What’s the best solution to hide the user directory for uses who are not admins?
It shouldn’t be visible on the “Hamburger Menu” -> Home -> User Directory, too.
What would happen if I uninstall the user directory? Are there any drawbacks? Would a admin still be able to manage users and groups?
I guess, the same is necessary for
https://[wiki-url]/bin/view/XWiki/XWikiUsers
Someone would need to check as I don’t recall if it’s a UIX or not. If it is then it can be disabled or there can be an IF put to make it visible only to admins. Re the user directory page, it’s possible to put permissions on that page.
Thanks for you response. Uninstalling the user directory app doesn’t work because its a hard dependency somewhere.
So, the user directory need to set to hidden for non-admin users somehow. Additionally, the internal page
https://[wiki-url]/bin/view/XWiki/XWikiUsers needs to be hidden to non-admin users.
Unfortunately, the user directory page can not be managed. Only the “parent page” can be managed…
What it means is that if the UserDirectory page is not visible to the current user (no view right), it’s not displayed. So all is good, you just need to set the permissions on that page.
By default in XWiki all user pages can be seen by anyone, have you done something to change that? If you change that then it’s possible that you’ll break some code since a query for users may not return all users anymore…
EDIT: But I guess this is what you want. Should be ok I think, never tried it so I don’t know the exact consequences but I don’t see why it wouldn’t work.
Nope, as a nested page i.e from Main.UserDirectory to Main.UserDirectory.WebHome. You need to be an advanced user and click move and uncheck the “terminal page” checkbox.
Is the issue about knowing user names (and if so, why is it a privacy issue in your case? I believe that in some cases it’s ok, for ex when I go to my physical running group, I have access to anyone’s name. Maybe you have an open wiki, which IMO would make it an issue if the users are not aware that their data is public (if they are aware then it’s no longer an issue since they’d put only what they want others to see). For ex, this is what users do on xwiki.org, only put what they want others to see.
Or is the issue about the various information shown in the user profile? If this is the issue then it’s easy to fix by changing a single wiki page (the user sheet). However, this won’t fix all problem since you could access this information using the REST API for ex or using scripting.
Some questions: what should be private and to whom? If it should be private for everyone except the user then there’s no interest in filling that data at all, is there? Should it be visible to admins or to some people from some groups?
I’m asking this to try to define the use cases so that you/we could create jira issues about it.
If I read between the lines, I feel we should introduce a privacy xproperty metadata for any field with different values such as: private (only the xobject document creator can see it), public (everyone can see it), only visible to some groups, etc. Then, when we display these xproperty values, we would do the same as we do for email fields (Actually we could retrofit this concept to the email field too and when adding an email xproperty type, set that metadata to “private” for ex or to the AdminGroup).
So we need to gather all the use cases and needs.
You could modify the page’s content to not list the users.
You could remove that group and set it to be implicit, see Loading... which points to documentation about how to do that.
Note that if you do this you solve all the group display issues at once.
Could be something to consider doing by default in XS, especially since these pages are admin pages and we have the user directory for a user page listing all users. Feel free to create a jira for this too.
First of all, thank you very much! This is what I want. From my perspective there should be some options to XwikiGroupSheet which are somewhere visible in the xwiki administration ui:
don’t list the members of groups at all
list the members only for admins
list members but only for groups in which the user (currently viewing a group) is in (maybe a good default)
list members
Without your change, it would have been possible that user A is only in group G but can see all available members in group X. (which can be a super private group whose members should be really hidden).
The drawback of your suggested change is, that I don’t know what will happen if there is upgrade to xwiki itself. Hopefully nothing will break. I guess, I need to make sure after each upgrade that the change in XwikiGroupSheet is still there.
Regarding the user directory extension, it should be possible to have a setting to only show the user directory for certain users. As I’m using docker images, hopefully the user directory will be gone forever - or I need to uninstall the extension after each docker image upgrade.
Why do I need so many privacy? Well, just think about a large organization. A really large org in which there are hundreds of groups. They don’t want that everyone knows that they are currently in group A or B. They are only in group C and they work together in group C. If member of group C would leave the organization, it wouldn’t be nice that he/she collects all groups (the whole organization + including group A and B at which the were never members) and all groups-members association and make it public in the internet.
There is only one issue I currently see (maybe there are others, but…):
On a group page, like /bin/view/XWiki/MyGroup there is the down-arrow. If I press on this arrow, I get a list of all users, again. see:
XWiki will try to auto merge at each upgrade and if there’s a conflict it’ll ask you to resolve it.
That will work. The permanent directory is kept between image upgrades.
For that I think you’ll need to set permissions on the user profile pages. Otherwise anyone can check the profiles one by one and gather that info or could write a small script to get the info too (if they have the scripting right and the right permissions - I don’t remember if you need PR for these apis or not).
Since this needs to be automated you’d need to write an EventListener in java that does this. Since you seem to be in a large company setup, I’d recommend contacting one of the sponsoring companies of XWiki (like XWiki SAS) and asking them about this whole need you have. I’m sure they can provide some solution to you (and cleaner than the hacks I mentioned above). Actually, if you want to help the xwiki open source project and contribute something back, you could sponsor some dev of these privacy features, through XWiki SAS. That would be great.