Details
-
New Feature
-
Resolution: Fixed
-
Major
-
7.1-rc-1
Description
Currently, a user with an "edit" right can write both regular content and scripts. There is no restriction on what scripts a user with an "edit" right can write/execute, except maybe for the "programming" right which limits only which API level they can use in their scripts.
In practice, however, there sometimes comes the need to not allow regular users (with just an "edit" right) to write executable scripts and only allow them to write regular wiki content.
For this, the proposal is to introduce a new "script" right that extracts that responsibility from the "edit" right and offers more granularity in managing permissions.
In practice, a user with an "edit" right will be able to write both content and scripts, however, he will also need the "script" right in order for the scripts he wrote (using the "edit" right) to be executable.
Put the other way, the scripts inside a document are execut(able/ed) when viewing that document if the last author of the content of that document has the "script" right (much like we are doing for the "programming" right, but this affects all scripts, regardless of API level).
To preserve backwards compatibility, the "script" right should be implied by the "edit" right by default, leaving admins the possibility to explicitly deny it for some users or groups, if they so choose to.
Attachments
Issue Links
- blocks
-
XWIKI-12310 Set the script right default value to DENY for better flexibility
- Closed
- depends on
-
XWIKI-12299 Deprecate XWiki.parseContent since it is misleading and outdated
- Closed
-
XWIKI-12300 Add a new DocumentModelBridge#getContentAuthorReference
- Closed
- is related to
-
XWIKI-13057 Computed fields display errors when the last document author has not the script right
- Closed
-
XWIKI-8269 Provide a bridge to handle Panels as UI Extensions
- Closed
- relates to
-
XWIKI-13296 The User profile page still manually includes the sheet
- Closed
-
XWIKI-9292 Creating/removing an object and adding/updating/removing an attachment or the document's class changes the content author
- Closed
-
XWIKI-12447 Skin resources are evaluated with the rights of the current document
- Closed
-
XWIKI-12320 Change the message displayed when a script macro execution fails
- Closed
- links to