On the particular issue of the navigation panel, I checked:
but I see no DocumentTree among the requests.
All the web requests end in 200, except for: http://<host>:8080/xwiki/bin/view/Main/$escapetool.xml($ssxHref) => 404
The XWiki page is, as correctly guesses, denied to anybody - I set very strict permissions on this wiki because it is meant to contain information to be shared among several actors in our company.
If I give to the user group this user belongs to the View on Xwiki page in Page & Children the navigation panel gets populated, but with a bit too much entries:
The first two entries are the pages this user should see; I can accept the Xwiki Syntax Guide, but not the user profiles pages.
If I, instead, set the same permissions permission only in Page, the Navigation Panel doesn’t load at all (so it is back like in the first screenshot)
Other threads either had no replies beside the opening post, or led to nothing.
Several users fall into the Admin group and have full control on the wiki.
A bunch of others (like the one because of whom I started this thread) falls into Employees and start with no permissions at all.
This is the target page (as an admin sees it):
and these are the permissions actually set:
My user correctly sees the page content and that page child page:
This is the user profile page, opened from the user session. The page title isn’t rendered, but holds the LDAP username instead; though the Created and Last modified user names are correctly rendered.
And the page is empty, although is this user page (but this may make sense given that no permission are given around).
Strangely, there’s no “Loading…” in the navigation panel, here.
and the only request that ends in error is
http://<host>:8080/xwiki/bin/view/XWiki/$escapetool.xml($ssxHref) => 403 (instead of 404)
Oh, forgot to tell out XWiki version, I’m adding it to the first post.
Because the tree is now using a POST request to fetch its data (in order to avoid too long URL when excluded pages are part of the request). You should look for a POST request for the current page which has this in the request body:
sheet=XWiki.DocumentTree
You need to give view right to these two pages: XWiki.DocumentTree and XWiki.DocumentTreeMacros.
The same goes for the other page XWiki.DocumentTreeMacros, I arrive here:
and if I change the rights I’m back with what I posted in my first post: the navigation panel shows too many pages - even other users profile pages become viewable.
That’s normal because it’s a request for the current page with a sheet that the current user doesn’t have view right on so it falls back on displaying the current page.
It’s a terminal page, so you need to look in the Edit drop down menu.
This is one of the pages I mentioned. The other is XWiki.DocumentTreeMacros.
Have you also give view rights for the second page I mentioned?
Ah, I didn’t look there. May I propose to move it to the other dropdown menu or has it already been discussed in the past?
Oops, I hadn’t.
Now I had given the View permission to both and the menu is populated as expected
Before editing, a warning stated that I was changing a page belonging to an extension (or to XWiki I don’t recall ATM): will I loose the changes in access rights when I update XWiki?
Now back to the main topic of the thread: how would I discover these kind of permission requirements? Since I have a group with no permissions, I’ll surely step into other issues.
Is there some log, some admin settings that could help me find why a certain page isn’t viewable to a user, or are the sources the only way to learn this?
PS: And the rule is: if you set an explicit view right to someone (user/group) all others with no explicit allowance wouldn’t see it. That’s what the first snippet is useful to check this.
