[xwiki-users] Accessing Groovy function from velocity
Ludovic Dubost
ludovic at xwiki.com
Fri Feb 16 21:06:34 CET 2007
Note that whatever you do, if the user has view mode he can access the
content using ?xpage=code
Ludovic
Jean-Vincent Drean a écrit :
> 2007/2/16, Esbach, Brandon <Esbachb at tycoelectronics.com>:
>> A small note about the separate groovy page (I made note of this in the
>> page you put in JV):
>> When you create the page, it cannot have "<%" and "%>". If it does,
>> then it won't work (understandable, a lot of other languages work this
>> way when a separate file used as a source, eg Javascript).
>
> Right, thanks for the addition.
>
>> However, this then results in your class being shown in plain text in
>> the saved document (this occurs in B2 and B4, can't test B3 as it's not
>> running on our test environment anymore) - which I would not like to see
>> user's having any view access to.
>> I'm unsure of what to suggest around this, or if it is even a concern.
>> Naturally, if "parseGroovyFromString" would allow the "<%%>" then the
>> page would be protected by default from the user (being correctly
>> assessed as a Groovy page), BUT this is not quite a good solution.
>
> A page with "<%%>" is not be protected by default, the only difference
> is that the content is not displayed but executed if the page has been
> saved by a user with programming rights (UWPR).
> I've added a small trick in the tutorial to prevent a groovy class
> from being displayed as plain text, but you can't prevent it from
> being edited by a basic user without using appropriate page rights.
> http://www.xwiki.org/xwiki/bin/view/DevGuide/GroovyClassHelloWorldTutorial
>
>
> JV.
>
> ------------------------------------------------------------------------
>
>
> --
> You receive this message as a subscriber of the xwiki-users at objectweb.org mailing list.
> To unsubscribe: mailto:xwiki-users-unsubscribe at objectweb.org
> For general help: mailto:sympa at objectweb.org?subject=help
> ObjectWeb mailing lists service home page: http://www.objectweb.org/wws
>
--
Ludovic Dubost
Blog: http://www.ludovic.org/blog/
XWiki: http://www.xwiki.com
Skype: ldubost GTalk: ldubost
AIM: nvludo Yahoo: ludovic
More information about the users
mailing list