XWiki › XWiki- Dev

Question on Object rights

8 messages Options
Embed this post
Permalink
vmassol

Question on Object rights

Reply Threaded More More options
Print post
Permalink
Hi,

I've just noticed on trunk that now non admin users can only see a few  
classes in the object editor: some Blog classes and the Panel Class.

Is that normal? I don't remember when we decided this.

Thanks
-Vincent

_______________________________________________
devs mailing list
[hidden email]
http://lists.xwiki.org/mailman/listinfo/devs
Guillaume Lerouge

Re: Question on Object rights

Reply Threaded More More options
Print post
Permalink
Hi,

On Tue, Oct 27, 2009 at 9:18 PM, Vincent Massol <[hidden email]> wrote:

> Hi,
>
> I've just noticed on trunk that now non admin users can only see a few
> classes in the object editor: some Blog classes and the Panel Class.
>
> Is that normal? I don't remember when we decided this.
>

That sounds weird given I don't recall any discussion about this either.
Could a commit of XWiki.XWikiPreferences have slipped with specific rights
object attached to it that should not have been there?

Anyway, I think users with edit rights should be allowed to see all existing
objects in the object editor.

Guillaume


> Thanks
> -Vincent
>
> _______________________________________________
> devs mailing list
> [hidden email]
> http://lists.xwiki.org/mailman/listinfo/devs
>



--
Guillaume Lerouge
Product Manager - XWiki SAS
Skype: wikibc
Twitter: glerouge
http://guillaumelerouge.com/
_______________________________________________
devs mailing list
[hidden email]
http://lists.xwiki.org/mailman/listinfo/devs
vmassol

Re: Question on Object rights

Reply Threaded More More options
Print post
Permalink
In reply to this post by vmassol
Ok it seems this was done by Sergiu in rev 18828 for issue  
"XAPANELS-77: Improve class and object editor panels"

The AddObject panel was modified to have this check:

#foreach ($classname in $xwiki.classList)
   #if($!xwiki.hasAccessLevel("edit", $classname))
...

Thus only Objects for which the user has edit rights on the Class name  
are listed.

Is that what we want? It doesn't sound quite right to me.

Thanks
-Vincent

On Oct 27, 2009, at 9:18 PM, Vincent Massol wrote:

> Hi,
>
> I've just noticed on trunk that now non admin users can only see a  
> few classes in the object editor: some Blog classes and the Panel  
> Class.
>
> Is that normal? I don't remember when we decided this.
>
> Thanks
> -Vincent
>

_______________________________________________
devs mailing list
[hidden email]
http://lists.xwiki.org/mailman/listinfo/devs
vmassol

Re: Question on Object rights

Reply Threaded More More options
Print post
Permalink

On Oct 28, 2009, at 11:29 AM, Vincent Massol wrote:

> Ok it seems this was done by Sergiu in rev 18828 for issue  
> "XAPANELS-77: Improve class and object editor panels"
>
> The AddObject panel was modified to have this check:
>
> #foreach ($classname in $xwiki.classList)
>  #if($!xwiki.hasAccessLevel("edit", $classname))
> ...
>
> Thus only Objects for which the user has edit rights on the Class  
> name are listed.
>
> Is that what we want? It doesn't sound quite right to me.

BTW that's why users on cannot add macros, plugins, etc anymore on  
code.xwiki.org I think.

-Vincent

>
> Thanks
> -Vincent
>
> On Oct 27, 2009, at 9:18 PM, Vincent Massol wrote:
>
>> Hi,
>>
>> I've just noticed on trunk that now non admin users can only see a  
>> few classes in the object editor: some Blog classes and the Panel  
>> Class.
>>
>> Is that normal? I don't remember when we decided this.
>>
>> Thanks
>> -Vincent
>>
>

_______________________________________________
devs mailing list
[hidden email]
http://lists.xwiki.org/mailman/listinfo/devs
Guillaume Lerouge

Re: Question on Object rights

Reply Threaded More More options
Print post
Permalink
Hi,

On Wed, Oct 28, 2009 at 11:30 AM, Vincent Massol <[hidden email]> wrote:

>
> On Oct 28, 2009, at 11:29 AM, Vincent Massol wrote:
>
> > Ok it seems this was done by Sergiu in rev 18828 for issue
> > "XAPANELS-77: Improve class and object editor panels"
> >
> > The AddObject panel was modified to have this check:
> >
> > #foreach ($classname in $xwiki.classList)
> >  #if($!xwiki.hasAccessLevel("edit", $classname))
> > ...
> >
> > Thus only Objects for which the user has edit rights on the Class
> > name are listed.
> >
> > Is that what we want? It doesn't sound quite right to me.
>

I would rather say that if the user can view the Object's Class and has edit
right on the target page he should be allowed to add that object to the
page. For instance an user might not be able to edit the BlogArticle class
yet want to add a blog article object to a page...

Looks like a regression to me.

