Thanks, Sergiu!
Can you point out, where should I look, to implement it in more
appropriate way?
Valdis
> Sorry Valdis, but this won't fix the problem nicely, since it breaks the
> livetable paging. You'll only get the items that are public from a
> specific page, but the results are split into pages regardless of their
> access, so in the end you might see 15/15 items, or 10/15 items, or just
> an empty page with no items. This still discloses some information,
> which is how many private documents are there matching my livetable
> filters, and how might they be named.
>
> A user with a lot of patience (or scripting skills) can actually get the
> same information as he can see with the current implementation, by
> searching letter by letter if a certain document name filter gives more
> results (in the count) than are actually displayed.
>
> A proper fix requires fixing things at a lower level, so that even the
> simple count method fully checks access rights. But that is going to be
> very taxing on performance, so it's not something that can easily be
> implemented.
>
>
> On 11/07/2013 04:34 PM, Valdis Vītoliņš wrote:
> > Got it right with
> > /xwiki/bin/view/XWiki/LiveTableResultsMacros
> > changing to following (diff lines):
> >
> > 190 - #gridresult_buildRowJSON($item $rows)
> > 190 + #if($xwiki.getDocument($item).hasAccessLevel('view'))
> > 191 + #gridresult_buildRowJSON($item $rows)
> > 192 + #end
> >
> > http://jira.xwiki.org/browse/XWIKI-9649
> >
> > Valdis
> >
> >> I have the same kind of objects: part of them are publicly available,
> >> but others ar private.
> >>
> >> Using Livetable macro, for anonymous user it shows entries with
> >> documents (without hyperlinks), which actually are not accessible.
> >> With note under table:
> >> (*) Some documents require special rights to be viewed
> >>
> >> Is it possible to show only accessible documents?
> >> Currently I look at /xwiki/bin/edit/XWiki/LiveTableResultsMacros
> >> page, though cannot see anything related to it...
> >>
> >> Thanks!
> >> Valdis
>
>
_______________________________________________
users mailing list
[email protected]
http://lists.xwiki.org/mailman/listinfo/users
