Rights are more restrictive when logged in

Help / Discuss
1

I have an XWiki instance with several sub-wikis and I would like to share CSS from the main wiki across all the sub-wikis, and some images from one of the sub-wikis with all the other subwikis. All rights are default - no changes have been made and all wikis are publicly visible (on our intranet). When not logged in, everything works as expected. However, when a local user logs into one of the sub-wikis, the CSS and images no longer load.

Here is my setup:

  1. I have a StyleSheetExtension object attached to a page on the main wiki set to “On demand only” with the CSS I want to use on the main wiki and all sub-wikis.
  2. To share the CSS with all subwikis, I have a UIExtensionClass object with the Extension Point ID “org.xwiki.platform.html.head” attached to a page on the main wiki set to “Global”. In it, I have the following velocity script:
{{velocity}}
{{html clean="false"}}  ## We need clean="false" because we want the unmodified raw content
<link href="/xwiki/bin/ssx/assets/css/global" type="text/css" rel="stylesheet">
{{/html}}
{{/velocity}}
  1. The images are attached to a page in one of the sub-wikis (to be used as a “graphics library” for all wikis).

With this setup, if a user is NOT logged in, they can view any page on the main wiki or any sub-wiki and the CSS and images work as expected. If a local user logs into their sub-wiki, the CSS no longer works and the images don’t load.

Why would the logged in user have more restrictive rights to the content from other wikis than someone who is not logged in? Is there a way to fix this?

2

I’ve been doing some more digging and experimenting, and I think the following will make the situation more clear.

I have three wikis:

  • Main Wiki (with global users)
  • Subwiki A (with local users)
  • Subwiki B (with no users - just global admin)
  1. The Main Wiki shares some CSS resources with the whole farm via a UI extension (head) set to Global. The page where the UI extension instance resides is publicly visible (default permissions at page and global level).
  2. Subwiki B shares some image resources with the whole farm. The pages where the images are attached are publicly visible (default permissions at page and global level).
User Viewing Subwiki A Logged In? Member of Subwiki A? Status of Reading Resources Shared from Main Wiki & Subwiki B
Unregistered No No 200 OK
Global User Yes No 200 OK
Local User Yes Yes 403 Forbidden
Local Admin Yes Yes 403 Forbidden

My problem is that I want the Local User on Subwiki A to have the same rights to view/access resources from the Main Wiki and Subwiki B as someone who is unregistered. I cannot for the life of me understand why this is happening or how to fix it.

I have tried adding a green check under “View” for Unregistered Users in both the global and page admin areas. Neither worked, so I returned them to the default of unchecked.

Any ideas at all would be very much appreciated.