Hi again,
Now I tried to do this with templates.
I have the following code in a class sheet:
#set($sDoc = $xwiki.getDocument('MediaRating.Test'))
#set($dummy = $sDoc.setContent($doc.getName()))
#set($dummy = $sDoc.saveWithProgrammingRights())
What it should do is this: Each time a page that is based on the template is
diplayed the name of that page is writen to the content of the page
'MediaRating.Test'.
(In the following when I speak of 'creating a page' I always mean 'creating a
page based on a template with the sheet containing the code above'.)
I wrote the class, the sheet etc. all with an admin user. When I first tested
with the same admin user, it worked fine. When I switched to a normal user and
displayed the page that had been created by the admin user it still worked. But
when I created a new page with the normal user I get an error:
Failed to execute the [velocity] macro
The probably most important line in the stack trace:
Caused by: com.xpn.xwiki.XWikiException: Error number 9001 in 9: Access denied
with no programming rights document MediaRating.Test
What is most irritating is this: After switching back to an admin user I get
the same error when creating new pages with this user too. It somehow looks as
if the template has become 'dirty' by being touched from a normal user.
Any hints?
Cheers,
Olaf
>________________________________
>Von: O Voss <[email protected]>
>An: XWiki Users <[email protected]>
>Gesendet: 19:03 Dienstag, 13.September 2011
>Betreff: Re: [xwiki-users] polls and rights
>
>Thanks!
>
>I thought I had tried that before, but I must have mixed that test with other
>things before. Now it worked indeed in a small hello world test I just did.
>I'll have to see if I also manage to get it working in templates and on
>automatically generated documents. But you've surely sent me in the right
>direction!
>
>Cheers,
>
>Olaf
>
>
>
>
>>________________________________
>>Von: Edo Beutler <[email protected]>
>>An: O Voss <[email protected]>; XWiki Users <[email protected]>
>>Gesendet: 14:01 Montag, 12.September 2011
>>Betreff: Re: [xwiki-users] polls and rights
>>
>>Hi,
>>
>>Unfortunately I never used the polls application, so I don't know what
>>it does / how it works. However I hope I can point you in the right
>>direction.
>>
>>If a document is editable by XWikiGuest (anyone) .... anyone can
>>change it, so yes, manipulation would be possible. I think what you
>>are looking for are 'programming' rights. The script saving the vote
>>needs to be saved from a user with programming rights. The document to
>>which you attach the poll votes can than be saved using the method
>>saveWithProgrammingRights() on the Document API. This allows you to
>>let XWikiGuest users attach objects to a document they are not allowed
>>to edit.
>>
>>Hope this helps
>>Edo
>>
>>On Sat, Sep 10, 2011 at 12:55 PM, O Voss <[email protected]> wrote:
>>> Hi,
>>>
>>> I'm planning to do the following:
>>>
>>> Each document based on a certain template autmatically gets it's own
>>> standard poll. (No customisation.) Each user visiting the page can vote.
>>>
>>> Having looked at the polls application and played around with templates a
>>> bit, I think I know all the ingredients I will need.
>>>
>>> I have one problem though: Anyone who votes needs write permissions on the
>>> document that saves the votes (whereever that may be). If I'm not mistaken
>>> that means anyone who can vote theoretically can manipulate voting data by
>>> accessing these objects directly.
>>>
>>> Is there any way to secure this against manipulation
>>>
>>> a) from users who can vote?
>>> b) from the user who created the page?
>>>
>>> Probably that question is equivalent to: Is there a way to let users save
>>> changes on an object only via a script while hindering that very same user
>>> from editing it directly?
>>>
>>> Any hints are greatly appreciated!
>
>_______________________________________________
>users mailing list
>[email protected]
>http://lists.xwiki.org/mailman/listinfo/users
>
>
>
_______________________________________________
users mailing list
[email protected]
http://lists.xwiki.org/mailman/listinfo/users
