On Fri, Jun 19, 2015 at 4:25 PM, Eduard Moraru <[email protected]> wrote: > Hi, > > For 7.2, we are introducing a new right to control permissions on the > execution of scripts. > > Right now, out of all the scripts we support, Velocity is special and does > not require programming rights, since it uses only the public API. Of > course, if it has PR available, it can also access privileged API. All > other scripts (groovy, python, etc) require PR by default. > > The new 'script' right should be used to control "light"/sandboxed > scripting, such as velocity or any other scripts that are configured to > consider this new right when executing (assuming they override the standard > PR check).
We actually do have another one already, a custom version of Groovy JSR223 engine done by Vincent. All that to say that you should probably also update org.xwiki.rendering.internal.macro.groovy.GroovyMacroPermissionPolicy in xwiki-platform-rendering-macro-groovy module. > > Since the build is not in top shape due to the nested spaces changes, I > have currently committed my work on this in a branch, created a PR and > would like to profit from this occasion to ask the devs that are more > familiar with the rights system for some feedback on it. > > The Jira issue is http://jira.xwiki.org/browse/XWIKI-12171 > The PR is https://github.com/xwiki/xwiki-platform/pull/410 Looks good (all I could do is a minor comment on a comment :) ). > > Thanks, > Eduard > _______________________________________________ > devs mailing list > [email protected] > http://lists.xwiki.org/mailman/listinfo/devs -- Thomas Mortagne _______________________________________________ devs mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/devs