Guillaume


> BTW that's why users on cannot add macros, plugins, etc anymore on
> code.xwiki.org I think.
>
> -Vincent
>
> >
> > Thanks
> > -Vincent
> >
> > On Oct 27, 2009, at 9:18 PM, Vincent Massol wrote:
> >
> >> Hi,
> >>
> >> I've just noticed on trunk that now non admin users can only see a
> >> few classes in the object editor: some Blog classes and the Panel
> >> Class.
> >>
> >> Is that normal? I don't remember when we decided this.
> >>
> >> Thanks
> >> -Vincent
> >>
> >
>
> _______________________________________________
> devs mailing list
> [hidden email]
> http://lists.xwiki.org/mailman/listinfo/devs
>



--
Guillaume Lerouge
Product Manager - XWiki SAS
Skype: wikibc
Twitter: glerouge
http://guillaumelerouge.com/
_______________________________________________
devs mailing list
[hidden email]
http://lists.xwiki.org/mailman/listinfo/devs
tmortagne

Re: Question on Object rights

Reply Threaded More More options
Print post
Permalink
In reply to this post by vmassol
On Wed, Oct 28, 2009 at 11:29, Vincent Massol <[hidden email]> wrote:
> Ok it seems this was done by Sergiu in rev 18828 for issue
> "XAPANELS-77: Improve class and object editor panels"
>
> The AddObject panel was modified to have this check:
>
> #foreach ($classname in $xwiki.classList)
>   #if($!xwiki.hasAccessLevel("edit", $classname))

That does not make sense, a user should be able to add an object even
if he can't modify the class.

> ...
>
> Thus only Objects for which the user has edit rights on the Class name
> are listed.
>
> Is that what we want? It doesn't sound quite right to me.
>
> Thanks
> -Vincent
>
> On Oct 27, 2009, at 9:18 PM, Vincent Massol wrote:
>
>> Hi,
>>
>> I've just noticed on trunk that now non admin users can only see a
>> few classes in the object editor: some Blog classes and the Panel
>> Class.
>>
>> Is that normal? I don't remember when we decided this.
>>
>> Thanks
>> -Vincent
>>
>
> _______________________________________________
> devs mailing list
> [hidden email]
> http://lists.xwiki.org/mailman/listinfo/devs
>



--
Thomas Mortagne
_______________________________________________
devs mailing list
[hidden email]
http://lists.xwiki.org/mailman/listinfo/devs
vmassol

Re: Question on Object rights

Reply Threaded More More options
Print post
Permalink

On Oct 28, 2009, at 12:10 PM, Thomas Mortagne wrote:

> On Wed, Oct 28, 2009 at 11:29, Vincent Massol <[hidden email]>  
> wrote:
>> Ok it seems this was done by Sergiu in rev 18828 for issue
>> "XAPANELS-77: Improve class and object editor panels"
>>
>> The AddObject panel was modified to have this check:
>>
>> #foreach ($classname in $xwiki.classList)
>>   #if($!xwiki.hasAccessLevel("edit", $classname))
>
> That does not make sense, a user should be able to add an object even
> if he can't modify the class.

I've created http://jira.xwiki.org/jira/browse/XAPANELS-95

Waiting for Sergiu's input. He must have had some reason for doing this.

Thanks
-Vincent

>> ...
>>
>> Thus only Objects for which the user has edit rights on the Class  
>> name
>> are listed.
>>
>> Is that what we want? It doesn't sound quite right to me.
>>
>> Thanks
>> -Vincent
>>
>> On Oct 27, 2009, at 9:18 PM, Vincent Massol wrote:
>>
>>> Hi,
>>>
>>> I've just noticed on trunk that now non admin users can only see a
>>> few classes in the object editor: some Blog classes and the Panel
>>> Class.
>>>
>>> Is that normal? I don't remember when we decided this.
>>>
>>> Thanks
>>> -Vincent
_______________________________________________
devs mailing list
[hidden email]
http://lists.xwiki.org/mailman/listinfo/devs
Sergiu Dumitriu-2

Re: Question on Object rights

Reply Threaded More More options
Print post
Permalink
On 10/28/2009 12:13 PM, Vincent Massol wrote:

>
> On Oct 28, 2009, at 12:10 PM, Thomas Mortagne wrote:
>
>> On Wed, Oct 28, 2009 at 11:29, Vincent Massol<[hidden email]>
>> wrote:
>>> Ok it seems this was done by Sergiu in rev 18828 for issue
>>> "XAPANELS-77: Improve class and object editor panels"
>>>
>>> The AddObject panel was modified to have this check:
>>>
>>> #foreach ($classname in $xwiki.classList)
>>>    #if($!xwiki.hasAccessLevel("edit", $classname))
>>
>> That does not make sense, a user should be able to add an object even
>> if he can't modify the class.
>
> I've created http://jira.xwiki.org/jira/browse/XAPANELS-95
>
> Waiting for Sergiu's input. He must have had some reason for doing this.

Yes, a really good reason: copy/paste. That check was supposed to be
just in the class editor, for the "edit another class" select.

> Thanks
> -Vincent
>
>>> ...
>>>
>>> Thus only Objects for which the user has edit rights on the Class
>>> name
>>> are listed.
>>>
>>> Is that what we want? It doesn't sound quite right to me.
>>>
>>> Thanks
>>> -Vincent
>>>
>>> On Oct 27, 2009, at 9:18 PM, Vincent Massol wrote:
>>>
>>>> Hi,
>>>>
>>>> I've just noticed on trunk that now non admin users can only see a
>>>> few classes in the object editor: some Blog classes and the Panel
>>>> Class.
>>>>
>>>> Is that normal? I don't remember when we decided this.
>>>>
>>>> Thanks
>>>> -Vincent
> _______________________________________________
> devs mailing list
> [hidden email]
> http://lists.xwiki.org/mailman/listinfo/devs
>


--
Sergiu Dumitriu
http://purl.org/net/sergiu/
_______________________________________________
devs mailing list
[hidden email]
http://lists.xwiki.org/mailman/listinfo/devs
Free Embeddable Forum Powered by Nabble Help