There is a big caveat with the Favorites Application: the favorites of anyone is world-readable because favorites are stored in user profiles ( Loading... ).
After discussion, here’s a new proposal:
Move favorites in a XWiki.USERNAME.MyFavorites page
world-readable by default
the user can change this by setting view rights on the page
Same, but at Favorites.Users.USERNAME
Migration:
A code runs whenever the extension is updated to move the favorites from the user profiles to the dedicated page
the migration is manual and done in an administration section
the favorites are lazily migrated to the dedicated page when the user adds or removes a favorite.
Former proposal :
I would like to make them private. This is a breaking change.
Storage:
I was thinking of storing favorites in a sub space of the Favorites application, each user would have their favorites each in their own page, with rights set such as only the user can read it.
Migration:
A code runs whenever the extension is updated to move the favorites from the user profiles to the dedicated page
the migration is manual and done in an administration section.
Maybe later we could add a public favorites feature if the need arises.
Yes indeed. I was under the assumption that when you favorite pages, it’s for yourself and not others, and maybe if you want to share a list of pages, you should create a regular page with links.
The favorites application doesn’t currently have any UI to share favorites, the world-readable aspect seems like a accident as-is.
Now, I’m not opposed to make this obvious and intentional.
It’s already supported AFAIK and we’ve seen several organizations who don’t want to share user profiles and are setting rights on the user profile pages.
I also think it’s for yourself (as a first basis), but it doesn’t mean you don’t want others to see them. For ex, there are plenty of apps on the internet that allows you to share your favorite books, your favorite music, etc.
I don’t know how the app is coded but one idea would be that the My Favorites tab in the user profile displays content located in a separate myfavorites page on which users could set rights (a page under the user profile maybe). Then, the my favorites tab would display a message if the current logged in user doesn’t have view rights on that myfavorites page. That would allow to make private just the favorites part and not the full user profile.
Note: There are discussions of where we’d put personal pages (see Personal Pages feature ) and under the user profile is a logical location. But I guess that could still work by having a sublevel.
For ex if you’re viewing the Admin user profile:
http://localhost:8080/xwiki/bin/view/XWiki/Admin/Favorites → My favorites
http://localhost:8080/xwiki/bin/view/XWiki/Admin/Personal → Personal Pages
Now this is probably overkill, and we just need a configuration parameter in the user profile, displayed in the My Favorites tab, above the favorites list, to decide if favorites are viewable by others or not. And then just have a check in the display of favorites.
Technically, there can be no page “under” the user profile as user profiles are terminal pages. So those pages won’t be in any relation to the user profile, they’ll just happen to be in a space with the same name. Unfortunately, this has all the same disadvantages as a page in a separate space, for example that renaming the user won’t rename the space.
As much as I would like to have user profiles as non-terminal pages, I fear that’s not possible/realistic.
So I fear it’s not really a good idea to start introducing user spaces, I think the “page with user’s name in the application’s space” approach is the better solution.
Is it a technical problem that user profiles have to stay terminated? Or is it because of to many code that relies on those terminated user pages today?