Skip to Content

Wiki source code of Access Rights

Version 10.2 by Sorin Burjan on 2010/06/23
Show last authors
1 {{info}}
2 This page is being reworked now, therefore don't change here anything, see the current [[Draft>>http://dev.xwiki.org/xwiki/bin/view/Drafts/Access Rights]].
3 {{/info}}
4
5 {{box cssClass="floatinginfobox" title="**Contents**"}}
6 {{toc/}}
7 {{/box}}
8
9 This page aims at explaining how access rights work in XWiki. It will help you configure access rights on your wiki so that every user can only see and do what he should be allowed to.
10
11 = Wiki Access Configuration =
12
13 The first thing you will want to do is configure a policy access for your wiki. Depending on what you intend to use your wiki for, you have several options:
14
15 * [[Open Wiki>>#HOpenWiki]]: anyone can edit pages (including non registered users)
16 * [[Public Wiki>>#HPublicWiki]]: only registered users can edit pages but registration is open to anyone. This is the default configuration of the default wiki (the wiki provided as a XAR on the [[download page>>xwiki:Main.Download]]).
17 * [[Private Wiki with password>>#HPrivateWikiwithpassword]]: registration is closed
18 * [[Private Wiki with token for registering>>#HPrivateWikiwithtoken]]: registration is closed but users knowing the token can register
19
20 == Open Wiki ==
21
22 You can configure your Wiki to be open, so that everyone can edit, comment without registering or logging in.
23
24 == Public Wiki ==
25
26 Nothing to do. This is the default Way. If you want that only people with a verified Email Address can edit pages, you have to set "Use email verification" AND "Check Active fields for user authentication" to "Yes" in Administration/Registration.
27
28 === Requiring guests to fill out a CAPTCHA in order to comment (Since: [[Enterprise 2.3M1>>xwiki:Main.ReleaseNotesXWikiEnterprise23M1]]) ===
29
30 It is nice to allow guests to comment on a page, often the most helpful people are unwilling to go to the bother of registration and it creates a more open atmosphere. Unfortunately comments can contain links which can be used as a vector for search engine spam. To keep your site open while preventing automated commenting, you can require guests to fill out a captcha before commenting. The captcha will not be displayed or even loaded until they click on the comment window to type their message so you need not worry about guests' idle surfing causing the [[captcha module>>code:Modules.CaptchaModule]] to use too much of your server's CPU power.
31
32 You can require guests to fill out a captcha for posting comments on a wiki or space level. You can require it on the wiki level but remove that requirement for a single space, or you can require it only for one or more spaces but not the entire wiki.
33 To turn on comment captcha requirement, go to wiki or space administration, click on the "Rights" section and notice the checkbox toward the bottom labeled "Require unregistered users to solve a captcha when posting a comment on a page". Check that box and guests will be required to solve a captcha to comment.
34 **Note:** This setting does not allow guests to comment, it only denies them permission to comment without a captcha on pages where they already had it. To allow commenting, you will have to check the normal "allow comment" checkbox for unregistered users.
35
36 Result:
37 [[image:CaptchaComment.png||style="border: 1px solid black;"]]
38
39 == Private Wiki with password ==
40
41 === Global rights ===
42
43 In [[Global rights>>http://localhost:8080/xwiki/bin/admin/XWiki/XWikiPreferences?editor=globalrights&global=1]] set **User:XWikiGuest, Groups:, Level:register, Allow-Deny:Allow**.
44
45 === Registration ===
46
47 In [[Preferences>>http://localhost:8080/xwiki/bin/admin/XWiki/XWikiPreferences]] under **Registration** set **Use email verification:yes**. fill the other fields appropriately.
48
49 == Private Wiki with token ==
50
51 TODO
52
53 * **[[Find out more about XWiki access rights here>>Access Rights]]**
54
55
56
57
58 This page aims at explaining how access rights work in XWiki. It will help you configure access rights on your wiki so that every user can only see and do what he should be allowed to.
59
60 = An overview of rights =
61
62 Here is a lists of all the rights available in XWiki Enterprise and their default setting.
63
64 * //**Right name:** brief description of the right//
65 ** //Availability: at what level can you set this right?//
66 *** //Page: this right can be set at the page level//
67 *** //Space: this right can be set at the space level//
68 *** //Wiki: this right can be set at the wiki level//
69 ** //Default status: is the right allowed or denied when the checkbox is left blank?//
70 *** //ALLOWED: this means that users CAN perform the given action if no other right is set//
71 *** //DENIED: this means that users CANNOT perform the given action if no other right is set//
72 ** //Priority order: which setting wins over another if an user has 2 different settings?//
73 ** //Checking order: at what level is the right checked first?//
74 * **View:** whether users can see the page
75 ** Availability:
76 *** Page
77 *** Space
78 *** Wiki
79 ** Default status: ALLOWED
80 ** Priority order: deny > allow > no setting
81 ** Checking order: page > space > wiki
82 * **Comment:** whether users can add a comment to the page
83 ** Availability:
84 *** Page
85 *** Space
86 *** Wiki
87 ** Default status: ALLOWED
88 ** Priority order: deny > allow > no setting
89 ** Checking order: page > space > wiki
90 * **Edit:** whether users can edit and save modifications to the page
91 ** Availability:
92 *** Page
93 *** Space
94 *** Wiki
95 ** Default status: ALLOWED
96 ** Priority order: deny > allow > no setting
97 ** Checking order: page > space > wiki
98 * **Delete:** whether users can delete the page
99 ** Availability:
100 *** Page
101 *** Space
102 *** Wiki
103 ** Default status: DENIED (unless you're the document creator)
104 ** Priority order: deny > allow > no setting
105 ** Checking order: page > space > wiki
106 * **Admin:** whether users can manage administration settings for the space / wiki
107 ** Availability:
108 *** Space (Automatically includes the view, comment, edit, delete rights)
109 *** Wiki (Automatically includes the view, comment, edit, delete, register, program rights)
110 ** Default status: ALLOWED
111 ** Priority order: allow > deny > no setting
112 ** Checking order: wiki > space
113 * **Register:** whether users can create new user accounts
114 ** Availability:
115 *** Wiki
116 ** Default status: ALLOWED
117 ** Priority order: allow > deny > no setting
118 ** Checking order: wiki
119 * **Program:** whether users can use protected APIs & Groovy code in wiki pages
120 ** Availability:
121 *** Wiki
122 ** Default status: DENIED
123 ** Priority order: allow > deny > no setting
124 ** Checking order: wiki
125
126 = Execution order =
127
128 [[The full answer lies in the code.>>http://svn.xwiki.org/svnroot/xwiki/platform/core/trunk/xwiki-core/src/main/java/com/xpn/xwiki/user/impl/xwiki/XWikiRightServiceImpl.java]]

About

About

Support

Platform

User Guide

Admin Guide

Developer Guide

Projects

XWiki

Extensions

Other

Contribute

Status

Practices

Under the Hood

Get Involved

Get Connected