On 09/21/2011 10:09 AM, Haru Mamburu wrote: > Hi! > > So, this "feature" makes absolutely useless delete rights, for example, if > each and every user with edit rights can easily skip Delete and Admin > Prohibition. Actually edit right behaves like admin in the allowed space. As > for me it looks a little bit wierd.
Well, delete rights are not that relevant actually. By default only the document's creator can delete a document. So, unless you explicitly give delete rights to somebody, they'll only be able to delete their own documents. > All users by default are simple, but as you mentioned, nothing stops the > intruder with edit rights if he knows magic of URLs. > > For me it looks logical, that if I PROHIBITED right to delete or Admin rights > - it means prohibited, but not "don't pay attention'. The delete and admin rights don't normally work on page level anyway, it's pretty hard to get hold of them if they're not explicitly granted. If you want finer grained security, you can implement them in Java, not as normal access rights, but as guard checks blocking actions according to your own custom rules. > For security it means VERY big black whole. And actually we don't have any > instrument to track or stop it (besides watching pages). For semi-open > projects, or even open, like Wikipedia it creates paradise for vandals, even > if you open edit rights only for registered users. Once you can find couple > of hundreds pages in Recycle bin even if nobody but Admin has ability to > delete pages. :-) > And actually rights management contradicts wit 6 user types concept > http://dev.xwiki.org/xwiki/bin/view/Design/6TypesOfXWikiUsers > > So, my proposal is: discuss and implement more precise rights management > system in the neares future. Let's make XWiki more safe :-) Yep, this was actually on the roadmap for 3.1, but it got postponed. Rights management is a very serious issue that needs to be tackled, but it's quite big so it will have to be approached in smaller steps. > Thnks a lot for help, > > Dmitry > > > 21 сентября 2011, 17:39 от Guillaume Lerouge<guilla...@xwiki.com>: >> Hi Dmitry, >> >> unfortunately for your use case this is a feature of XWiki. When a user is >> granted edit right on a page, he is allowed to edit any object attached to >> that page (this is used through the "edit inline" mode as well, when editing >> in inline mode the user is actually updating the values of object properties >> in the page. >> >> One way to work around this is by making all users "simple users" by default >> so that the menus do not display the advanced edit options. However, users >> that know the right URLs will still be able to access the object edition >> mode. >> >> In short: sorry but no, not "safe" the way you mean it :-( >> >> Guillaume >> >> On Sat, Sep 17, 2011 at 6:57 AM, Haru Mamburu<haru_mamb...@mail.ru> wrote: >> >>> >>> Dear Users, >>> >>> XE 3.1. Playing with rights I found very unpleasant and IMO dangerous >>> behaviour. >>> >>> Two Default groups: XWikiAllGroup and XWikiAdminGroup >>> >>> Admin gives rigths to XWikiAllGroup to view pages - no problem. >>> Admin gives rigths to XWikiAllGroup to EDIT pages. From my point of view - >>> EDIT means only page EDIT in edit/inline mode, >>> but not: >>> - managing page access rights >>> - editing in editor object mode. >>> >>> I even tried to prohibit to XWikiAllGroup users Administration rights, >>> nothing changed. As for my project - it is a disaster. >>> I must separate four categories of users: >>> 1. All users - have View access to definite spaces. >>> 2. SOME registered users - have edit rights for spaces/pages (edit/inline), >>> create rights. BUT NO Access rights management, NO object mode editing) Unless you want to put very important information in non-displayed objects, the object edit mode is not that dangerous. As for rights, a user with edit rights on a page can only modify that page in non-dangerous ways: grant or deny other people edit rights. The most dangerous ones, admin and programming, can only be given at the space or wiki level, so as long as you prohibit edit rights on the space preferences page itself, nobody should be able to steal those rights. For delete, you can just implement an event listener that stops all /delete/ actions for non-admins. >>> 3. Admin Users with Admin rights on several spaces to delete/undelete pages >>> AND access rights management. >>> 4. XWiki Admin >>> >>> As I discovered, I can't get split second and third group. :-( >>> >>> It would be wise to avoid rights management and object editing mode >>> availability to "smart" users, that can bring a mess into the system in >>> couple of seconds. For example, "smart user" with edit rights will easily >>> prohibit access to pages to whole XWikiAllGroup OR he even can grant VIEW >>> rights ONLY to XWikiAdminGroup with the same results - page becomes >>> inaccessible to non-admin users. I checked everything with a Test user in >>> XWikiAllGroup. >>> >>> I don't know if it is a bug or a feature, but for me it's a disaster :-( >>> >>> Is there any way to make XWiki project safe? Well, it is safely used in many places, so everything is possible, it only depends on how deep you want to go and how much time you have to learn how to get that deep. >>> Best Regards >>> >>> Dmitry Bakbardin -- Sergiu Dumitriu http://purl.org/net/sergiu/ _______________________________________________ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
