On Mar 27, 2009, at 4:41 PM, hel-o wrote: > > Hi, > > use case would be, that any action a local user might want to do > that needs programming rights is not possible (using codes, macros, > applications (Import Export Application) from the code zone or > creating own scripts using Velocity). And i would not like to grant > every user who needs programming rights, because he wants to do one > of the things mentioned above a global account.
Velocity doesn't require programming rights. Only Groovy and some Java APIs do require programming rights. For Groovy I hope we'll fix this in the future by having it run in its own sandbox. For the APIs it's done voluntarily. Accessing the private XWiki instance, the XWikiDocument or XWikiContext is not supposed to happen for users. These APIs are meant to be used internally only. If you're missing a given public API you should tell us and we can see on a case by case basis if we could make it available in the public API. Thanks -Vincent > For me it is not that much of a problem, because i have also an > global account and i really understand your concerns about security. > But its also limiting the abilities of a virtual wiki environment. > > But what i get from what your saying is, that its not possible to > restrict the programming rights for a local user only to his virtual > wiki. > > hel. > > > > > On Mar 27, 2009, at 3:48 PM, Sergiu Dumitriu wrote: > >> Vincent Massol wrote: >>> Hi Hel, >>> >>> On Mar 27, 2009, at 2:28 PM, hel-o wrote: >>> >>>> Hi, >>>> >>>> is there a special reason for that, >>> >>> Is this is for security issues since one wiki in a farm could >>> endanger >>> all the wikis in the farm very easily since a local user would get >>> access to a powerful API. >> >> To be more detailed, a user with programming rights has absolute >> access >> on the whole server (using Groovy), and in a public farm if a wiki >> admin >> gives himself programming rights, he can seriously affect the entire >> server. Imagine if somebody could do anything on the whole Blogspot >> farm... >> >>>> and is it planned for a future release to have the possibility to >>>> have programming rights in a virtual wiki? >>> >>> No. >> >> It depends. There is an issue on jira.xwiki.org about having an >> option >> for this, defaulting to false, but there's no requirement for this. >> Programming rights are really a dangerous thing, I don't see any >> need to >> grant them to anybody except one global account that decides what is >> safe. > > Indeed, if you need programming rights for a given api maybe a better > way would be to provide that API without programming rights (if it's > safe). > What's your use case? > > Thanks > -Vincent > >>>> >>>> hel. >>>> >>>> >>>> Hel-o, >>>> >>>> Only users registered on the main wiki can be granted programming >>>> access >>>> level. But they can save pages with the programming rights on sub >>>> wikis. >>>> >>>> Jerome. >>>> >>>> hel-o wrote: >>>>> Hi, >>>>> >>>>> is there a way to give programming rights to a user in a virtual >>>>> wiki? >>>>> >>>>> Thanks >>>>> hel. > _______________________________________________ > users mailing list > [email protected] > http://lists.xwiki.org/mailman/listinfo/users > > > > > ----- > hel. > [email protected] > > -- > View this message in context: > http://n2.nabble.com/Programming-rights-in-virtual-wiki-tp2538608p2544919.html > Sent from the XWiki- Users mailing list archive at Nabble.com. > > _______________________________________________ > users mailing list > [email protected] > http://lists.xwiki.org/mailman/listinfo/users _______________________________________________ users mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/users
