Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-12306

A custom displayer should be executed in the security context of the document where it is located

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 7.1.1
    • Fix Version/s: 7.2-milestone-2
    • Component/s: Old Core
    • Labels:
      None
    • Difficulty:
      Unknown
    • Documentation:
      N/A
    • Similar issues:

      Description

      Right now, a custom displayer's code is executed with the rights of the calling document instead of being executed with the rights of the document where it is defined (class document or custom displayer document).

      There are currently 3 locations where a custom displayer can come from:

      1. class document
      2. xwiki document with a name respecting a convention
      3. filesystem template with a name respecting a convention

      For the first 2 cases (at least), the context "sdoc" key should be set accordingly when rendering the custom displayer's code.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              enygma Eduard Moraru
              Reporter:
              enygma Eduard Moraru
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: