AppWithinMinutes - prevent users from editing structure of the application

Hi,

I need for my users to be able to run scripts (we use a LOT of scripting in our templates), but NOT be administrators, and definitely not be able to edit the structure of an AppWithinMinutes application.

All I want them to see is the “Add New Entry” link in the upper right hand corner, and for any scripts to execute if they view a page. How to accomplish this?

If I select “Program” rights, it appears that it automatically makes them administrators to the wiki, which is no bueno.

Restricting the edit right on the application Code (parent) page (and its children) (see http://extensions.xwiki.org/xwiki/bin/view/Extension/App+Within+Minutes+Application#HApplicationPages ) should prevent your users from editing the application structure.

Much appreciated!

Actually this doesn’t work.

In order for my users to be able to view and execute pages with scripts on them every time, I have to give them programming rights… which automatically gives them Administrator permissions for the entire wiki.

We have lots of pages which execute code, which needs to run every time, as long as the user has permission to view the page. But these users should not be able to see the ‘back end’ xWiki administration pages, much less alter them.

Additionally, we don’t want to allow them to “delete all entries” or “delete application” either. This is what the rights look like:

image

So the PPMO group in this example, should be able to open and view pages that have a great deal of velocity code that will execute on them, but should NOT be able to go to the xWiki Administrative section, nor should they be able to create or alter AppWithinMinutes.

If I remove programming rights, they get an error saying that they don’t have the right to view the page or execute the script.

I hope this makes sense.

This is wrong. Programming and Script rights are evaluated for the script author not for the current user. The current user doesn’t need Programming rights in order to view a page that contains scripts that require programming rights as long as the last page author has Programming rights.

So if a page throws some error related to Script or Programming rights then the issue is most probably related to the last page author not the current user.

Thank you for this clarification… but maybe the way we are implementing xWiki is the problem…

We have lots of modifications to sheets with scripts built into them. If we allow a user without scripts to create a new page using the template, or modify content (but not scripts of course) on the document page, then should a subsequent user (also without scripting rights) be able to view a page content that executes scripts? Because that isn’t working on our end…

Creating new pages from a template or editing existing pages that were created from a template doesn’t affect the sheet used to display these pages. These pages only hold the data, but the code to display the data is in the sheet. As long as the sheet is not modified your simple users only need edit right to edit and create new (data) pages. You just have to make sure that the user that wrote the sheet (its last content author) has programming or script rights (depending on the APIs used in the sheet).