On our login-protected xwiki 10.11.3, we want open a public space for non registered users.
To make it work properly I enabled general read access for guests and disabled read access to private space.
It working well, except that user profiles (LDAP account) are readable by guest (because profile are in Xwiki space). It is very annoying because user profile displayed phone number, address and other private stuff.
I wonder how can I secure users profiles on my xwiki because these profiles are stored in a flat way in xwiki location.
I think about it and the solution could be to disable read access for non-registered users on each users profile.
Do you have a better idea to secure them?
I could launch a velocity script to add an XWiki.XWikiRights object to disable read for non-registered users but I don’t like a lot this solution (because new user could have their profile non secure during some hours).
How can I secure users profile at user profile creation?
Why do you make the whole XWiki space viewable by guest ? You could allow view access to XWiki space only for registered user and give view right to guest only on the few things they need like the skin. Then any new page in the XWiki space won’t be viewable by guest.
Thxs, I started with your suggetion but it is difficult to make xwiki work fine for guests.
It is complicated to choose space/page to allowed for guests: skin of course but search engine/solr, (maybe live table) etc.
Some page to allow are on main location, other in xwiki (with include instruction often). velocity code with include. For example, suggest search engine doesn’t work.
Anyway I didn’t find a full list of pages to allowed for guest.
Right it depends how many features you want guests to be allowed to use.
So when guest have default view right on XWiki all I can think of is a listener which automatically add a right object with vew right on XWikiAllGroup when a new user is created.
Ok finally I try your proposal but I have an issue with skin of searchSuggest tools.
With guest account, when I typing some word to find, suggetions are temporaly displayed at the bottom of the page.
To complete my issue:
here a snippet to list pages of Xwiki location without groups and users profiles.
(I use a loop because i didn’t found a nice query for this)
{{velocity}}
Liste les pages de l'espace XWiki en excluant les profils utilisateurs.
## Pages Ă exclure
#set($className='XWiki.XWikiUsers')
#set($classNameGroup='XWiki.XWikiGroups')
#set($SpaceName='XWiki')
**Docs on XWiki location without user profile: (exclude user profile and groups)**
$xwiki.ssfx.use("js/xwiki/table/table.css")
$xwiki.jsfx.use("js/xwiki/table/tablefilterNsort.js", true)
{{html wiki='true'}}
<table id="tableid" class="grid sortable filterable doOddEven">
<tr class="sortHeader">
<th>Doc</th>
</tr>
## Query to select doc on XWiki space without user profile
##set($hql = ", BaseObject as obj where doc.fullName = obj.name and obj.className != '$className' and doc.space like '${SpaceName}.%'")
##set($hql = ", BaseObject obj where ((doc.fullName = obj.name and obj.className != '$className') and (doc.space like '${SpaceName}.%' and doc.name = 'WebHome'))")
#set($hql = ", BaseObject as obj where doc.fullName = obj.name and obj.className != '$className' and (doc.space like '${SpaceName}.%' or doc.space like '${SpaceName}')")
##, BaseObject as obj where doc.fullName = obj.name and obj.className = 'XWiki.XWikiUsers'
#set($hql = "where doc.space like '${SpaceName}' or doc.space like '${SpaceName}.%'")
#set($results = $services.query.hql($hql).execute())
#foreach ($Doc in $results)
## if you have more than one object on a page, you will have to loop over them and use "$doc.use"
#set($MyDoc = $xwiki.getDocument("$Doc"))
##set($class = $xwiki.getClass("$className"))
##set($displayPage = False )
## loop over all objects
##if ($MyDoc.getObjects("$className"))
#if (($MyDoc.getObjectNumbers("$className") == 0) && ($MyDoc.getObjectNumbers("$classNameGroup") == 0) )
<tr><td>[[$MyDoc>>$MyDoc]]</td></tr>
#end
## $!displayUser
##set ($PreviousDoc="$MyDoc")
#end
</table>
{{/html}}
{{/velocity}}
Here’s also a link to a snippet which was published in the meantime and which allows to restrict access to user profiles automatically on user creation.