Skip to Content

Wiki source code of Access Rights

Version 11.1 by OCTAGRAM on 2010/07/07
Show last authors
1 {{info}}
2 This page is being reworked now, therefore don't change here anything, see the current [[Draft>>http://dev.xwiki.org/xwiki/bin/view/Drafts/Access Rights]].
3 {{/info}}
4
5 {{box cssClass="floatinginfobox" title="**Contents**"}}
6 {{toc/}}
7 {{/box}}
8
9 This page aims at explaining how access rights work in XWiki. It will help you configure access rights on your wiki so that every user can only see and do what he should be allowed to.
10
11 = Wiki Access Configuration =
12
13 The first thing you will want to do is configure a policy access for your wiki. Depending on what you intend to use your wiki for, you have several options:
14
15 * [[Open Wiki>>#HOpenWiki]]: anyone can edit pages (including non registered users)
16 * [[Public Wiki>>#HPublicWiki]]: only registered users can edit pages but registration is open to anyone. This is the default configuration of the default wiki (the wiki provided as a XAR on the [[download page>>xwiki:Main.Download]]).
17 * [[Private Wiki with password>>#HPrivateWikiwithpassword]]: registration is closed
18 * [[Private Wiki with token for registering>>#HPrivateWikiwithtoken]]: registration is closed but users knowing the token can register
19
20 == Open Wiki ==
21
22 You can configure your Wiki to be open, so that everyone can edit, comment without registering or logging in.
23
24 == Public Wiki ==
25
26 Nothing to do. This is the default Way. If you want that only people with a verified Email Address can edit pages, you have to set "Use email verification" AND "Check Active fields for user authentication" to "Yes" in Administration/Registration.
27
28 === Requiring guests to fill out a CAPTCHA in order to comment (Since: [[Enterprise 2.3M1>>xwiki:Main.ReleaseNotesXWikiEnterprise23M1]]) ===
29
30 It is nice to allow guests to comment on a page, often the most helpful people are unwilling to go to the bother of registration and it creates a more open atmosphere. Unfortunately comments can contain links which can be used as a vector for search engine spam. To keep your site open while preventing automated commenting, you can require guests to fill out a captcha before commenting. The captcha will not be displayed or even loaded until they click on the comment window to type their message so you need not worry about guests' idle surfing causing the [[captcha module>>code:Modules.CaptchaModule]] to use too much of your server's CPU power.
31
32 You can require guests to fill out a captcha for posting comments on a wiki or space level. You can require it on the wiki level but remove that requirement for a single space, or you can require it only for one or more spaces but not the entire wiki.
33 To turn on comment captcha requirement, go to wiki or space administration, click on the "Rights" section and notice the checkbox toward the bottom labeled "Require unregistered users to solve a captcha when posting a comment on a page". Check that box and guests will be required to solve a captcha to comment.
34 **Note:** This setting does not allow guests to comment, it only denies them permission to comment without a captcha on pages where they already had it. To allow commenting, you will have to check the normal "allow comment" checkbox for unregistered users.
35
36 Result:
37 [[image:CaptchaComment.png||style="border: 1px solid black;"]]
38
39 == Private Wiki with password ==
40
41 === Global rights ===
42
43 In [[Global rights>>http://localhost:8080/xwiki/bin/admin/XWiki/XWikiPreferences?editor=globalrights&global=1]] set **User:XWikiGuest, Groups:, Level:register, Allow-Deny:Allow**.
44
45 === Registration ===
46
47 In [[Preferences>>http://localhost:8080/xwiki/bin/admin/XWiki/XWikiPreferences]] under **Registration** set **Use email verification:yes**. fill the other fields appropriately.
48
49 == Private Wiki with token ==
50
51 TODO
52
53 * **[[Find out more about XWiki access rights here>>Access Rights]]**
54
55
56
57 This page aims at explaining how access rights work in XWiki. It will help you configure access rights on your wiki so that every user can only see and do what he should be allowed to.
58
59 = An overview of rights =
60
61 Here is a lists of all the rights available in XWiki Enterprise and their default setting.
62
63 * //**Right name:** brief description of the right//
64 ** //Availability: at what level can you set this right?//
65 *** //Page: this right can be set at the page level//
66 *** //Space: this right can be set at the space level//
67 *** //Wiki: this right can be set at the wiki level//
68 ** //Default status: is the right allowed or denied when the checkbox is left blank?//
69 *** //ALLOWED: this means that users CAN perform the given action if no other right is set//
70 *** //DENIED: this means that users CANNOT perform the given action if no other right is set//
71 ** //Priority order: which setting wins over another if an user has 2 different settings?//
72 ** //Checking order: at what level is the right checked first?//
73 * **View:** whether users can see the page
74 ** Availability:
75 *** Page
76 *** Space
77 *** Wiki
78 ** Default status: ALLOWED
79 ** Priority order: deny > allow > no setting
80 ** Checking order: page > space > wiki
81 * **Comment:** whether users can add a comment to the page
82 ** Availability:
83 *** Page
84 *** Space
85 *** Wiki
86 ** Default status: ALLOWED
87 ** Priority order: deny > allow > no setting
88 ** Checking order: page > space > wiki
89 * **Edit:** whether users can edit and save modifications to the page
90 ** Availability:
91 *** Page
92 *** Space
93 *** Wiki
94 ** Default status: ALLOWED
95 ** Priority order: deny > allow > no setting
96 ** Checking order: page > space > wiki
97 * **Delete:** whether users can delete the page
98 ** Availability:
99 *** Page
100 *** Space
101 *** Wiki
102 ** Default status: DENIED (unless you're the document creator)
103 ** Priority order: deny > allow > no setting
104 ** Checking order: page > space > wiki
105 * **Admin:** whether users can manage administration settings for the space / wiki
106 ** Availability:
107 *** Space (Automatically includes the view, comment, edit, delete rights)
108 *** Wiki (Automatically includes the view, comment, edit, delete, register, program rights)
109 ** Default status: ALLOWED
110 ** Priority order: allow > deny > no setting
111 ** Checking order: wiki > space
112 * **Register:** whether users can create new user accounts
113 ** Availability:
114 *** Wiki
115 ** Default status: ALLOWED
116 ** Priority order: allow > deny > no setting
117 ** Checking order: wiki
118 * **Program:** whether protected APIs & Groovy code available in wiki pages last saved by this user
119 ** Availability:
120 *** Wiki
121 ** Default status: DENIED
122 ** Priority order: allow > deny > no setting
123 ** Checking order: wiki
124
125 = Execution order =
126
127 [[The full answer lies in the code.>>http://svn.xwiki.org/svnroot/xwiki/platform/core/trunk/xwiki-core/src/main/java/com/xpn/xwiki/user/impl/xwiki/XWikiRightServiceImpl.java]]

About

About

Support

Platform

User Guide

Admin Guide

Developer Guide

Projects

XWiki

Extensions

Other

Contribute

Status

Practices

Under the Hood

Get Involved

Get Connected