see below
On Tue, Aug 5, 2008 at 6:52 PM, Ludovic Dubost <ludovic(a)xwiki.org> wrote:
Let's take an example
public class Groovy {
public boolean delete(String docname, Context context) {
def xwiki = context.getWiki();
def xwiki2 = xwiki.xWiki;
def context2 = context.context;
xwiki2.deleteDocument(docName, context2);
return true;
}
}
This script is a priviledge script and will use the underlying xwiki
api. This means that no rights check are performed on the call to
xwiki2.deleteDocument.
If you let this class in your wiki, any use can use parseGroovyFromPage
to instanciate the class and call delete() and delete any page
regardeless of the user rights.
To fix this you do:
public class Groovy {
public boolean delete(String docname, Context context) {
if (!context.hasProgrammingRights())
return false;
def xwiki = context.getWiki();
def xwiki2 = xwiki.xWiki;
def context2 = context.context;
xwiki2.deleteDocument(docName, context2);
return true;
}
}
If the author of the page making the call to parseGroovyFromPage and
deleteDocument is not a "programmer" then the call fails.
For example if the page is
$xwiki.parseGroovyFromPage("..").deleteDocument($context.user,$context)
Then any use can access the page setup by the programmer to delete it's
own page.
If the user tries to change the page to replace by $context.user by any
page, then the programmers right is revoked and the call fails
Therefore you delete() function is secure.
That's what I understood at first sight... (and why don't you include this
small doc in
xwiki.org doc to help people understand what they should do or
not...)
My second idea was: why not prevent the groovy parsing and instantiation
when you don't have the rights?(it would spare some memory and process time)
Thank you for your explanation
Pascal
Ludovic
Pascal Voitot wrote:
I'm a bit stupid...
In a previous mail, you told that the checkProgrammingRights should be
done
in the code directly...
Is it true?
In fact, I'm a bit lost reading everything again :)
The programmer programs the groovy script, that's a fact...
Can users access a document calling $xwiki.parseGroovy without
programming
rights and execute the groovy script? (apparently
yes in my tests)
Or do you strongly advise programmers to prevent users from using groovy
scripts when they don't have programming rights using
checkProgrammingRights?
Sorry for disturbing you ;)
PAscal
--
Ludovic Dubost
Blog:
http://blog.ludovic.org/
XWiki:
http://www.xwiki.com
Skype: ldubost GTalk: ldubost
_______________________________________________
devs mailing list
devs(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/devs
_______________________________________________
devs mailing list
devs(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/devs