It's not as simple as moving the ifs from SecureQueryExecutorManager
to each QueryExecutor since the query executors don't know if they
need to check rights.
On Sun, Aug 4, 2013 at 7:34 PM, Eduard Moraru <enygma2002(a)gmail.com> wrote:
Hi devs,
It seems that our SecureQueryManager [1] is preventing the execution of
queries other than XWQL and HQL in the absence of PR.
However, this is not at all a friendly policy when it comes to extensions.
An example of where this is causing problems is Solr queries, where only
users (well, document authors) with PR can execute them.
As the subject says, I suggest removing this restriction and leaving rights
check to be performed in each QueryExecutor's execute() method.
The associated Jira issue is XWIKI-9386 [2]
Here's my +1.
Thanks,
Eduard
----------
[1]
https://github.com/xwiki/xwiki-platform/blob/master/xwiki-platform-core/xwi…
[2]
http://jira.xwiki.org/browse/XWIKI-9386
_______________________________________________
devs mailing list
devs(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/devs
--
Thomas Mortagne