16 Jan
2014
16 Jan
'14
10:25 a.m.
Hi Mircea,
The mapping between action and right is done
in org.xwiki.security.authorization.internal.XWikiCachingRightService, and
if the action is not mapped, the ILLEGAL right is matched that will always
conduct to a denial. All this is not extendable and static code currently.
It is expected to be moved to a "contextual" authorization manager when we
got the authentication part of the security module rewritten.
On Wed, Jan 15, 2014 at 4:42 PM, Mircea Staicu <mircea.staicu(a)xwiki.com>wrote;wrote:
Hello,
I am having some issues with a new custom action that I did to solve a
platform issue.
My work was done a new branch created from the master branch of xwiki on
github. I added the new Action class and the form bean to the 'web' module
in the xwiki-platform-oldcore @com.xpn.xwiki.web and I mapped the new
action in struts-config.xml.
I've build the oldcore, followed by the build on the legacy-oldcore,
deployed the legacy-oldcore artifact to my local 5.4-SNAPSHOT instance and
deployed the struts-config.xml with the new modifications to the
WEB-INF/lib.
On accessing my action from the wiki, I get the following:
You are not allowed to view this document or perform this action.
Is there a mapping of the non-default actions and the rights that one must
have in order to run them?
_______________________________________________
devs mailing list
devs(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/devs
--
Denis Gervalle
SOFTEC sa - CEO