Panels not visible for new users


#1

Hello,

I have added a navigation panel and search panel on the left of my xwiki :

image

Which I am seeing fine when connected with an admin user but not showing up when connected with a new user :

image

You can also see that it is not applying the same theme, are there some rights to configure for panels / themes ?

Thanks


#2

Looks like you have a rights problem. Are new users allowed to access http://mydomain/xwiki/bin/view/Panels/Navigation ? And http://mydomain/xwiki/bin/view/XWiki/DefaultSkin ?


#3

No, both links are not accessible for new users.


#4

This is not the default. Looks like you modified the view right for XWikiAllGroup group (which contain all users by default). Either your user don’t end up in XWikiAllGroup for some reason (custom authentication ?) or you modified the rights.

Here is the default: XWikiAllGroup has view right at wiki level (and XWiki and Panels pages inherit this right).


#5

I am using rest api to create my user, I guess I have to add them to this group with rest api aswell.

EDIT : I just added manually my new user to the group, panels and theme is showing well but I had affected (user) rights to view only some pages. Adding him to the group gave him access to all pages.


#6

Either add the users explicitly to XWikiAllGroup or make that group “virtual”. See property xwiki.authentication.group.allgroupimplicit in xwiki.cfg. Still, adding explicit the user is cleaner even when xwiki.authentication.group.allgroupimplicit is enabled.


#7

I edited my previous reply because I have a new problem now.

How can I set limited rights on specific pages while having my user in XWikiAllGroup. My user now has visibility on all pages. Do I need to remove his access from all pages I do not want him to see ?


#8

Hard to answer. It really depends what are your needs, the rate at which right setup need to change, etc.

Here are some general recommendations regarding right setup maintenability:

  • don’t set right for specific user as much as possible, instead try to group users with similar roles in groups and set rights for those groups
  • avoid DENY as much as possible, when you start setting view (or another) right at a specific level it stop inheriting this right setup from parent pages. So for example when you want only admin to have view right on some page just set view right to admin group on this specific page.

#9

Alright then, how can I create a group such as the group would only see a specific space “Space 1” but not able to see “Space 2” ?


#10

It all depends if you have users which are part of both the group which is not allowed to access “Space 2” and another group which is allowed. If not all you have to do is explicitly indicate which groups are allowed to see “Space 2” (anyone not listed won’t have access).


#11

I just created a group (let’s call it “Space 2 group”) which only has access to “Space 2”, I added my user to “Space 2 group” and to XWikiAllGroup (so he can access navigation panel) but he still has access to “Space 1”.


#12

Not really sure what you expect. If you user is part of XWikiAllGroup and XWikiAllGroup have access to “Space1” then yes the user have access to space1.

If you want all users to have access to “space1” except for “group2” users then you don’t really have much choice: you need to deny access to group2 to “space1”.
The alternative is to create some “group1” group where all users allowed to access to “space1” are added and only give access to “group1”.


#13

So I found a solution which is to add a “deny” access on all new spaces to group XWikiAllGroup. Then I add a “allow” access to each users who can see a specific space. I know this is maybe not the best way to manage rights but I have to do it this way because I am synchronizing XWiki with an external application.

My question is now to know if it is possible to do all of this setup with REST API ? I have not found how I could set rights on a space & child pages, is it possible ?

Thanks a lot.


#14

Yes it’s possible. Rights are actually just xobject in wiki pages so you can set right trough page and object APIs. You can take a look at https://snippets.xwiki.org/xwiki/bin/view/Extension/Setting%20Rights to have an idea of which properties and class names you need to manipulate even if this is not a REST example.


#15

I managed to set up the following Structure of the Knowledge Base in the Organization.

With the cross-setting of the rights, I also stumbled at first, but now I set everything up correctly, even when the user is simultaneously in the ALL group and in his department group.

Now I configure LDAP for this structure, it works OK.

Knowledge%20Base%20Structure


#16

I have tried to modify my user rights with REST API by sending these datas on a specific space :

className=XWiki.XWikiGlobalRights&property#levels=view,edit&property#users=XWikiMyUser&property#allow=1

But it is not working with this classname, it only works with XWiki.XWikiRights


#17

Should I make a new topic because my first problem was solved ?

I am still stuck using XWiki.XWikiGlobalRights, it does not seem to do anything on “Page & child”.