Hi, On Thu, Jun 4, 2015 at 12:57 PM, robert <[email protected]> wrote:
> Hello, three questions: > > 1) How to make list of all wiki's users > (http://localhost:8080/xwiki/bin/view/Main/UserDirectory) hidden from > users > and unregistered users? By removing "view" rights I made whole "Main" wiki > unavailable and that is not what I wanted. So I simply deleted > "UserDirectory" page. I am not sure whether it was correct approach. > Make sure you understand the difference between page-level rights, space-level rights and wiki-level rights. In this case you only need to edit the page rights of the Main.UserDirectory document. Just deny the view right to the XWikiAllGroup and to unregistered users and you should be fine. > > 2) How to make user profile page available only for particular user? Right > now these profile pages are available for every one who knows the link > (i.e., http://localhost:8080/xwiki/bin/view/XWiki/<USER_NAME>). > You could edit the space-level rights of the "XWiki" space and deny the "view" right to the XWikiAllGroup (that is, to registered users) and to Unregistered Users. This would allow users to only see their own profile and not that of other users. However, the side-effect of this is that UIs where users are displayed (user avatar + user name) will not look right because the current user is not allowed to see other profiles than his own, the result will be that you can see the another user's ID but not his first name and last name, neither his avatar... so the user experience will not be very nice. The reason is that the code displaying users is using the current user's privileges to retrieve the information it is about to show (first name, last name and avatar) and, if the current user does not have the right privileges, what the code will display will be just some very basic stuff. > > 3) How to make user profile pages only read only (if possible then only > admins can edit)? We have integration with LDAP so it makes no sense to > edit > profile info. Also it is not nice that regular user can set "Display hidden > documents" to "True". > This is a bit more complicated because a user has explicitly added a page-level right on his profile page to make sure that he is able to edit it, even if the space-level or wiki-level rights setup deny him to. There are other XWiki features that require the user to be able to set some preferences to his profile page, so it`s not generally a good idea to try to prevent that through rights. Your solution of modifying the sheet should be good enough for the general case, but a user could still use a script to change his profile data programatically. Hope this helps, Eduard > Thanks! > > > > -- > View this message in context: > http://xwiki.475771.n2.nabble.com/User-list-and-user-profile-access-rights-tp7594977.html > Sent from the XWiki- Users mailing list archive at Nabble.com. > _______________________________________________ > users mailing list > [email protected] > http://lists.xwiki.org/mailman/listinfo/users > _______________________________________________ users mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/users
