[feature request] bare minimum wiki rights

Help / Discuss
1

It would be immensely useful to have a new type of wiki right which only grants the bare minimum permissions for things to work in the wiki (macros, editor, theming, icons, etc.) without giving viewing rights to the users/groups by default. Currently the default for VIEW is ALLOWED (see Permissions types which is very annoying if one needs to only share one space in a wiki with a user/group, because it means denying this user/group access to all the other spaces in the wiki manually.

Two things could be done IMO:

  1. add a new permission which does this
  2. change default behaviour of VIEW right on wiki level

Anyone else interested in this kind of behaviour?

2

@Qua8zoh6 the things are very simple here: you can have 2 groups GroupOne and GroupTwo. You will give View rights at wiki level to GroupOne and implicitly the View will be denied at wiki level for GroupTwo - no need explicitly deny anything. (In fact, you should try to use only Allow operation. You can consider a good rights design, if you manage to not use Deny). Then, in any space you need, you will grant view to both GroupOne and GroupTwo.

Hope it helps,
Alex

3

We do it this way. All default users we want to have are inside XWikiAllGroup with allowed view (and edit) everywhere.

But we have a MinimalReadGroup with only this views allowed (including their children):

  • Anwendungen.Wiki.Admin.Articles with Script (custom articles for include macro etc.)
  • Anwendungen.Wiki.Admin.Macros, Plugins, Scripts (custom macros, a11y scripts etc.)
  • Anwendungen.Wiki (all custom wiki manuals)
  • FlamingoThemes (our skin default)
  • FlamingoThemes.Custom (our custom style for this skin)
  • IconThemes (we used some icons in manuals)
  • Main (our start page should be visible to all)
  • Menu (topmenu including links to manuals/help)
  • Panels (navigation panel on the left)
  • PanelsCode (code for mentioned panel)
  • Sandbox (because it’s linked in the topmenu too)
  • Tour (interactive tours)
  • TourCode (code for this tours)
  • XWiki (many macros and much more for a functional wiki)

So users we only want to show specific spaces become member of MinimalReadGroup and get their space allowed to view.

1 Like
5

Thank you very much, this is indeed very helpful! Did you set all the rights objects manually or via a custom script? I’m asking because we intend to do something very similar, but for single users outside of our internal groups and would like to create a script for this purpose.

6

Thanks, but this does not solve my problem at all. As explained in my post, this kind of access does not show the navigation panel for example, which makes navigating the space(s) more difficult. Also, if EDIT rights were granted like this, CKEditor would not work, since VIEW on CKEditor is necessary for this. That’s why I asked for a set of minimum permissions, since the space’s EDIT permission alone would not be enough.

To sum it up: what I’d like to have is a “wiki view permission” which only grants access to the core functionality of a wiki without the actual content. So this permission should consist of a list of things which was posted by @Simpel above.

7

We set all those rights manually. Unfortunately I can’t provide a script or snippet for you.

8

No worries, I just wanted to ask. If we manage to cobble together a script/macro, I’ll share it here for everyone.