Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-21267

Default home page comes with velocity scripts

    XMLWordPrintable

Details

    • Unknown
    • N/A
    • N/A

    Description

      Following XWIKI-20321, members of xwiki:XWiki.XWikiAllGroup don't get script rights by default on the main wiki.

      While this gives great benefits in regards with security, it also creates a situation where standard users cannot edit a part of the default home page without having velocity errors, because the home page comes by default with two velocity scripts : 

      The second link can be replaced as [[Extension Manager>>XWiki.XWikiPreferences||queryString="editor=globaladmin&section=XWiki.Extensions"]] (taking advantage of the fact that the user will be redirected automatically to the admin action.

      The first link is more difficult to modify ; currently I don't know how we use this version for our documentation on xwiki.org

      The problem that this situation causes a bad experience for new users testing out XWiki without being necessarily the ones that have installed the XWiki instance (and thus being admins). The home page looks like a pretty normal page, and users get confused / don't understand why red messages appear once they change the first paragraph.

      We could think of two options for this issue :

      • Either remove completely any velocity macro, so that the home page is editable again by users without scripting rights
      • Or only grant edit rights on this page to XWikiAdminGroup by default, so that only admins can edit it.

      Attachments

        Activity

          People

            MichaelHamann Michael Hamann
            caubin Clément Aubin
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: