XWIKI-20907: Introduce the notion of required rights #3285
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
tmortagne
reviewed
Jul 26, 2024
| <revapi.differences> | ||
| <justification>Change in generated class of the REST model to add the | ||
| enforceRequiredRights property.</justification> | ||
| <criticality>highlight</criticality> |
There was a problem hiding this comment.
Feels like an allowed to me (I don't see what this change could really break in practice).
tmortagne
reviewed
Jul 26, 2024
| * @return {@code true} if required rights defined in a {@code XWiki.RequiredRightClass} object shall be | ||
| * enforced, meaning that editing will be limited to users with these rights and content of this document can't | ||
| * use more rights than defined in the object, {@code false} otherwise | ||
| * @since 16.6.0RC1 |
There was a problem hiding this comment.
It will definitely not go in 16.6.0RC1, but anyway hard to tell right now what will be the version.
michitux
force-pushed
the
XWIKI-20907-2
branch
2 times, most recently
from
d47e664
to
f07a919
Compare
* Add a new flag to XWikiDocument if required rights shall be enforced. * Add the new flag to the filter stream and XAR APIs, increase the XAR version and adapt tests. * Add the new flag to the REST API. * Add the new flag to the edit form to support updating it. * Add a DocumentRequiredRightsManager API to allow getting the required rights that are set on a document. * Add a DocumentAuthorizationManager to check rights using required rights. * Restrict edit right to users that have all required rights.
* Add a test for DocumentRequiredRightsReader. * Fix entity type computation.
* Add the enforce required rights flag to the document merge.
* Fix typo in since-version.
* Add tests to the authorization modules. * Integrate required rights into the authorization integration test frameworks.
* Integrate required rights into the contextual authorization manager.
* Start migrating to DocumentAuthorizationManager where necessary. * Add DocumentAuthorizationManager to MockitoOldcore.
* Clone the document before setting the enforce required rights property in the Document script api. * Complete incomplete comment in the AuthorizationManager.
* Gracefully handle checking rights when the passed document reference is null.
* Use the document authorization manager in wiki UI extensions.
* Fix tests. * Use the document authorization manager in more places. * Adapt tests to the document authorization manager. * ContextualAuthorizationManager: Deny access when required rights cannot be loaded. * Fix checkstyle in WikiUIExtensionComponentBuilder.
* Introduce a helper in XWikiContext to get the secure document.
* AuthServiceScriptService: use the document authorization manager.
* Move DocumentRequiredRightsReader to oldcore so it can be used in oldcore.
* Check rights when modifying documents or objects and when saving documents.
michitux
force-pushed
the
XWIKI-20907-2
branch
from
f07a919
to
9a0f091
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Jira URL
https://jira.xwiki.org/browse/XWIKI-20907
Changes
Description
TODO:
DocumentRequiredRightsManager)XWiki.RequiredRightClassClarifications
Screenshots & Video
Executed Tests
Ran tests on all modules with code changes without quality profile (coverage is not met currently, this will be fixed).
Expected merging strategy