Hi all,
Currently XWikiRightService has two methods for evaluating programming
rights:
XWikiRightService#hasProgrammingRights(XWikiContext context);
&
XWikiRightService#hasProgrammingRights(XWikiDocument doc, XWikiContext
context);
Since newer components are using DAB (Document Access Bridge) than directly
accessing XWikiRightService, only one form of programming rights evaluation
is available:
<code>
public boolean hasProgrammingRights()
{
XWikiContext xcontext = getContext();
return
xcontext.getWiki().getRightService().hasProgrammingRights(xcontext.getDoc(),
xcontext);
}
</code>
So the procedure carried out in evaluating programming rights is:
- If the context document is null, check whether the current user has
programming rights or if he is the superadmin
- If the context document is not null, check if the author of the context
document has programming rights on the context document itself.
Recently we came across a requirement where we need to grant programming
rights to some scripts programmatically. See
http://jira.xwiki.org/jira/browse/XWIKI-4262
With the current policy for programming rights evaluation, this is not
possible (not without side effects). So we need to decide a new method for
granting programming rights.
One approach proposed by Thomas Mortagne is to change the programming rights
evaluation as below:
- Check if a particular flag is set in context (like
"hasProgrammingRights"), if so current execution is considered to have
programming rights
- Else do the earlier evaluation process.
This way we can grant programming rights in a programmatical fashion and
since XWikiContext is mostly read-only for normal users, they won't be
allowed to hijack programming rights by tampering with XWikiContext.
Please let us know your opinions regarding this issue.
Thanks.
- Asiri
_______________________________________________
devs mailing list
devs@xwiki.org
http://lists.xwiki.org/mailman/listinfo/devs
