Forum .LRN Q&A: xoWiki - Edit en:weblog / en:index Page

1: xoWiki - Edit en:weblog / en:index Page

Posted by Christian Fuchs on 12/07/07 01:42 PM

When a User which has member right (e.g. Stundent in a class) looks at a wiki page and clicks on "edit" in the menu bar, one can edit the layoutpage of the wiki.
This can happen very easily if the user reads (without clicking on it) the topmost entry and wants to edit text. The user clicks on EDIT not knowing that he will edit the en:index /en:weblog page and could "play around" with this page.
Is it possible to prevent user from editing the en:weblog / en:index page without using policy3 (which might not be wanted, because of administrative work).
Wouldn't it a good idea, if xowiki just takes care of this so that these page would only be accessible through "administration".

2: Re: xoWiki - Edit en:weblog / en:index Page (response to 1)

Posted by Gustaf Neumann on 12/09/07 06:06 PM

good point.

i have updated the xowiki+xotcl core in cvs head to allow in the policy rules conditional checks based on match and regular expressions. One can specify now e.g. that for objects with names ending in weblog or index, one needs admin rights on the package id.

    Class Page -array set require_permission {
      view               none
      revisions          {{package_id write}}
      diff               {{package_id write}}
      edit               {
        {{regexp {name {(weblog|index)$}}} package_id admin} 
        {package_id write}
      }
      ...
    }

One can as well check the contents of other attributes of a page by replacing 'name' with some other attribute.