Implicit Users

Last modified by Ecaterina Moraru (Valica) on 2018/07/04 19:01

 Requirements
 Idea
  • Open XWIKI-15414 Enable XWikiAllGroup as implicit group by default
  • Closed XWIKI-2116 Allow XWiki.XWikiAllGroup to be an implicit group, containing all the users without explicitly listing them as objects
  • Closed XWIKI-11818 Change default value of xwiki.users.initialGroups based on xwiki.authentication.group.allgroupimplicit
  • Open XWIKI-15394 Extension page delete protection does not apply to the Delete Group Administration UI
  • Open XWIKI-15401 Extension page delete protection does not apply to the Delete User Administration UI
  • Open XWIKI-9681 Empty groups can still have hidden rights applied, but not displayed in the UI
  • Open XWIKI-11624 User membership is not restored when a user page is restored from trashbin
  • Open XWIKI-15413 Deleting XWikiAllGroup loses the default/implicit rights

Description

Issue 1: Deleting and restoring an user doesn't preserves Groups and Rights

Issue type Issue stateXWIKI-11624 User membership is not restored when a user page is restored from trashbin
Issue type Issue stateXWIKI-15401 Extension page delete protection does not apply to the Delete User Administration UI
  • If you create a new user (evalica) it will automatically be added in XWikiAllGroup
  • If you delete the user (evalica) it will automatically be deleted from XWikiAdminGroup and XWikiAllGroup; and it will have all it's rights removed
  • If you restore the user (evalica), you will see the user in Administration: Users; but it is not re-added in initial groups, nor have its rights restored. This can be seen as a partial restore. The relations were not preserved, so some users expected to have like a rollback behavior (remembering the exact state) and not restoring just the page.

Issue 2: XWikiAllGroup doesn't behave like a 'special' group

  • There are several instances when the XWikiAllGroup gets  desynchronised. For example, when restoring an user, it does not automatically appear in XWikiAllGroup. 
  • Some users expect that XWikiAllGroup would showcase always the count and contain at all times ALL the valid / existing users in the instance.

Disable the ability to delete the XWikiAllGroup

Issue type Issue stateXWIKI-15413 Deleting XWikiAllGroup loses the default/implicit rights
Issue type Issue stateXWIKI-15394 Extension page delete protection does not apply to the Delete Group Administration UI
Issue type Issue stateXWIKI-9681 Empty groups can still have hidden rights applied, but not displayed in the UI
  • Currently this group can be deleted from the Administration UI or the page UI. Since this deletion can have fatal consequences (leaving all users without rights), we could prevent that deletion; just like we don't allow the deletion of your own user.
  • Since it's a special group, we could have a special way to display it in Rights and also not being able to delete it from Groups. 

Enable XWikiAllGroup as implicit group by default

Issue type Issue stateXWIKI-15414 Enable XWikiAllGroup as implicit group by default
XWIKI-11818 Change default value of xwiki.users.initialGroups based on xwiki.authentication.group.allgroupimplicit
XWIKI-2116 Allow XWiki.XWikiAllGroup to be an implicit group, containing all the users without explicitly listing them as objects
  • We have a mechanism to make the XWikiAllGroup implicit in xwiki.cfg. Enabling by default would fix the user deletion / restoring issues, making sure valid users don't lose their rights. 
xwiki.users.initialGroups=
xwiki.authentication.group.allgroupimplicit=1
  • Having this initial group configuration is also recommended for large instance from a performance point of view, removing the need to have objects for each user.
  • Still, in terms of UI, we will need to fix some issues:
    • We should keep displaying the XWikiAllGroup in Groups, in order for users to see the correct count;
      • even if the users act like they are in the XWikiAllGroup, the Administration - Group count doesn't reflect the correct count. We would need to fix in getgroups.vm how we count the users, also the Groups modal should display all valid users;
      • the XWikiAllGroup count from Administration Groups should be consistent with the count from Administration Users or User Index;
      • yes, this means that the user management can be done from multiple parts, but if they are not consistent in behavior than it can be very confusing;
    • We should keep displaying the XWikiAllGroup in Rights, in order for users to be able to set Rights for this group;
      • We can have special displays for XWikiAllGroup and XWiki Guests, but we need to be very explicit what are the rights set for each of them. See more rights proposals.

 

Tags:
Created by Ecaterina Moraru (Valica) on 2018/07/04 13:38
    

Get Connected