Details
-
New Feature
-
Resolution: Fixed
-
Major
-
7.1-rc-1
Description
Currently, a user with an "edit" right can write both regular content and scripts. There is no restriction on what scripts a user with an "edit" right can write/execute, except maybe for the "programming" right which limits only which API level they can use in their scripts.
In practice, however, there sometimes comes the need to not allow regular users (with just an "edit" right) to write executable scripts and only allow them to write regular wiki content.
For this, the proposal is to introduce a new "script" right that extracts that responsibility from the "edit" right and offers more granularity in managing permissions.
In practice, a user with an "edit" right will be able to write both content and scripts, however, he will also need the "script" right in order for the scripts he wrote (using the "edit" right) to be executable.
Put the other way, the scripts inside a document are execut(able/ed) when viewing that document if the last author of the content of that document has the "script" right (much like we are doing for the "programming" right, but this affects all scripts, regardless of API level).
To preserve backwards compatibility, the "script" right should be implied by the "edit" right by default, leaving admins the possibility to explicitly deny it for some users or groups, if they so choose to.
Attachments
Issue Links
- blocks
-
XWIKI-12310 Set the script right default value to DENY for better flexibility
-
- Closed
-
- depends on
-
-
- Closed
-
-
-
- Closed
-
- is related to
-
XWIKI-13057 Computed fields display errors when the last document author has not the script right
-
- Closed
-
-
-
- Closed
-
- relates to
-
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-
- links to
