-
-
Notifications
You must be signed in to change notification settings - Fork 543
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
XWIKI-20907: Introduce the notion of required rights #3285
base: master
Are you sure you want to change the base?
Conversation
<revapi.differences> | ||
<justification>Change in generated class of the REST model to add the | ||
enforceRequiredRights property.</justification> | ||
<criticality>highlight</criticality> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Feels like an allowed
to me (I don't see what this change could really break in practice).
* @return {@code true} if required rights defined in a {@code XWiki.RequiredRightClass} object shall be | ||
* enforced, meaning that editing will be limited to users with these rights and content of this document can't | ||
* use more rights than defined in the object, {@code false} otherwise | ||
* @since 16.6.0RC1 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It will definitely not go in 16.6.0RC1, but anyway hard to tell right now what will be the version.
d47e664
to
f07a919
Compare
* Add a new flag to XWikiDocument if required rights shall be enforced. * Add the new flag to the filter stream and XAR APIs, increase the XAR version and adapt tests. * Add the new flag to the REST API. * Add the new flag to the edit form to support updating it. * Add a DocumentRequiredRightsManager API to allow getting the required rights that are set on a document. * Add a DocumentAuthorizationManager to check rights using required rights. * Restrict edit right to users that have all required rights.
* Add a test for DocumentRequiredRightsReader. * Fix entity type computation.
* Add the enforce required rights flag to the document merge.
* Fix typo in since-version.
* Add tests to the authorization modules. * Integrate required rights into the authorization integration test frameworks.
* Integrate required rights into the contextual authorization manager.
* Start migrating to DocumentAuthorizationManager where necessary. * Add DocumentAuthorizationManager to MockitoOldcore.
* Clone the document before setting the enforce required rights property in the Document script api. * Complete incomplete comment in the AuthorizationManager.
* Gracefully handle checking rights when the passed document reference is null.
* Use the document authorization manager in wiki UI extensions.
* Fix tests. * Use the document authorization manager in more places. * Adapt tests to the document authorization manager. * ContextualAuthorizationManager: Deny access when required rights cannot be loaded. * Fix checkstyle in WikiUIExtensionComponentBuilder.
* Introduce a helper in XWikiContext to get the secure document.
* AuthServiceScriptService: use the document authorization manager.
* Move DocumentRequiredRightsReader to oldcore so it can be used in oldcore.
* Check rights when modifying documents or objects and when saving documents.
f07a919
to
9a0f091
Compare
Jira URL
https://jira.xwiki.org/browse/XWIKI-20907
Changes
Description
TODO:
DocumentRequiredRightsManager
)XWiki.RequiredRightClass
Clarifications
Screenshots & Video
Executed Tests
Ran tests on all modules with code changes without quality profile (coverage is not met currently, this will be fixed).
Expected merging strategy