Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-18222

Administration sections are not executed with the right of their author

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.5
    • Fix Version/s: 13.0
    • Component/s: Administration, Old Core
    • Labels:
      None
    • Difficulty:
      Unknown
    • Documentation:
      N/A
    • Similar issues:

      Description

      Since 2.5 the way Configurable xobject are displayed in the admin always been quite a hack: they are forced to be executed with guest as author. It became possible in 3.1 be using the include macro with context=new targeting a different page but the root issue remain: a script is not executed with the right author.

      For obvious security reason it's not possible to play with context author in scripts without programming right but unfortunately right now the way to deal with Configurable object is full scripting.

      So to really fix this we need to go through some Java API which allow execute this xobject field with the right of it's actual author.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              tmortagne Thomas Mortagne
              Reporter:
              tmortagne Thomas Mortagne
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: