Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: Critical
Fix Version/s: 7.4.3, 8.1-milestone-2
Affects Version/s: 7.4.2
Component/s: Old Core
Labels:
- bugfixingday

Difficulty:
Unknown
Documentation:
N/A
Documentation in Release Notes:
N/A
Similar issues:

Description

When creating a new user, the old-core XWiki.createUser(...) method still sets the user's profile document content to:

{{include reference=\"XWiki.XWikiUserSheet\"/}}

...which, for backwards compatibility reasons, has the effect of overriding the XWikiUsers class configured sheet and rendering the specified sheet instead. In this case it is the same sheet, but rendered in a different context.

The problem it creates is that users without script rights might not be able to view their profile since the XWikiUsersSheet document would be rendered with the rights of the user document instead of being rendered with the rights of the sheet document.

This method is used by registration and possibly in other places as well and should have been deprecated when we`ve introduced the sheet displayers.

Attachments

Issue Links

is related to

XWIKI-12171 Add a script right to manage script macro execution permissions

Closed

Activity

People

Assignee:: Eduard Moraru

Reporter:: Eduard Moraru

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 06/Apr/16 13:57

Updated:: 06/Jun/16 14:22

Resolved:: 15/Apr/16 14:43

Date of First Response:: 06/Apr/16 2:19 PM