreff: Re: [xwiki-users] polls and rights
Hi,
Unfortunately I never used the polls application, so I don't know what
it does / how it works. However I hope I can point you in the right
direction.
If a document is editable by XWikiGuest (anyone) anyone can
change it, so yes, manipulation would be possible. I think what you
are looking for are 'programming' rights. The script saving the vote
needs to be saved from a user with programming rights. The document to
which you attach the poll votes can than be saved using the method
saveWithProgrammingRights() on the Document API. This allows you to
let XWikiGuest users attach objects to a document they are not allowed
to edit.
Hope this helps
Edo
On Sat, Sep 10, 2011 at 12:55 PM, O Voss richyfourtyth...@yahoo.com wrote:
Hi,
I'm planning to do the following:
Each document based on a certain template autmatically gets it's own
standard poll. (No customisation.) Each user visiting the page can vote.
Having looked at the polls application and played around with templates a
bit, I think I know all the ingredients I will need.
I have one problem though: Anyone who votes needs write permissions on the
document that saves the votes (whereever that may be). If I'm not mistaken
that means anyone who can vote theoretically can manipulate voting data by
accessing these objects directly.
Is there any way to secure this against manipulation
a) from users who can vote?
b) from the user who created the page?
Probably that question is equivalent to: Is there a way to let users save
changes on an object only via a script while hindering that very same user
from editing it directly?
Any hints are greatly appreciated!
___
users mailing list
users@xwiki.org
http://lists.xwiki.org/mailman/listinfo/users
___
users mailing list
users@xwiki.org
http://lists.xwiki.org/mailman/listinfo/users
Re: [xwiki-users] polls and rights
Thanks! I thought I had tried that before, but I must have mixed that test with other things before. Now it worked indeed in a small hello world test I just did. I'll have to see if I also manage to get it working in templates and on automatically generated documents. But you've surely sent me in the right direction! Cheers, Olaf Von: Edo Beutler ebeut...@synventis.com An: O Voss richyfourtyth...@yahoo.com; XWiki Users users@xwiki.org Gesendet: 14:01 Montag, 12.September 2011 Betreff: Re: [xwiki-users] polls and rights Hi, Unfortunately I never used the polls application, so I don't know what it does / how it works. However I hope I can point you in the right direction. If a document is editable by XWikiGuest (anyone) anyone can change it, so yes, manipulation would be possible. I think what you are looking for are 'programming' rights. The script saving the vote needs to be saved from a user with programming rights. The document to which you attach the poll votes can than be saved using the method saveWithProgrammingRights() on the Document API. This allows you to let XWikiGuest users attach objects to a document they are not allowed to edit. Hope this helps Edo On Sat, Sep 10, 2011 at 12:55 PM, O Voss richyfourtyth...@yahoo.com wrote: Hi, I'm planning to do the following: Each document based on a certain template autmatically gets it's own standard poll. (No customisation.) Each user visiting the page can vote. Having looked at the polls application and played around with templates a bit, I think I know all the ingredients I will need. I have one problem though: Anyone who votes needs write permissions on the document that saves the votes (whereever that may be). If I'm not mistaken that means anyone who can vote theoretically can manipulate voting data by accessing these objects directly. Is there any way to secure this against manipulation a) from users who can vote? b) from the user who created the page? Probably that question is equivalent to: Is there a way to let users save changes on an object only via a script while hindering that very same user from editing it directly? Any hints are greatly appreciated! ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
Re: [xwiki-users] polls and rights
Hi, Unfortunately I never used the polls application, so I don't know what it does / how it works. However I hope I can point you in the right direction. If a document is editable by XWikiGuest (anyone) anyone can change it, so yes, manipulation would be possible. I think what you are looking for are 'programming' rights. The script saving the vote needs to be saved from a user with programming rights. The document to which you attach the poll votes can than be saved using the method saveWithProgrammingRights() on the Document API. This allows you to let XWikiGuest users attach objects to a document they are not allowed to edit. Hope this helps Edo On Sat, Sep 10, 2011 at 12:55 PM, O Voss richyfourtyth...@yahoo.com wrote: Hi, I'm planning to do the following: Each document based on a certain template autmatically gets it's own standard poll. (No customisation.) Each user visiting the page can vote. Having looked at the polls application and played around with templates a bit, I think I know all the ingredients I will need. I have one problem though: Anyone who votes needs write permissions on the document that saves the votes (whereever that may be). If I'm not mistaken that means anyone who can vote theoretically can manipulate voting data by accessing these objects directly. Is there any way to secure this against manipulation a) from users who can vote? b) from the user who created the page? Probably that question is equivalent to: Is there a way to let users save changes on an object only via a script while hindering that very same user from editing it directly? Any hints are greatly appreciated! ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
[xwiki-users] polls and rights
Hi, I'm planning to do the following: Each document based on a certain template autmatically gets it's own standard poll. (No customisation.) Each user visiting the page can vote. Having looked at the polls application and played around with templates a bit, I think I know all the ingredients I will need. I have one problem though: Anyone who votes needs write permissions on the document that saves the votes (whereever that may be). If I'm not mistaken that means anyone who can vote theoretically can manipulate voting data by accessing these objects directly. Is there any way to secure this against manipulation a) from users who can vote? b) from the user who created the page? Probably that question is equivalent to: Is there a way to let users save changes on an object only via a script while hindering that very same user from editing it directly? Any hints are greatly appreciated! ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
