+0
On Mon, Sep 13, 2010 at 12:21, Caleb James DeLisle
<calebdelisle(a)lavabit.com> wrote:
I think this function would be useful, I have used
code like it to
make sure scripts didn't run with PR when they shouldn't and I think
it deserves a place in the api.
The function doesn't need any special privileges to run, but after
it's run, api.Api#hasProgrammingRights will always return false and
api.Document#saveAsAuthor will be attempting to save as the guest
instead of the real document author. (likewise with
getDocumentAsAuthor and deleteAsAuthor)
Once permissions have been dropped, they cannot be regained (for the
duration of the request.)
This depends on another function in api.Api which is package private.
String getEffectiveScriptAuthorName()
returns the name given by XWikiContext.getDoc().getAuthor() unless
dropPermissions() has allready been called or XWikiContext.getDoc()
== null in which case it returns the guest username.
Why in the old api.Context? I envision in the future a
SecurityManager component will exist which distrusts not only script
but core java as well. I think the option to drop privileges when
unneeded should also be present in the final security manager
implementation. Since security managers require a large secure code
base to be useful, I am proposing api.Context#dropPermissions() as
an interim solution.
WDYT?
Caleb
_______________________________________________
devs mailing list
devs(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/devs
--
Thomas Mortagne