5 Aug
2008
5 Aug
'08
11:35 a.m.
I'm a bit stupid...
In a previous mail, you told that the checkProgrammingRights should be done
in the code directly...
Is it true?
In fact, I'm a bit lost reading everything again :)
The programmer programs the groovy script, that's a fact...
Can users access a document calling $xwiki.parseGroovy without programming
rights and execute the groovy script? (apparently yes in my tests)
Or do you strongly advise programmers to prevent users from using groovy
scripts when they don't have programming rights using
checkProgrammingRights?
Sorry for disturbing you ;)
PAscal
On Tue, Aug 5, 2008 at 11:08 AM, Pascal Voitot
<pascal.voitot.dev(a)gmail.com>wrote;wrote:
On Tue, Aug 5, 2008 at 10:55 AM, Ludovic Dubost <ludovic(a)xwiki.org> wrote:
Pascal Voitot wrote:
Finally, this might not be a bad choice even if it brings some
constraints...
Do you intend to write some precise docs about this because this is not
really clear without wandering for some time...
one last question (I'm lazy so I prefer asking than thinking ;)):
Where do you advise to put user.hasProgrammingRight() ?
If you don't put it in the doc called by parseGroovy, I don't see the
interest...
Then do you put it outside the groovy part using velocity:
if($user.hasProgrammingRights) { /* groovy part */ } (maybe this is not
clever due to the mixing of velocity with groovy)
or in the groovy part ?
In both case, it will generate an exception as parseGroovy will fail. How
to have a clean "you don't have access to this content"
Pascal
So, this is the responsability of the programmer
to control the access
to
his code... This is quite free but requires a
good knowledge about what
you
do...
(I wonder wether providing the {{include}} macros would bring much more
dangerous issues in this case apart from the memory issue you evoked)
Does parseGroovy takes care about not duplicating script parsing to
prevent
groovy parser from plundering memory?
Yes parseGroovy is cached (the class is only compiled once).
It also allows good separation between priviledge code and user code.
Programmers can write complex code + velocity macros, and less
experienced users can use these macros or classes.
Ludovic
--
Ludovic Dubost
Blog: http://blog.ludovic.org/
XWiki: http://www.xwiki.com
Skype: ldubost GTalk: ldubost
_______________________________________________
devs mailing list
devs(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/devs
I need to think about all of this because Groovy
integrated in xwiki
with
velocity also is so much powerful to my mind that
it might be worth
digging
into it...
Pascal
On Tue, Aug 5, 2008 at 10:21 AM, Ludovic Dubost <ludovic(a)xwiki.org>
wrote:
> Pascal Voitot wrote:
>
>> I agree with you, this is not simple in this context.
>>
>> Anyway, I have a question:
>> Groovy is programmed by a programmer with special rights but it can be
>> executed by anyone. Am I right? (apparently this is the default
behaviour
>>
> I
>
>> can see)
>> What prevents anyone with edit rights to add $xwiki.parseGroovy in his
>> velocity script (do you need programming rights for this) ?
>>
>>
> The groovy script needs to be own by a programmer. This is the
> responsibility of the programmer to do a groovy script that is secure
or
> to do himself checkProgrammingRights in his
code. If he does then the
> page doing parseGroovyFromPage needs programming rights.
> parseGroovyFromString always needs programming rights.
>
>
>> Moreover if you put in a document something like this:
>>
>> {pre}
>> <%
>> I do some groovy things
>> %>
>> {/pre}
>>
>> then in another one
>> you put
>>
>> # some velocity things
>> $xwiki.getDocument("GroovyDoc").getContent()
>> # some other things
>>
>> Is the groovy simply injected here and executed when someone with
default
>> rights access the last doc? (Apparently
with default rights, that's
what
>> happened... I may have missed something)
>>
>>
> The page needs to be owned by an priviledge user for the groovy to be
> parsed. Mixing velocity with groovy is dangerous, because You could
beat
the
groovy cache if the script passed to groovy is different on every
evaluation. This can lead to high memory usage.
Ludovic
>
>
--
Ludovic Dubost
Blog: http://blog.ludovic.org/
XWiki: http://www.xwiki.com
Skype: ldubost GTalk: ldubost
_______________________________________________
devs mailing list
devs(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/devs
_______________________________________________
devs mailing list
devs(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/devs