Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-6909

Add hasWikiAdminRights method to XWikiRightsService

    XMLWordPrintable

Details

    • Improvement
    • Resolution: Fixed
    • Major
    • 3.2 M3
    • 3.2 M2
    • Old Core
    • None
    • rights admin wiki space level check patch
    • Unknown

    Description

      Currently, the XWikiRightsService.hasAdminRights() method checks admin rights for both current wiki and current space, even though the javadoc states that only the wiki is checked.

      This can cause security problems since an user that is only a space admin might be allowed to use certain plugins where wiki admin level was required.

      Adding this method and fixing the javadoc for hasAdminRights() will provide developers with a better choice of checking only wiki admin level in their code and avoid the security problems caused by the confusion.

      Attachments

        Activity

          People

            tmortagne Thomas Mortagne
            enygma Eduard Moraru
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: