Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-5041

Allow script authors to load and save documents in their own security context, not the user's.

    XMLWordPrintable

Details

    • New Feature
    • Resolution: Fixed
    • Major
    • 2.3 M2
    • 2.2.3
    • {Unused} APIs
    • None
    • patch
    • Unknown

    Description

      Right now if you have programming rights, you can save a document which the viewer cannot save. This feature should be available to script authors who don't have programming rights.
      Apis are available to the script author but not the viewer so the script author should take responsibility for documents saved through apis.
      There should be the possibility to save information about the viewer without the viewer seeing information about other viewers.
      We should not need programming rights except in extraordinary occasions.
      It is better to add new api than break old.

      Proposal:
      Add to xwiki.api.Document
      saveAsAuthor()
      saveAsAuthor(String comment)
      saveAsAuthor(String connent, String isMinorEdit)
      deleteAsAuthor()

      Add to xwiki.api.XWiki
      getDocumentAsAuthor(DocumentReference reference)
      getDocumentAsAuthor(String fullName)

      Attachments

        Activity

          People

            calebjamesdelisle CalebJamesDeLisle
            calebjamesdelisle CalebJamesDeLisle
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: