Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-8892

Cannot create a new page when a user has no 'edit' permission for the parent page

    XMLWordPrintable

Details

    • Unknown
    • N/A
    • N/A

    Description

      I want to protect the WebHome page of a space while making all other pages in the space freely editable, but it seems impossible.

      When a user with 'edit' permission attempts to create a new page from WebHome, where the user has no edit permission, XE denies the access.

      For example:

      • There's a space called MySpace.
      • MySpace can be edited by any registered user. (Space-level permission)
      • MySpace.WebHome can be edited only by admins. (Page-level permission)
      • If a non-admin user visits MySpace.WebHome and clicks the 'Add -> Page' menu item to create a new page:
        • The edit action URL is '/create/MySpace/WebHome'
        • The user sees a permission denied error.
      • What's interesting is:
        • If the user manually enters the edit action URL with non-existing page name such as '/create/MySpace/MyNewPage', the user can create a new 'MyNewPage' under 'MySpace'.
        • The user can even set the parent of 'MyNewPage' to 'WebHome', which contradicts the permission denied error the user got above.

      Attachments

        Activity

          People

            tmortagne Thomas Mortagne
            trustin Trustin Lee
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: