Hi, For 7.2, we are introducing a new right to control permissions on the execution of scripts.
Right now, out of all the scripts we support, Velocity is special and does not require programming rights, since it uses only the public API. Of course, if it has PR available, it can also access privileged API. All other scripts (groovy, python, etc) require PR by default. The new 'script' right should be used to control "light"/sandboxed scripting, such as velocity or any other scripts that are configured to consider this new right when executing (assuming they override the standard PR check). Since the build is not in top shape due to the nested spaces changes, I have currently committed my work on this in a branch, created a PR and would like to profit from this occasion to ask the devs that are more familiar with the rights system for some feedback on it. The Jira issue is http://jira.xwiki.org/browse/XWIKI-12171 The PR is https://github.com/xwiki/xwiki-platform/pull/410 Thanks, Eduard _______________________________________________ devs mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/devs
