ping? :)
- Asiri
On Tue, Sep 1, 2009 at 3:13 PM, Asiri Rathnayake <asiri.rathnay...@gmail.com
> wrote:
> Hi all,
>
>
> Currently XWikiRightService has two methods for evaluating programming
> rights:
>
> XWikiRightService#hasProgrammingRights(XWikiContext context);
> &
> XWikiRightService#hasProgrammingRights(XWikiDocument doc, XWikiContext
> context);
>
>
> Since newer components are using DAB (Document Access Bridge) than directly
> accessing XWikiRightService, only one form of programming rights evaluation
> is available:
>
> <code>
> public boolean hasProgrammingRights()
> {
> XWikiContext xcontext = getContext();
>
> return
> xcontext.getWiki().getRightService().hasProgrammingRights(xcontext.getDoc(),
> xcontext);
> }
> </code>
>
> So the procedure carried out in evaluating programming rights is:
>
> - If the context document is null, check whether the current user has
> programming rights or if he is the superadmin
>
> - If the context document is not null, check if the author of the context
> document has programming rights on the context document itself.
>
>
> Recently we came across a requirement where we need to grant programming
> rights to some scripts programmatically. See
> http://jira.xwiki.org/jira/browse/XWIKI-4262
>
> With the current policy for programming rights evaluation, this is not
> possible (not without side effects). So we need to decide a new method for
> granting programming rights.
>
> One approach proposed by Thomas Mortagne is to change the programming
> rights evaluation as below:
>
> - Check if a particular flag is set in context (like
> "hasProgrammingRights"), if so current execution is considered to have
> programming rights
>
> - Else do the earlier evaluation process.
>
>
> This way we can grant programming rights in a programmatical fashion and
> since XWikiContext is mostly read-only for normal users, they won't be
> allowed to hijack programming rights by tampering with XWikiContext.
>
>
> Please let us know your opinions regarding this issue.
>
> Thanks.
>
> - Asiri
>
_______________________________________________
devs mailing list
devs@xwiki.org
http://lists.xwiki.org/mailman/listinfo/devs
