There is a list called $blacklistedSpaces it is set statically in xwikivars.vm
http://svn.xwiki.org/svnroot/xwiki/platform/web/trunk/standard/src/main/webapp/templates/xwikivars.vm
Spaces on this list will not be shown in the table and I think the same is true
for the tree.
You could add a $xwiki.searchDocuments("where doc.name=?", ["WebHome"])
and test each of the names in the output list with
$xcontext.hasAccessLevel("view"...
To dynamically compile a list of spaces which should be blacklisted.
Keep in mind this will incur a performance penalty since this code is executed
per page load. You could also just add the space names which you wish to hide.
Also keep in mind that this is not a real security fix because a user is allowed
to list document names using $searchDocuments("where 1=1") but it will avoid
showing
the documents to users who are not concerned with them.
Caleb
Ben Stuggler wrote:
> Hi,
>
> I have a "security" problem in the document tree. People who doesn't have
> access to a specific space shouldn't even see his name in the tree results.
>
> I'm looking for the parameter which has to be modify to solve this problem
> but unfortunetely, it's very hard to find it. Can somebody help me?
> => there is a condition to had a link in the space name to see documents
> inside, I think it's here that I have to modify something but I can't find
> this code...
>
> Thanks
>
> Regards
>
> Ben
_______________________________________________
users mailing list
[email protected]
http://lists.xwiki.org/mailman/listinfo/users
