Details
-
Improvement
-
Resolution: Fixed
-
Major
-
4.3.2
-
None
-
None
-
Unknown
-
Description
Currently, the rights that are taken into account by the verification script are the programming rights configured with the class "RequiredRight".
However, there can be pages that don't have that object marked on them and still need rights. Also, they could need other rights as well (script, admin or programming).
The script should detect all objects "known" to require rights on a wiki, in addition to documents explicitly marked:
- macro definitions, visible for more than "current user"
- UIX definitions, visible for more than "current user"
- skin extensions (jsx and ssx) activated on the whole wiki
- wiki components,
- translation bundles
- documents containing the velocity or groovy keywords for script or programming right
- scheduler job pages
- other?
Note that, even in this case, the detection cannot be precise since there can still be some script in a page that accesses protected API or even a script using a custom script service that requires rights and velocity doesn't have static code analysis to allow this kind of detection.
Also, the script should mention what kind of rights each page requires (since the objects above don't all require programming rights) and allow to update them depending on the type of user rights change that was done.