16 Mar
2010
16 Mar
'10
11:14 a.m.
Alex Busenius wrote:
On 03/16/2010 03:46 AM, Caleb James DeLisle wrote:
Unless there was a change to the rights model
the scripts would stop working.
I would like to add to xwiki.api.Context:
void setScriptUser(String)
String getScriptUser()
(These names are the best I could think of, suggestions would be great)
the input can be either "viewer", "author" or "default" and
it stores this in the XWikiContext
If the value is set to author, hasAccessLevel will return an access check on the author,
not the viewer.
What would happen if the access rights of user A who ones wrote several
scripts with script user = "author" would change (e.g. if admin would
revoke A's programming rights)?
IMO it would be better to set the execution rights explicitly, i.e.
"view", "edit", "admin" etc. It is more robust and would
also allow to
set only the rights that are really needed (e.g. "edit" instead of
"admin" if the author is administrator).
Of course, one would need to check on save, that the requested rights
are not higher than the rights of the author.
Currently rights are checked on view
which is slower but safer. Shedding rights (sandboxing code)
is an idea which has been discussed before, the problem as I see it is how do we prevent a
script
from asking the same APIs for more rights.
I agree the ability to sandbox code is a necessity but I think it needs to look more like
evaluateCodeWithReducedPermission(String code, Set<Permission> permissionsToDeny)
In any case, I think the name "setExecutionRights(String)" is better,
I'm not quite sold on that name because ExecutionRights tells me it's a
"what" and my proposal is
about a "who" as in "execute with who's access privilages?"
Caleb
because if the script user is "author", it
sounds (at least to me) as if
nobody else is allowed to use it.
Alex
_______________________________________________
devs mailing list
devs(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/devs