XWIKI-20907: Introduce the notion of required rights #3285
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
tmortagne
reviewed
Jul 26, 2024
| <revapi.differences> | ||
| <justification>Change in generated class of the REST model to add the | ||
| enforceRequiredRights property.</justification> | ||
| <criticality>highlight</criticality> |
There was a problem hiding this comment.
Feels like an allowed to me (I don't see what this change could really break in practice).
tmortagne
reviewed
Jul 26, 2024
| * @return {@code true} if required rights defined in a {@code XWiki.RequiredRightClass} object shall be | ||
| * enforced, meaning that editing will be limited to users with these rights and content of this document can't | ||
| * use more rights than defined in the object, {@code false} otherwise | ||
| * @since 16.6.0RC1 |
There was a problem hiding this comment.
It will definitely not go in 16.6.0RC1, but anyway hard to tell right now what will be the version.
michitux
force-pushed
the
XWIKI-20907-2
branch
2 times, most recently
from
d47e664
to
f07a919
Compare
michitux
force-pushed
the
XWIKI-20907-2
branch
from
f07a919
to
9a0f091
Compare
* Add a new flag to XWikiDocument if required rights shall be enforced. * Add the new flag to the filter stream and XAR APIs, increase the XAR version and adapt tests. * Add the new flag to the REST API. * Add the new flag to the edit form to support updating it. * Add a DocumentRequiredRightsManager API to allow getting the required rights that are set on a document. * Add a DocumentAuthorizationManager to check rights using required rights. * Restrict edit right to users that have all required rights.
* Add a test for DocumentRequiredRightsReader. * Fix entity type computation.
* Add the enforce required rights flag to the document merge.
* Fix typo in since-version.
* Add tests to the authorization modules. * Integrate required rights into the authorization integration test frameworks.
* Integrate required rights into the contextual authorization manager.
* Start migrating to DocumentAuthorizationManager where necessary. * Add DocumentAuthorizationManager to MockitoOldcore.
* Clone the document before setting the enforce required rights property in the Document script api. * Complete incomplete comment in the AuthorizationManager.
* Gracefully handle checking rights when the passed document reference is null.
* Use the document authorization manager in wiki UI extensions.
* Fix tests. * Use the document authorization manager in more places. * Adapt tests to the document authorization manager. * ContextualAuthorizationManager: Deny access when required rights cannot be loaded. * Fix checkstyle in WikiUIExtensionComponentBuilder.
* Introduce a helper in XWikiContext to get the secure document.
* AuthServiceScriptService: use the document authorization manager.
* Move DocumentRequiredRightsReader to oldcore so it can be used in oldcore.
* Check rights when modifying documents or objects and when saving documents.
* Remove the analyzer for the required right object as it doesn't make sense to take the object into consideration if this is basically where we store the result of the analysis.
* Change the entity type of programming right in the required rights analysis result to be `null`, i.e., the farm as programming right only exists on the farm level. Adapt the tests that expected a different value.
* Fix page tests by moving DefaultDocumentRequiredRightsManager to oldcore so the implementation is available to tests that use the Document script API. * Replace the XWiki.RequiredRightClass document by a mandatory document initializer.
* Fix checkAccess in DocumentAuthorizationManager in the case of no context document.
* WIP UI prototype. * Add a method to api.Document to get the required rights. * Add a script service for required rights. * Add a way to convert a RequiredRight to a DocumentRequiredRight.
michitux
force-pushed
the
XWIKI-20907-2
branch
from
9a0f091
to
04e0d94
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Jira URL
https://jira.xwiki.org/browse/XWIKI-20907
Changes
Description
TODO:
DocumentRequiredRightsManager)XWiki.RequiredRightClassClarifications
Screenshots & Video
Executed Tests
Ran tests on all modules with code changes without quality profile (coverage is not met currently, this will be fixed).
Expected merging strategy