16 Mar
2010
16 Mar
'10
5:19 a.m.
On 03/16/2010 03:46 AM, Caleb James DeLisle wrote:
I would like to add to xwiki.api.Context:
void setScriptUser(String)
String getScriptUser()
(These names are the best I could think of, suggestions would be great)
the input can be either "viewer", "author" or "default" and
it stores this in the XWikiContext
If the value is set to author, hasAccessLevel will return an access check on the author,
not the viewer.
What would happen if the access rights of user A who ones wrote several
scripts with script user = "author" would change (e.g. if admin would
revoke A's programming rights)?
IMO it would be better to set the execution rights explicitly, i.e.
"view", "edit", "admin" etc. It is more robust and would
also allow to
set only the rights that are really needed (e.g. "edit" instead of
"admin" if the author is administrator).
Of course, one would need to check on save, that the requested rights
are not higher than the rights of the author.
In any case, I think the name "setExecutionRights(String)" is better,
because if the script user is "author", it sounds (at least to me) as if
nobody else is allowed to use it.
Alex