Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-305

Add new preference field to restrict usage of alternative templates for the view action

    XMLWordPrintable

Details

    • Improvement
    • Resolution: Duplicate
    • Major
    • None
    • 0.9.1252
    • Old Core
    • None
    • security
    • N/A
    • N/A

    Description

      A new preference (in xwiki.cfg and in the XWiki.XWikiPreferences) should be added in "Advanced" to limit the "xpage" parameter used in the "view" action (when the right is "view"). The default list should be:

      view, rdf, code

      Using another template should require the "edit" right. This modification should be done in the rights system. A code review should be made to make sure that we won't break existing behavior with templates being used in non "edit" actions. The History link should be limited to users with the "edit" right.

      Attachments

        Issue Links

          duplicates

          New Feature - A new feature of the product, which has yet to be developed. XWIKI-4248 Ability to prevent access to the wiki code of documents

          • Critical - Crashes, loss of data, severe memory leak.
          • Open

          Activity

            People

              vmassol Vincent Massol
              ludovic Ludovic Dubost
              Votes:
              1 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: