If you want to stay with Groovy the cleanest is probably to register your groovy code logic and data as a script service component and then call that script service (probably using Velocity) in the page where the user have view right. The script service is registered once and the user does not need to have view right of the page that contains it for it to be executed (once registered it's just a Java Object from XWiki point of view) so you can restrict access to that page.
See http://extensions.xwiki.org/xwiki/bin/view/Extension/Create+a+component+using+Groovy. I would recommand to write this script service in Java since it's easier to regsiter it (it's automatically registered) and also a lot eaier to test and maintain but your choice. On Thu, Nov 6, 2014 at 9:57 AM, Bryn Jeffries <[email protected]> wrote: > I've written several scripts in Groovy that I want to make available to other > users, but some of them contain information that I don't wish people to see > (queries giving away schema details, connection passwords for JDBC/LDAP, > etc). As I understand it if a person is able to view a page in which code is > executed they are also able to see the source for that page. That being the > case is there a recommended approach to hiding some details from prying eyes? > _______________________________________________ > users mailing list > [email protected] > http://lists.xwiki.org/mailman/listinfo/users -- Thomas Mortagne _______________________________________________ users mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/users
