Details
-
Idea
-
Resolution: Unresolved
-
Major
-
None
-
7.4
-
None
-
Unknown
-
Description
The idea would be to use this macro when you need to run some code using the passed user. For example:
{{impersonate user="SomeUser"}}
... at this point the current user in the context is SomeUser...
{{/impersonate}}
Use cases:
- Imagine some server calling remotely (using HTTP) a wiki page inside an XWiki server, without any authentication. Now imagine that thus guest user need to access some other page that is view-protected (because it contains sensitive data).
Note 1: this macro would require PR.
Note 2: we could name it differently. Alternative proposals:
- {{executeAsUser}}
- {{evaluateAsUser}}
- {{contextUser}}
- {{currentUser}}
FTR I had to implement this and I did it like this, in velocity (I didn't put a #try since I wanted exception throwing but ideally we'd need a try/finally):
## WARNING: This page must be saved/installed by a user having Programming Rights! ## We use the author of this page as the current user to execute the code since the Licensing code is protected ## and only viewable to administrators for privacy reasons. #set ($originalCurrentUserReference = $xcontext.context.userReference) #set ($discard = $xcontext.context.setUserReference($doc.contentAuthor)) ... #set ($discard = $xcontext.context.setUserReference($originalCurrentUserReference))
Attachments
Issue Links
- is related to
-
XWIKI-6647 Impersonation feature
-
- Open
-
-
-
- Open
-