Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-14828

Rendering macros defined in wiki pages are available to users that don't have view right on those pages

    Details

    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 9.9
    • Fix Version/s: None
    • Component/s: Rendering
    • Labels:
      None
    • Difficulty:
      Unknown
    • Similar issues:

      Description

      My use case is this: I have an application that should be used only by some users. This application defines a wiki macro with wiki scope. The application is installed by an administrator so the wiki macro is registered at the wiki level. This is good. I give explicit view right on the application (code) space to my target users and I would like the macro to be visible only to the users that have view right on the wiki page that defines the macro.

      The workaround is to check the view right in the macro code but the downside is that the Macro dialog from CKEditor is polluted with macros that the current user can't use (or is not supposed to use).

      The question is whether this should be fixed or not and whether it should be fixed at the level of CKEditor or in the rendering.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              mflorea Marius Dumitru Florea
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Date of First Response: