Hide the user directory for non-admin users

What’s the best solution to hide the user directory for uses who are not admins?
It shouldn’t be visible on the “Hamburger Menu” -> Home -> User Directory, too.

What would happen if I uninstall the user directory? Are there any drawbacks? Would a admin still be able to manage users and groups?

I guess, the same is necessary for
https://[wiki-url]/bin/view/XWiki/XWikiUsers

That’s supposed to work but I don’t think it’s ever been tested, would be interesting to try :slight_smile:

You won’t have the user directory UI any more :slight_smile:

Yes

Someone would need to check as I don’t recall if it’s a UIX or not. If it is then it can be disabled or there can be an IF put to make it visible only to admins. Re the user directory page, it’s possible to put permissions on that page.

Thanks for you response. Uninstalling the user directory app doesn’t work because its a hard dependency somewhere.

So, the user directory need to set to hidden for non-admin users somehow. Additionally, the internal page
https://[wiki-url]/bin/view/XWiki/XWikiUsers needs to be hidden to non-admin users.

Unfortunately, the user directory page can not be managed. Only the “parent page” can be managed…

ok so I checked, the code is at https://github.com/xwiki/xwiki-platform/blob/053f0a2757cea18a5916632a58c6046ba61954cd/xwiki-platform-core/xwiki-platform-user/xwiki-platform-user-directory/xwiki-platform-user-directory-ui/src/main/resources/XWiki/UserIndexUIX.xml#L110

What it means is that if the UserDirectory page is not visible to the current user (no view right), it’s not displayed. So all is good, you just need to set the permissions on that page.

This needs to be visible to all for xwiki to work £AFAIK. This page is already a hidden page. What’s the problem?

A jira issue should be raised to make it optional. Could you do that? thx

hmm indeed. Maybe raise a jira issue for this too, explaining your use case?

In your wiki you could FTM transform it into a nested page and set permissions on it.

I can not change the user dirctory page. It only gives me the option to “manage the parent page”.

Note: this means that the “User Index” drawer entry will disappear but you could add another UIX to the new page, that’s easy.

If someone know the page, it is visible and again, all users are shown. Would it be possible to restrict the access to the page to only admins?

By default in XWiki all user pages can be seen by anyone, have you done something to change that? If you change that then it’s possible that you’ll break some code since a query for users may not return all users anymore…

EDIT: But I guess this is what you want. Should be ok I think, never tried it so I don’t know the exact consequences but I don’t see why it wouldn’t work.

so, you mean to “move” the User Directory Page to e.g. “/Xwiki/Hidden” page?

Its OK to see an individual page. But there should be no list of users. Nowhere :slight_smile:

Nope, as a nested page i.e from Main.UserDirectory to Main.UserDirectory.WebHome. You need to be an advanced user and click move and uncheck the “terminal page” checkbox.

OK, looks like uninstalling the user directory extensions works. First goal achieved.

Unfortunately, there are “many”? resources in which it is still possible to see a large number of users:

  • /bin/view/XWiki/XWikiUsers
  • /bin/view/XWiki/XWikiAllGroup
  • All other available groups

Currently, I don’t see a possibility to

  • hide the user <-> group association in a user profile
  • to hide listing of the users in a group

From the privacy perspective, this isn’t pretty good but I try to find / try any solution.

good.

Could you detail the issue?

  • Is the issue about knowing user names (and if so, why is it a privacy issue in your case? I believe that in some cases it’s ok, for ex when I go to my physical running group, I have access to anyone’s name. Maybe you have an open wiki, which IMO would make it an issue if the users are not aware that their data is public (if they are aware then it’s no longer an issue since they’d put only what they want others to see). For ex, this is what users do on xwiki.org, only put what they want others to see.
  • Or is the issue about the various information shown in the user profile? If this is the issue then it’s easy to fix by changing a single wiki page (the user sheet). However, this won’t fix all problem since you could access this information using the REST API for ex or using scripting.

Some questions: what should be private and to whom? If it should be private for everyone except the user then there’s no interest in filling that data at all, is there? Should it be visible to admins or to some people from some groups?

I’m asking this to try to define the use cases so that you/we could create jira issues about it.

If I read between the lines, I feel we should introduce a privacy xproperty metadata for any field with different values such as: private (only the xobject document creator can see it), public (everyone can see it), only visible to some groups, etc. Then, when we display these xproperty values, we would do the same as we do for email fields (Actually we could retrofit this concept to the email field too and when adding an email xproperty type, set that metadata to “private” for ex or to the AdminGroup).

So we need to gather all the use cases and needs.

You could modify the page’s content to not list the users.

You could remove that group and set it to be implicit, see https://jira.xwiki.org/browse/XWIKI-15414 which points to documentation about how to do that.

You could edit http://localhost:8080/xwiki/bin/view/XWiki/XWikiGroupSheet and add an IF condition to only display the list if the user is part of the AdminGroup for ex:

Screenshot 2020-12-01 at 20.14.11

Note that if you do this you solve all the group display issues at once.

Could be something to consider doing by default in XS, especially since these pages are admin pages and we have the user directory for a user page listing all users. Feel free to create a jira for this too.

First of all, thank you very much! This is what I want. From my perspective there should be some options to XwikiGroupSheet which are somewhere visible in the xwiki administration ui:

  • don’t list the members of groups at all
  • list the members only for admins
  • list members but only for groups in which the user (currently viewing a group) is in (maybe a good default)
  • list members

Without your change, it would have been possible that user A is only in group G but can see all available members in group X. (which can be a super private group whose members should be really hidden).

The drawback of your suggested change is, that I don’t know what will happen if there is upgrade to xwiki itself. Hopefully nothing will break. I guess, I need to make sure after each upgrade that the change in XwikiGroupSheet is still there.

Regarding the user directory extension, it should be possible to have a setting to only show the user directory for certain users. As I’m using docker images, hopefully the user directory will be gone forever - or I need to uninstall the extension after each docker image upgrade.

Why do I need so many privacy? Well, just think about a large organization. A really large org in which there are hundreds of groups. They don’t want that everyone knows that they are currently in group A or B. They are only in group C and they work together in group C. If member of group C would leave the organization, it wouldn’t be nice that he/she collects all groups (the whole organization + including group A and B at which the were never members) and all groups-members association and make it public in the internet.

There is only one issue I currently see (maybe there are others, but…):
On a group page, like /bin/view/XWiki/MyGroup there is the down-arrow. If I press on this arrow, I get a list of all users, again. :roll_eyes: see:

image

XWiki will try to auto merge at each upgrade and if there’s a conflict it’ll ask you to resolve it.

That will work. The permanent directory is kept between image upgrades.

For that I think you’ll need to set permissions on the user profile pages. Otherwise anyone can check the profiles one by one and gather that info or could write a small script to get the info too (if they have the scripting right and the right permissions - I don’t remember if you need PR for these apis or not).

Since this needs to be automated you’d need to write an EventListener in java that does this. Since you seem to be in a large company setup, I’d recommend contacting one of the sponsoring companies of XWiki (like XWiki SAS) and asking them about this whole need you have. I’m sure they can provide some solution to you (and cleaner than the hacks I mentioned above). Actually, if you want to help the xwiki open source project and contribute something back, you could sponsor some dev of these privacy features, through XWiki SAS. That would be great.

Thanks

Is it maybe possible to disable the breadcrumb navigation on the top of the page completely? I don’t need it.

Another thing I want to hide is, in which group a member is. So in the User Profile there is this Group tab which I would prefer to completely remove.