| When the server-side receives a request to save some content or to execute / render some unsaved content, it correctly assumes that the content author is the currently authenticated user. This means that the content is saved or executed with the rights of the current user. This is fine most of the time, but there are some cases where we want to save or execute the content with less access rights. To be precise:
- we want the current user to appear as author in the history, because the request was sent by them
- we don't want the content to get / inherit all the access rights of the current user
The second point could be implemented using "document access rights" but:
- document rights are not going to be implemented anytime soon
- there will be a migration phase at the beginning, so it won't be available for some of the existing pages
- even for documents that are migrated to document rights, there are still cases where the content author is checked (e.g. display macro inside async macro, cache macro, PDF viewer delegating view right of the author, etc.)
For these reasons, following Thomas Mortagne suggestion, I propose to introduce the concept of "request effective author":
- the user that is responsible in terms of access rights for the submitted content
- is the currently authenticated user by default (if not set to a different value by some extension)
|
