Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-13466

Add API to manipulate (add/edit/remove) access rights with the Security module



    • Improvement
    • Resolution: Unresolved
    • Major
    • None
    • 8.1
    • Security
    • None
    • Medium


      The Security Module introduced in XWIKI-5267 (4.0M2) is very nice for checking authorization status of a user over an entity, but this is currently just read-only.

      We are severely lacking API to add or remove XWiki rights, without having to resort to XWiki`s model API and working with low level (objects, classes, properties, etc.). All of these are implementation details that are very hard to work with (most notably the "levels" property that contains a comma separated list of rights), very verbose, very error-prone and that ultimately also prohibit us from ever changing or replacing the rights implementation easily, without changing all the places where rights are set by hand.

      One example of simple task, yet difficult to implement is: "Add the 'view' right of a user to a page if it is not already set". To accomplish this correctly, you have a multitude of situation to look out for and you will end up writing several pages of code to get it right. The next guy will have to do the same.

      FTR, the Security Module also allows the possibility to register a new right type, which is nice, but it is also lacking the rest of the CRUD methods to make that usable in practice. That should be handled separately, but it's important as well.


        Issue Links



              Unassigned Unassigned
              enygma Eduard Moraru
              0 Vote for this issue
              2 Start watching this issue