[xwiki-devs] Permissions on actions
Hi, I'm wondering how xwiki applies permissions to various actions. For example, in looking at the ViewAction and DeleteAction classes I don't see anything that would be applying permissions but clearly some part of the system knows that a /view/ action is different than a /delete/ which is different from a /viewrev/. I created my own action and it 'appears' to be applying the edit permissions. How is this done? What if it was a view type of action? Thanks, Glenn
Hi Glenn, On Thu, May 28, 2009 at 10:04 PM, <[email protected]> wrote:
Hi,
I'm wondering how xwiki applies permissions to various actions. For example, in looking at the ViewAction and DeleteAction classes I don't see anything that would be applying permissions but clearly some part of the system knows that a /view/ action is different than a /delete/ which is different from a /viewrev/.
I created my own action and it 'appears' to be applying the edit permissions. How is this done? What if it was a view type of action?
Not sure whether this is gonna help you, but the java code that handles rights is located in here: http://svn.xwiki.org/svnroot/xwiki/platform/core/trunk/xwiki-core/src/main/j... Maybe it has some of the answers you're looking for. Guillaume
Thanks,
Glenn
_______________________________________________ devs mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/devs
-- Guillaume Lerouge Product Manager - XWiki Skype ID : wikibc http://guillaumelerouge.com/
[email protected] wrote:
Hi,
I'm wondering how xwiki applies permissions to various actions. For example, in looking at the ViewAction and DeleteAction classes I don't see anything that would be applying permissions but clearly some part of the system knows that a /view/ action is different than a /delete/ which is different from a /viewrev/.
I created my own action and it 'appears' to be applying the edit permissions. How is this done? What if it was a view type of action?
As Guillaume said, the class that assigns edit rights to actions is in http://svn.xwiki.org/svnroot/xwiki/platform/core/trunk/xwiki-core/src/main/j... (look at the actionMap). Unfortunately, this map is not modular/extensible, so you will have to change this class and use a custom build of it in your wiki. This will change in the future, but it will take a while until then. -- Sergiu Dumitriu http://purl.org/net/sergiu/
-----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Sergiu Dumitriu Sent: Thursday, May 28, 2009 7:00 PM To: XWiki Developers Subject: Re: [xwiki-devs] Permissions on actions
[email protected] wrote:
Hi,
I'm wondering how xwiki applies permissions to various actions. For example, in looking at the ViewAction and DeleteAction classes I don't see anything that would be applying permissions but clearly some part of the system knows that a /view/ action is different than a /delete/ which is different from a /viewrev/.
I created my own action and it 'appears' to be applying the edit permissions. How is this done? What if it was a view type of action?
As Guillaume said, the class that assigns edit rights to actions is in http://svn.xwiki.org/svnroot/xwiki/platform/core/trunk/xwiki- core/src/main/java/com/xpn/xwiki/user/impl/xwiki/XWikiRightServiceImpl. java (look at the actionMap). Unfortunately, this map is not modular/extensible, so you will have to change this class and use a custom build of it in your wiki. This will change in the future, but it will take a while until then.
Thanks. The code defaults to the 'edit' right which will work for my application. It looks like an easy fix to allow other actions to be included would be to do 1) treat an action like view.doSomething the same as view. That is, strip everything after a . or - and then do the lookup. This way plugins could ride on top of existing action rights by just having a prefix on their actions. or 2) Add a method to add elements to the action map. -- Glenn
-- Sergiu Dumitriu http://purl.org/net/sergiu/ _______________________________________________ devs mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/devs
participants (3)
-
glenn_engel@agilent.com -
Guillaume Lerouge -
Sergiu Dumitriu