[xwiki-users] Accessing Groovy function from velocity
Jean-Vincent Drean
jv at xwiki.com
Fri Feb 16 12:26:31 CET 2007
2007/2/16, Esbach, Brandon <Esbachb at tycoelectronics.com>:
> A small note about the separate groovy page (I made note of this in the
> page you put in JV):
> When you create the page, it cannot have "<%" and "%>". If it does,
> then it won't work (understandable, a lot of other languages work this
> way when a separate file used as a source, eg Javascript).
Right, thanks for the addition.
> However, this then results in your class being shown in plain text in
> the saved document (this occurs in B2 and B4, can't test B3 as it's not
> running on our test environment anymore) - which I would not like to see
> user's having any view access to.
> I'm unsure of what to suggest around this, or if it is even a concern.
> Naturally, if "parseGroovyFromString" would allow the "<%%>" then the
> page would be protected by default from the user (being correctly
> assessed as a Groovy page), BUT this is not quite a good solution.
A page with "<%%>" is not be protected by default, the only difference
is that the content is not displayed but executed if the page has been
saved by a user with programming rights (UWPR).
I've added a small trick in the tutorial to prevent a groovy class
from being displayed as plain text, but you can't prevent it from
being edited by a basic user without using appropriate page rights.
http://www.xwiki.org/xwiki/bin/view/DevGuide/GroovyClassHelloWorldTutorial
JV.
More information about the users
mailing list