Wiki source code of Access Rights

Version 10.2 by Sorin Burjan on 2010/06/23

version	line-number	content
6.3	1	{{info}}
	2	This page is being reworked now, therefore don't change here anything, see the current [[Draft>>http://dev.xwiki.org/xwiki/bin/view/Drafts/Access Rights]].
	3	{{/info}}
	4
7.1	5	{{box cssClass="floatinginfobox" title="Contents"}}
	6	{{toc/}}
	7	{{/box}}
	8
1.1	9	This page aims at explaining how access rights work in XWiki. It will help you configure access rights on your wiki so that every user can only see and do what he should be allowed to.
	10
7.2	11	= Wiki Access Configuration =
7.1	12
	13	The first thing you will want to do is configure a policy access for your wiki. Depending on what you intend to use your wiki for, you have several options:
	14
	15	* [[Open Wiki>>#HOpenWiki]]: anyone can edit pages (including non registered users)
	16	* [[Public Wiki>>#HPublicWiki]]: only registered users can edit pages but registration is open to anyone. This is the default configuration of the default wiki (the wiki provided as a XAR on the [[download page>>xwiki:Main.Download]]).
	17	* [[Private Wiki with password>>#HPrivateWikiwithpassword]]: registration is closed
	18	* [[Private Wiki with token for registering>>#HPrivateWikiwithtoken]]: registration is closed but users knowing the token can register
	19
	20	== Open Wiki ==
	21
7.2	22	You can configure your Wiki to be open, so that everyone can edit, comment without registering or logging in.
7.1	23
	24	== Public Wiki ==
	25
	26	Nothing to do. This is the default Way. If you want that only people with a verified Email Address can edit pages, you have to set "Use email verification" AND "Check Active fields for user authentication" to "Yes" in Administration/Registration.
	27
	28	=== Requiring guests to fill out a CAPTCHA in order to comment (Since: [[Enterprise 2.3M1>>xwiki:Main.ReleaseNotesXWikiEnterprise23M1]]) ===
	29
	30	It is nice to allow guests to comment on a page, often the most helpful people are unwilling to go to the bother of registration and it creates a more open atmosphere. Unfortunately comments can contain links which can be used as a vector for search engine spam. To keep your site open while preventing automated commenting, you can require guests to fill out a captcha before commenting. The captcha will not be displayed or even loaded until they click on the comment window to type their message so you need not worry about guests' idle surfing causing the [[captcha module>>code:Modules.CaptchaModule]] to use too much of your server's CPU power.
	31
	32	You can require guests to fill out a captcha for posting comments on a wiki or space level. You can require it on the wiki level but remove that requirement for a single space, or you can require it only for one or more spaces but not the entire wiki.
	33	To turn on comment captcha requirement, go to wiki or space administration, click on the "Rights" section and notice the checkbox toward the bottom labeled "Require unregistered users to solve a captcha when posting a comment on a page". Check that box and guests will be required to solve a captcha to comment.
	34	Note: This setting does not allow guests to comment, it only denies them permission to comment without a captcha on pages where they already had it. To allow commenting, you will have to check the normal "allow comment" checkbox for unregistered users.
	35
	36	Result:
10.2	37	[[image:CaptchaComment.png\|\|style="border: 1px solid black;"]]
7.1	38
	39	== Private Wiki with password ==
	40
	41	=== Global rights ===
	42
	43	In [[Global rights>>http://localhost:8080/xwiki/bin/admin/XWiki/XWikiPreferences?editor=globalrights&global=1]] set User:XWikiGuest, Groups:, Level:register, Allow-Deny:Allow.
	44
	45	=== Registration ===
	46
	47	In [[Preferences>>http://localhost:8080/xwiki/bin/admin/XWiki/XWikiPreferences]] under Registration set Use email verification:yes. fill the other fields appropriately.
	48
	49	== Private Wiki with token ==
	50
	51	TODO
	52
	53	* [[Find out more about XWiki access rights here>>Access Rights]]
	54
	55
	56
	57
	58	This page aims at explaining how access rights work in XWiki. It will help you configure access rights on your wiki so that every user can only see and do what he should be allowed to.
	59
6.2	60	= An overview of rights =
1.1	61
3.1	62	Here is a lists of all the rights available in XWiki Enterprise and their default setting.
1.1	63
6.1	64	* //Right name: brief description of the right//
	65	** //Availability: at what level can you set this right?//
	66	*** //Page: this right can be set at the page level//
	67	*** //Space: this right can be set at the space level//
	68	*** //Wiki: this right can be set at the wiki level//
	69	** //Default status: is the right allowed or denied when the checkbox is left blank?//
	70	*** //ALLOWED: this means that users CAN perform the given action if no other right is set//
	71	*** //DENIED: this means that users CANNOT perform the given action if no other right is set//
	72	** //Priority order: which setting wins over another if an user has 2 different settings?//
	73	** //Checking order: at what level is the right checked first?//
	74	* View: whether users can see the page
3.1	75	** Availability:
	76	*** Page
	77	*** Space
	78	*** Wiki
1.1	79	** Default status: ALLOWED
2.1	80	** Priority order: deny > allow > no setting
3.1	81	** Checking order: page > space > wiki
6.1	82	* Comment: whether users can add a comment to the page
3.1	83	** Availability:
	84	*** Page
	85	*** Space
	86	*** Wiki
1.1	87	** Default status: ALLOWED
2.1	88	** Priority order: deny > allow > no setting
3.1	89	** Checking order: page > space > wiki
6.1	90	* Edit: whether users can edit and save modifications to the page
3.1	91	** Availability:
	92	*** Page
	93	*** Space
	94	*** Wiki
1.1	95	** Default status: ALLOWED
2.1	96	** Priority order: deny > allow > no setting
3.1	97	** Checking order: page > space > wiki
6.1	98	* Delete: whether users can delete the page
3.1	99	** Availability:
	100	*** Page
	101	*** Space
	102	*** Wiki
2.1	103	** Default status: DENIED (unless you're the document creator)
	104	** Priority order: deny > allow > no setting
3.1	105	** Checking order: page > space > wiki
6.1	106	* Admin: whether users can manage administration settings for the space / wiki
3.1	107	** Availability:
	108	*** Space (Automatically includes the view, comment, edit, delete rights)
	109	*** Wiki (Automatically includes the view, comment, edit, delete, register, program rights)
2.1	110	** Default status: ALLOWED
	111	** Priority order: allow > deny > no setting
3.1	112	** Checking order: wiki > space
6.1	113	* Register: whether users can create new user accounts
3.1	114	** Availability:
	115	*** Wiki
1.1	116	** Default status: ALLOWED
2.1	117	** Priority order: allow > deny > no setting
3.1	118	** Checking order: wiki
6.1	119	* Program: whether users can use protected APIs & Groovy code in wiki pages
3.1	120	** Availability:
	121	*** Wiki
1.1	122	** Default status: DENIED
2.1	123	** Priority order: allow > deny > no setting
3.1	124	** Checking order: wiki
2.1	125
6.2	126	= Execution order =
2.1	127
6.1	128	[[The full answer lies in the code.>>http://svn.xwiki.org/svnroot/xwiki/platform/core/trunk/xwiki-core/src/main/java/com/xpn/xwiki/user/impl/xwiki/XWikiRightServiceImpl.java]]

Wiki source code of Access Rights

Quick Links

Navigation

About

About

Support

Platform

User Guide

Admin Guide

Developer Guide

Projects

XWiki

Extensions

Other

Contribute

Status

Practices

Under the Hood

Get Involved

Get Connected