On Fri, Mar 20, 2015 at 11:57 AM, [email protected] <[email protected]> wrote:
> Hi devs, > > In xwiki-enteprise we have XWiki.RequiredRightClass. We’ve started > discussing it in the past in the “Split XE pages” mail thread and I’d like > to move forward. > > So we need to decide what to do about it. Several options: > > * We discussed moving it to xwiki-platform-administration but it shouldn’t > go there IMO since we’re trying to make this module almost empty (just > providing the extension points mechanism) and have admin features > dispatched in the modules providing them. Also it would mean forcing > unnecessary dependencies on xwiki-platform-administration from several > modules (6-7 right now). > * It could go in a new xwiki-platform-security-ui module. > * It could be moved to Java but we don’t have a clear policy nor decision > if we want to favor xclasses written in java or opposite, decide that we > don’t want that and move away from XClasses in Java. So we’d need to decide > this first. > * We could also simply remove it! Rationale: > ** I don’t think we’re using that information much and its need is > supposed to go away once signed scripts is there > I agree, once the signed script is there, until that wished moment, it is a useful feature that we have under used. > ** There’s no way to force pages requiring PR to add such an XObject and > thus it’s not done consistently > There is an easy way, enforce it and do not provide programming right to pages that does not explicitely require it using that object. > ** We don’t even have a page listing all pages requiring PR and even if we > had one I’m not exactly what it would bring. I guess the idea was to make > it simpler to install/upgrade XWiki but we’ve fixed this already in the > Wiki Creation Wizard for example so the need is less now. > That is not true, the Admin Tools has a page showing pages having a content author without PR and allow fixing the issue. > So overall I’m more in favor of dropping this experiment which IMO wasn’t > very successful. > WDYT? > So either you move it to an extension module, so extension could continue to get it as a deps, but like Marius said, it is somehow an API breakage. Or you move it to the security module, and you enforce its usage. Taking into account that enforcing its usage would dramatically improve the leak of PR, I am in favor of that, despite the migration requirements. A good script could really take care of that migration. > > Thanks > -Vincent > > > > _______________________________________________ > devs mailing list > [email protected] > http://lists.xwiki.org/mailman/listinfo/devs > -- Denis Gervalle SOFTEC sa - CEO _______________________________________________ devs mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/devs
