On Thu, Sep 10, 2015 at 3:50 AM, Alex Henrie <alexhenri...@gmail.com> wrote:
> 2015-09-05 3:17 GMT-06:00 vinc...@massol.net <vinc...@massol.net>: > > ok, I understand what you mean now: you’d like the ability to lock down > existing applications, i.e. prevent users of them from making structural > changes to them. > > > > That’s a valid use case and we support it :) > > > > Basically there are 2 use cases: > > * Letting users make changes to applications because this allows > multiple users to develop collaboratively apps using XWiki. The idea is > that of refactoring and an app is never ever finished and can always be > improved. > > * However you may only want some experienced users or devs to do that > and not anyone. > > > > What happens is that the app has 2 types of wiki pages (aka documents): > > * Technical pages that make the app > > * Data pages which are created by the user when he/she uses the app > > > > So what we do is that when we develop apps we usually create 2 spaces, > one for the technical pages and one for the data pages. In this manner we > can set permissions very easily on the space containing the technical pages > so that only some authorized group or users have edit rights on them. > > > > Maybe in your case all that is required is to ask the phenotips > developers to not allow all users to have edit rights by default on the > technical pages of this app (and restrict them to admins by default for > example)? > > PhenoTips already prevents ordinary users from editing technical > pages, period. What I really want is to go a step further and only > allow the inline form editor (editor=inline) to be used to edit data > pages. I do not want users to be able to add classes, objects, or > wikitext to pages (editor=class, editor=object, editor=wiki) outside > of what the editor written specifically for PhenoTips would allow. > The simplest thing you could do is to add a skin extension [1] that hides the unwanted edit modes, either through CSS or through JavaScript. The second option would be to customize the skin [2] and hide the options directly from the skin (server side, in the .vm files). This will still allow some users to directly use a hand-crafter URL (i.e. by bypassing the UI) to access the other edit modes, but those would be isolated cases and should not be an issue. Thanks, Eduard ---------- [1] http://platform.xwiki.org/xwiki/bin/view/DevGuide/SkinExtensionsTutorial [2] http://platform.xwiki.org/xwiki/bin/view/DevGuide/Skins > > Again, this feature is not a dealbreaker, but it could avoid abuse of > the system. > > -Alex > _______________________________________________ > users mailing list > users@xwiki.org > http://lists.xwiki.org/mailman/listinfo/users > _______________________________________________ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users