Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-23292

XWiki.ConfigurableClass doesn't use required rights

    XMLWordPrintable

Details

    • Bug
    • Resolution: Unresolved
    • Major
    • None
    • 16.10.0-rc-1
    • Administration
    • None
    • Unknown

    Description

      Steps to reproduce:

      1. Open to information tab on AnnotationCode.AnnotationConfig
      2. Click "Review required rights"
      3. Check the analysis results

      Expected result:

      As the XWiki.ConfigurableClass object in that page has "WIKI" scope, wiki admin right should be marked as required as the last author of configurable sections needs to have edit right on the wiki configuration.

      Actual result:

      Only script right is marked as required.

      This issue has two parts:

      1. The required rights analyzer doesn't request the correct right based on the scope (everything with wiki or all spaces should require wiki admin right, the current space should require space admin right).
      2. The code that uses the configurable class shouldn't just check if the last author has edit right on the current page but also (or only?) the space/wiki admin rights which could possibly be restricted by enforced required rights.

      Attachments

        Activity

          People

            Unassigned Unassigned
            MichaelHamann Michael Hamann
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated: