On Fri, Jun 19, 2015 at 4:25 PM, Eduard Moraru <enygma2002(a)gmail.com> wrote:
Hi,
For 7.2, we are introducing a new right to control permissions on the
execution of scripts.
Right now, out of all the scripts we support, Velocity is special and does
not require programming rights, since it uses only the public API. Of
course, if it has PR available, it can also access privileged API. All
other scripts (groovy, python, etc) require PR by default.
The new 'script' right should be used to control "light"/sandboxed
scripting, such as velocity or any other scripts that are configured to
consider this new right when executing (assuming they override the standard
PR check).
We actually do have another one already, a custom version of Groovy
JSR223 engine done by Vincent.
All that to say that you should probably also update
org.xwiki.rendering.internal.macro.groovy.GroovyMacroPermissionPolicy
in xwiki-platform-rendering-macro-groovy module.
Since the build is not in top shape due to the nested spaces changes, I
have currently committed my work on this in a branch, created a PR and
would like to profit from this occasion to ask the devs that are more
familiar with the rights system for some feedback on it.
The Jira issue is
http://jira.xwiki.org/browse/XWIKI-12171
The PR is
https://github.com/xwiki/xwiki-platform/pull/410
Looks good (all I could do is a minor comment on a comment :) ).
Thanks,
Eduard
_______________________________________________
devs mailing list
devs(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/devs
--
Thomas Mortagne