On Fri, Mar 27, 2009 at 16:50, Vincent Massol <[email protected]> wrote: > > On Mar 27, 2009, at 4:41 PM, hel-o wrote: > >> >> Hi, >> >> use case would be, that any action a local user might want to do >> that needs programming rights is not possible (using codes, macros, >> applications (Import Export Application) from the code zone or >> creating own scripts using Velocity). And i would not like to grant >> every user who needs programming rights, because he wants to do one >> of the things mentioned above a global account. > > Velocity doesn't require programming rights. > > Only Groovy and some Java APIs do require programming rights. For > Groovy I hope we'll fix this in the future by having it run in its own > sandbox. For the APIs it's done voluntarily. Accessing the private > XWiki instance, the XWikiDocument or XWikiContext is not supposed to > happen for users. These APIs are meant to be used internally only. If > you're missing a given public API you should tell us and we can see on > a case by case basis if we could make it available in the public API.
Or you can provide additional public api by writing a plugin. > > Thanks > -Vincent > >> For me it is not that much of a problem, because i have also an >> global account and i really understand your concerns about security. >> But its also limiting the abilities of a virtual wiki environment. >> >> But what i get from what your saying is, that its not possible to >> restrict the programming rights for a local user only to his virtual >> wiki. >> >> hel. >> >> >> >> >> On Mar 27, 2009, at 3:48 PM, Sergiu Dumitriu wrote: >> >>> Vincent Massol wrote: >>>> Hi Hel, >>>> >>>> On Mar 27, 2009, at 2:28 PM, hel-o wrote: >>>> >>>>> Hi, >>>>> >>>>> is there a special reason for that, >>>> >>>> Is this is for security issues since one wiki in a farm could >>>> endanger >>>> all the wikis in the farm very easily since a local user would get >>>> access to a powerful API. >>> >>> To be more detailed, a user with programming rights has absolute >>> access >>> on the whole server (using Groovy), and in a public farm if a wiki >>> admin >>> gives himself programming rights, he can seriously affect the entire >>> server. Imagine if somebody could do anything on the whole Blogspot >>> farm... >>> >>>>> and is it planned for a future release to have the possibility to >>>>> have programming rights in a virtual wiki? >>>> >>>> No. >>> >>> It depends. There is an issue on jira.xwiki.org about having an >>> option >>> for this, defaulting to false, but there's no requirement for this. >>> Programming rights are really a dangerous thing, I don't see any >>> need to >>> grant them to anybody except one global account that decides what is >>> safe. >> >> Indeed, if you need programming rights for a given api maybe a better >> way would be to provide that API without programming rights (if it's >> safe). >> What's your use case? >> >> Thanks >> -Vincent >> >>>>> >>>>> hel. >>>>> >>>>> >>>>> Hel-o, >>>>> >>>>> Only users registered on the main wiki can be granted programming >>>>> access >>>>> level. But they can save pages with the programming rights on sub >>>>> wikis. >>>>> >>>>> Jerome. >>>>> >>>>> hel-o wrote: >>>>>> Hi, >>>>>> >>>>>> is there a way to give programming rights to a user in a virtual >>>>>> wiki? >>>>>> >>>>>> Thanks >>>>>> hel. >> _______________________________________________ >> users mailing list >> [email protected] >> http://lists.xwiki.org/mailman/listinfo/users >> >> >> >> >> ----- >> hel. >> [email protected] >> >> -- >> View this message in context: >> http://n2.nabble.com/Programming-rights-in-virtual-wiki-tp2538608p2544919.html >> Sent from the XWiki- Users mailing list archive at Nabble.com. >> >> _______________________________________________ >> users mailing list >> [email protected] >> http://lists.xwiki.org/mailman/listinfo/users > > _______________________________________________ > users mailing list > [email protected] > http://lists.xwiki.org/mailman/listinfo/users > -- Thomas Mortagne _______________________________________________ users mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/users
