On Sat, Jun 20, 2015 at 9:36 AM, Thomas Mortagne <[email protected]> wrote:
> On Fri, Jun 19, 2015 at 5:42 PM, Eduard Moraru <[email protected]> > wrote: > > Hi, > > > > On Fri, Jun 19, 2015 at 5:42 PM, Thomas Mortagne < > [email protected]> > > wrote: > > > >> On Fri, Jun 19, 2015 at 4:25 PM, Eduard Moraru <[email protected]> > >> wrote: > >> > Hi, > >> > > >> > For 7.2, we are introducing a new right to control permissions on the > >> > execution of scripts. > >> > > >> > Right now, out of all the scripts we support, Velocity is special and > >> does > >> > not require programming rights, since it uses only the public API. Of > >> > course, if it has PR available, it can also access privileged API. All > >> > other scripts (groovy, python, etc) require PR by default. > >> > > >> > The new 'script' right should be used to control "light"/sandboxed > >> > scripting, such as velocity or any other scripts that are configured > to > >> > consider this new right when executing (assuming they override the > >> standard > >> > PR check). > >> > >> We actually do have another one already, a custom version of Groovy > >> JSR223 engine done by Vincent. > >> All that to say that you should probably also update > >> org.xwiki.rendering.internal.macro.groovy.GroovyMacroPermissionPolicy > >> in xwiki-platform-rendering-macro-groovy module. > >> > > > > I have noticed it, but did not touch it since I see it has a custom way > of > > restricting execution (it sets a 'secure' flag in the groovy > configuration > > that tells it to consider if the macro transformation context is > restricted > > or not and, if not restricted, it does not need PR, but delegates to a > > Groovy dedicated security customizer) and if that is not used/configured, > > it falls back to programming rights. > > > > Do you think we need to or should do more than that for Groovy? If not > > custom security customizer is set, then PR decide if a groovy script runs > > or not (which is often the case). And if so, what do you propose? > > I know how it's working and the goal of this customisation is allow > using Groovy without PR in which case it should require Script right > exactly like Velocity does. It would not make much sense to not be > allowed to do Velocity when you can do Groovy. > I see. At first I did not understand what you mean, but now I do. Basically, you want "light"/limited groovy scripts (running with a secure customizer) to be handled consistently, just like just velocity scripts, which makes sense. In other words, this: https://github.com/xwiki/xwiki-platform/commit/a766d8a1d7db06f51e02fbced85a60b5295f07f8 Thanks, Eduard > > > > > Thanks, > > Eduard > > > >> > >> > > >> > Since the build is not in top shape due to the nested spaces changes, > I > >> > have currently committed my work on this in a branch, created a PR and > >> > would like to profit from this occasion to ask the devs that are more > >> > familiar with the rights system for some feedback on it. > >> > > >> > The Jira issue is http://jira.xwiki.org/browse/XWIKI-12171 > >> > The PR is https://github.com/xwiki/xwiki-platform/pull/410 > >> > >> Looks good (all I could do is a minor comment on a comment :) ). > >> > >> > > >> > Thanks, > >> > Eduard > >> > _______________________________________________ > >> > devs mailing list > >> > [email protected] > >> > http://lists.xwiki.org/mailman/listinfo/devs > >> > >> > >> > >> -- > >> Thomas Mortagne > >> _______________________________________________ > >> devs mailing list > >> [email protected] > >> http://lists.xwiki.org/mailman/listinfo/devs > >> > > _______________________________________________ > > devs mailing list > > [email protected] > > http://lists.xwiki.org/mailman/listinfo/devs > > > > -- > Thomas Mortagne > _______________________________________________ > devs mailing list > [email protected] > http://lists.xwiki.org/mailman/listinfo/devs > _______________________________________________ devs mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/devs
