On Fri, Aug 31, 2012 at 12:34 PM, Gabriele Giammatteo <gabriele.giammat...@gmail.com> wrote: > Dear all, > I discovered an unexpected behaviour in my installation of "XWIKI > ENTERPRISE 4.2.2". > > I have in space Main a set of "public" pages meaning that can be viewed by > un-registerd users and a set of "private" pages that needs to be logged-in > to view them. I achieved such a configuration by (starting from the initial > configuration) denying View permission for un-registered users at wiki > level (hence by default the wiki is private) and granting explicitly, for > each page I want to be public, the View permission for un-registered users. > > Now, I want to export the space Main in html format. Following the guide at > [1], I'm using this URL: > > http://<SERVER>/xwiki/bin/export/Main/<PAGE>?format=html&pages=Main.%25 > > If PAGE=MyPrivatePage (a private page) and I'm not logged-in, the browser > redirects me to the login page. Correct. > > If PAGE=MyPublicPage (a public page) and I'm not logged-in the export > works. Then opening the zip archive returned, I found that it contains also > private pages! > > In the matter of facts, as un-registered user I did an export of the entire > space starting from a page viewable by unregistered users and I obtained in > the zip ALL pages including pages that I cannot normally view from the > browser! > > For what I understood, xwiki checks access rights for PAGE, but if allowed, > then the export includes all pages regardless whether the user that is > requesting the export can view those pages or not. > > Maybe I just set permissions in the wrong way. Can someone give me a hint > on this?
You just found a bug I think. From what I can see, the right of the current user is not really taken into account in the code that do the HTML export. Would be nice if you could report it on http://jira.xwiki.org/browse/XWIKI. > > Thank you very much, > Gabriele > > [1] http://platform.xwiki.org/xwiki/bin/view/Features/Exports > _______________________________________________ > users mailing list > users@xwiki.org > http://lists.xwiki.org/mailman/listinfo/users -- Thomas Mortagne _______________________________________________ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
