Hi all,

Currently XWikiRightService has two methods for evaluating programming
rights:

XWikiRightService#hasProgrammingRights(XWikiContext context);
&
XWikiRightService#hasProgrammingRights(XWikiDocument doc, XWikiContext
context);


Since newer components are using DAB (Document Access Bridge) than directly
accessing XWikiRightService, only one form of programming rights evaluation
is available:

<code>
public boolean hasProgrammingRights()
{
    XWikiContext xcontext = getContext();

    return
xcontext.getWiki().getRightService().hasProgrammingRights(xcontext.getDoc(),
xcontext);
}
</code>

So the procedure carried out in evaluating programming rights is:

- If the context document is null, check whether the current user has
programming rights or if he is the superadmin

- If the context document is not null, check if the author of the context
document has programming rights on the context document itself.


Recently we came across a requirement where we need to grant programming
rights to some scripts programmatically. See
http://jira.xwiki.org/jira/browse/XWIKI-4262

With the current policy for programming rights evaluation, this is not
possible (not without side effects). So we need to decide a new method for
granting programming rights.

One approach proposed by Thomas Mortagne is to change the programming rights
evaluation as below:

- Check if a particular flag is set in context (like
"hasProgrammingRights"), if so current execution is considered to have
programming rights

- Else do the earlier evaluation process.


This way we can grant programming rights in a programmatical fashion and
since XWikiContext is mostly read-only for normal users, they won't be
allowed to hijack programming rights by tampering with XWikiContext.


Please let us know your opinions regarding this issue.

Thanks.

- Asiri
_______________________________________________
devs mailing list
devs@xwiki.org
http://lists.xwiki.org/mailman/listinfo/devs

Reply via email to