XWiki Platform
  1. XWiki Platform
  2. XWIKI-7769

Allow Script Macros to customize their security policy for deciding when they can execute

    Details

    • Type: Improvement Improvement
    • Status: Closed Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 4.0
    • Fix Version/s: 4.1-milestone-1
    • Component/s: Scripting
    • Labels:
      None
    • Tests:
      Unit
    • Difficulty:
      Unknown
    • Similar issues:
      XWIKI-12171Add a script right to manage script macro execution permissions
      XWIKI-12306A custom displayer should be executed in the security context of the document where it is located
      XWIKI-3737Script macro does not execute transformation
      XWIKI-2688Allow macros to decide what to render based on the fact that they're used inline or not
      XWIKI-2366Custom Velocity Uberspector that allows chaining several uberspectors
      XWIKI-6705Velocity scripts share the same macro namespace
      XWIKI-10600Executing a JSR223 script macro directly or indirectly from another JSR223 script macro might break the root script context
      XWIKI-10632Allow executing wiki macro asynchronously
      XWIKI-7756Impossible to execute request with query manager on another wiki without programming right

      Description

      Right now the algorithm is hardcoded in PermissionCheckerListener to check for Programming Rights. Make this extensible by:

      • Introducing a new MacroPermissionPolicy component role
      • Deprecating PrivilegedScriptMacro which is no longer needed

        Issue Links

          Activity

          Hide
          Vincent Massol added a comment -

          Done

          Show
          Vincent Massol added a comment - Done

            People

            • Assignee:
              Vincent Massol
              Reporter:
              Vincent Massol
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: