Hi Olaf Sounds like the non-admin user saves the page which needs programming rights - which removes the programming rights and saveWithProgrammingRights will result in an access denied. If you try with an admin user the page gets programming rights and it works.
If I understand correctly you have these three lines in each page - which leads to each page needing programming rights. I think it might work if you put this code snippet in a separate page, saved by the admin, and just include it in the template. Cheers, Edo On Sat, Sep 17, 2011 at 6:14 PM, O Voss <[email protected]> wrote: > Hi again, > > Now I tried to do this with templates. > > I have the following code in a class sheet: > > #set($sDoc = $xwiki.getDocument('MediaRating.Test')) > #set($dummy = $sDoc.setContent($doc.getName())) > #set($dummy = $sDoc.saveWithProgrammingRights()) > > What it should do is this: Each time a page that is based on the template is > diplayed the name of that page is writen to the content of the page > 'MediaRating.Test'. > > (In the following when I speak of 'creating a page' I always mean 'creating a > page based on a template with the sheet containing the code above'.) > > I wrote the class, the sheet etc. all with an admin user. When I first tested > with the same admin user, it worked fine. When I switched to a normal user > and displayed the page that had been created by the admin user it still > worked. But when I created a new page with the normal user I get an error: > > Failed to execute the [velocity] macro > > The probably most important line in the stack trace: > > Caused by: com.xpn.xwiki.XWikiException: Error number 9001 in 9: Access > denied with no programming rights document MediaRating.Test > > What is most irritating is this: After switching back to an admin user I get > the same error when creating new pages with this user too. It somehow looks > as if the template has become 'dirty' by being touched from a normal user. > > Any hints? > > Cheers, > > Olaf > > > > > >>________________________________ >>Von: O Voss <[email protected]> >>An: XWiki Users <[email protected]> >>Gesendet: 19:03 Dienstag, 13.September 2011 >>Betreff: Re: [xwiki-users] polls and rights >> >>Thanks! >> >>I thought I had tried that before, but I must have mixed that test with other >>things before. Now it worked indeed in a small hello world test I just did. >>I'll have to see if I also manage to get it working in templates and on >>automatically generated documents. But you've surely sent me in the right >>direction! >> >>Cheers, >> >>Olaf >> >> >> >> >>>________________________________ >>>Von: Edo Beutler <[email protected]> >>>An: O Voss <[email protected]>; XWiki Users <[email protected]> >>>Gesendet: 14:01 Montag, 12.September 2011 >>>Betreff: Re: [xwiki-users] polls and rights >>> >>>Hi, >>> >>>Unfortunately I never used the polls application, so I don't know what >>>it does / how it works. However I hope I can point you in the right >>>direction. >>> >>>If a document is editable by XWikiGuest (anyone) .... anyone can >>>change it, so yes, manipulation would be possible. I think what you >>>are looking for are 'programming' rights. The script saving the vote >>>needs to be saved from a user with programming rights. The document to >>>which you attach the poll votes can than be saved using the method >>>saveWithProgrammingRights() on the Document API. This allows you to >>>let XWikiGuest users attach objects to a document they are not allowed >>>to edit. >>> >>>Hope this helps >>>Edo >>> >>>On Sat, Sep 10, 2011 at 12:55 PM, O Voss <[email protected]> wrote: >>>> Hi, >>>> >>>> I'm planning to do the following: >>>> >>>> Each document based on a certain template autmatically gets it's own >>>> standard poll. (No customisation.) Each user visiting the page can vote. >>>> >>>> Having looked at the polls application and played around with templates a >>>> bit, I think I know all the ingredients I will need. >>>> >>>> I have one problem though: Anyone who votes needs write permissions on the >>>> document that saves the votes (whereever that may be). If I'm not mistaken >>>> that means anyone who can vote theoretically can manipulate voting data by >>>> accessing these objects directly. >>>> >>>> Is there any way to secure this against manipulation >>>> >>>> a) from users who can vote? >>>> b) from the user who created the page? >>>> >>>> Probably that question is equivalent to: Is there a way to let users save >>>> changes on an object only via a script while hindering that very same user >>>> from editing it directly? >>>> >>>> Any hints are greatly appreciated! >> >>_______________________________________________ >>users mailing list >>[email protected] >>http://lists.xwiki.org/mailman/listinfo/users >> >> >> > _______________________________________________ > users mailing list > [email protected] > http://lists.xwiki.org/mailman/listinfo/users > _______________________________________________ users mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/users
