8 Apr
2016
8 Apr
'16
4:04 p.m.
Hi Andrey,
Overwriting XWikiCachingRightService is definitely a wrong approach, since
this class is only a legacy bridge to support module that was using the old
right authorization system. The actual component that effectively respond
to authorization request is the AuthorizationManager. You should have a
look at http://extensions.xwiki.org/xwiki/bin/view/Extension/Security+Module
for
a detailed description of the security module.
The role that really take the decision is the AuthorizationSettler, and it
bases his decisions from security rules received from the
SecurityEntryReader. Be careful that all rules and decisions are cached
based on the entity references, and that you may need to implement a
SecurityCacheRulesInvalidator to evict nodes that are no longer valid.
Regards,
On Fri, Apr 8, 2016 at 11:08 AM, abtv <andreybutov(a)mail.ru> wrote:
I have a separate application which has its own users
and permission
system.
I would like to restrict access
to some xwiki spaces according to my app permissions. I overrided
XWikiCachingRightService class and use
checkAccess(String action, XWikiDocument doc, XWikiContext context)
function. The problem I have is
it's impossible to restrict access to search with this approach. I only
need
to restrict access to spaces with
permissions. So, I need somehow make xwiki aware about my permissions
(which
spaces user can see). What XWiki
java class can I use for this?
~
--
View this message in context:
http://xwiki.475771.n2.nabble.com/What-is-the-right-way-to-implement-XWiki-…
Sent from the XWiki- Dev mailing list archive at Nabble.com.
_______________________________________________
devs mailing list
devs(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/devs
--
Denis Gervalle
SOFTEC sa - CEO