XWiki Platform
  1. XWiki Platform
  2. XWIKI-7769

Allow Script Macros to customize their security policy for deciding when they can execute

    Details

    • Type: Improvement Improvement
    • Status: Closed Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 4.0
    • Fix Version/s: 4.1-milestone-1
    • Component/s: Scripting
    • Labels:
      None
    • Tests:
      Unit
    • Difficulty:
      Unknown
    • Similar issues:
      XWIKI-3737Script macro does not execute transformation
      XWIKI-2366Custom Velocity Uberspector that allows chaining several uberspectors
      XWIKI-2688Allow macros to decide what to render based on the fact that they're used inline or not
      XWIKI-6705Velocity scripts share the same macro namespace
      XWIKI-7756Impossible to execute request with query manager on another wiki without programming right
      XWIKI-5041Allow script authors to load and save documents in their own security context, not the user's.
      XWIKI-7954Have custom actions for certain macros/gadgets
      XWIKI-6551Allow template provider to configure the action to execute upon document creation
      XWIKI-9332Improve security by only giving programming rights to scripts signed by a privileged user

      Description

      Right now the algorithm is hardcoded in PermissionCheckerListener to check for Programming Rights. Make this extensible by:

      • Introducing a new MacroPermissionPolicy component role
      • Deprecating PrivilegedScriptMacro which is no longer needed

        Issue Links

          Activity

          Hide
          Vincent Massol added a comment -

          Done

          Show
          Vincent Massol added a comment - Done

            People

            • Assignee:
              Vincent Massol
              Reporter:
              Vincent Massol
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: