Hi,
use case would be, that any action a local user might want to do
that needs programming rights is not possible (using codes, macros,
applications (Import Export Application) from the code zone or
creating own scripts using Velocity). And i would not like to grant
every user who needs programming rights, because he wants to do one
of the things mentioned above a global account.
Velocity doesn't require programming rights.
Only Groovy and some Java APIs do require programming rights. For
Groovy I hope we'll fix this in the future by having it run in its own
sandbox. For the APIs it's done voluntarily. Accessing the private
XWiki instance, the XWikiDocument or XWikiContext is not supposed to
happen for users. These APIs are meant to be used internally only. If
you're missing a given public API you should tell us and we can see on
a case by case basis if we could make it available in the public API.
Thanks
-Vincent
For me it is not that much of a problem, because i
have also an
global account and i really understand your concerns about security.
But its also limiting the abilities of a virtual wiki environment.
But what i get from what your saying is, that its not possible to
restrict the programming rights for a local user only to his virtual
wiki.
hel.
On Mar 27, 2009, at 3:48 PM, Sergiu Dumitriu wrote:
Vincent Massol wrote:
Hi Hel,
On Mar 27, 2009, at 2:28 PM, hel-o wrote:
Hi,
is there a special reason for that,
Is this is for security issues since one wiki in a farm could
endanger
all the wikis in the farm very easily since a local user would get
access to a powerful API.
To be more detailed, a user with programming rights has absolute
access
on the whole server (using Groovy), and in a public farm if a wiki
admin
gives himself programming rights, he can seriously affect the entire
server. Imagine if somebody could do anything on the whole Blogspot
farm...
and is it
planned for a future release to have the possibility to
have programming rights in a virtual wiki?
No.
It depends. There is an issue on
jira.xwiki.org about having an
option
for this, defaulting to false, but there's no requirement for this.
Programming rights are really a dangerous thing, I don't see any
need to
grant them to anybody except one global account that decides what is
safe.
Indeed, if you need programming rights for a given api maybe a better
way would be to provide that API without programming rights (if it's
safe).
What's your use case?
Thanks
-Vincent
>>
>> hel.
>>
>>
>> Hel-o,
>>
>> Only users registered on the main wiki can be granted programming
>> access
>> level. But they can save pages with the programming rights on sub
>> wikis.
>>
>> Jerome.
>>
>> hel-o wrote:
>>> Hi,
>>>
>>> is there a way to give programming rights to a user in a virtual
>>> wiki?
>>>
>>> Thanks
>>> hel.
_______________________________________________
users mailing list
users(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/users
-----
hel.
hel(a)hel.at
--
View this message in context:
http://n2.nabble.com/Programming-rights-in-virtual-wiki-tp2538608p2544919.h…
Sent from the XWiki- Users mailing list archive at
Nabble.com.
_______________________________________________
users mailing list
users(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/users