Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-13255

Manage the Access Rights for a page creator



    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 7.4.2
    • Fix Version/s: None
    • Labels:
    • Environment:
      Mozilla 45
    • Difficulty:
    • Similar issues:


      1. Test on XE 7.4.2. Create 2 simple users: U1 and U2 with global Edit rights and set Advanced type in the profile.
      2. Create with U1 a nested page P1.
      3. Go to Access Rights from that page .
      4. Now, in this step, search the user U2 and Deny the VIEW right for page P1.

      Actual result:

      • At first click, U1 user grant view right for U2 user on page P1.
      • When user U1 try to deny the View right for user U2 on page P1, user U1 gets this message:
        An error occurred while communicating with the server. Please check that the server is accessible, and you have the proper rights to perform the requested action
      • With this action (grant view right) for user U2, U1 lost his View rights on the document.
      • User U1, creator of page P1, is not able to deny the view right for U2 user.
      • There are some Ajax errors that I found with Java Melody like:
        /bin/P1/?xpage=saverights&clsname=XWiki.XWikiRights&fullname=XWiki.QA&uorg=users&form_token=x9k2pYR9HfdYlb3fYphiOg&action=deny&right=view ajax GET

      Expected result:

      • As a normal user and creator of the page , I expect to keep my View rights on the document, even if I granted View right also to another user at the page level.
      • Or, I expect to see a different message for page creator , like : "This action cannot be completed, because of this basic XWiki rule..." or "With this action, you will lose the view rights on this document, because of XWiki basic rule..." or "There is a risk for you to loose the view rights on this page".


      • This scenario won`t happen if user U1 grant the view right for him first (at the page P1 level) and give also view right after for U2 user.
      • I consider the user, if it is the creator of a page, must be informed about this rule : Giving view right to other user at page level, by default deny the view right for creator of page.




            Unassigned Unassigned
            ihrehorciuc Irina Hrehorciuc
            0 Vote for this issue
            4 Start watching this issue


              Date of First Response: