Re: [xwiki-devs] [VOTE] Remove PR check for query languages other than XWQL and HQL

I don`t understand. Why not make it the contract of the QueryExecutor that, if it manages possibly sensitive data, it is in charge of checking rights? This is how we do it for Solr. Thanks, Eduard On Mon, Aug 5, 2013 at 1:45 PM, Sergiu Dumitriu <sergiu(a)xwiki.com> wrote: > We can add another marker interface, PrivilegedQueryExecutor or > something like that, which informs that it can execute privileged > queries, so it's up to the query manager to prevent them from running in > an unprivileged environment. > > On 08/05/2013 03:16 AM, Thomas Mortagne wrote: >> It's not as simple as moving the ifs from SecureQueryExecutorManager >> to each QueryExecutor since the query executors don't know if they >> need to check rights. >> >> On Sun, Aug 4, 2013 at 7:34 PM, Eduard Moraru <enygma2002(a)gmail.com> > wrote: >>> Hi devs, >>> >>> It seems that our SecureQueryManager [1] is preventing the execution of >>> queries other than XWQL and HQL in the absence of PR. >>> >>> However, this is not at all a friendly policy when it comes to > extensions. >>> An example of where this is causing problems is Solr queries, where only >>> users (well, document authors) with PR can execute them. >>> >>> As the subject says, I suggest removing this restriction and leaving > rights >>> check to be performed in each QueryExecutor's execute() method. >>> >>> The associated Jira issue is XWIKI-9386 [2] >>> >>> Here's my +1. >>> >>> Thanks, >>> Eduard