XWIKI-20907: Introduce the notion of required rights #3285
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
tmortagne
reviewed
Jul 26, 2024
tmortagne
reviewed
Jul 26, 2024
...-platform-core/xwiki-platform-bridge/src/main/java/org/xwiki/bridge/DocumentModelBridge.java
Outdated
Show resolved
Hide resolved
michitux
force-pushed
the
XWIKI-20907-2
branch
2 times, most recently
from
d47e664 to
f07a919
Compare
michitux
force-pushed
the
XWIKI-20907-2
branch
from
f07a919 to
9a0f091
Compare
michitux
force-pushed
the
XWIKI-20907-2
branch
from
9a0f091 to
04e0d94
Compare
michitux
force-pushed
the
XWIKI-20907-2
branch
from
04e0d94 to
4b4ddbc
Compare
* Add a new flag to XWikiDocument if required rights shall be enforced. * Add the new flag to the filter stream and XAR APIs, increase the XAR version and adapt tests. * Add the new flag to the REST API. * Add the new flag to the edit form to support updating it. * Add a DocumentRequiredRightsManager API to allow getting the required rights that are set on a document. * Add a DocumentAuthorizationManager to check rights using required rights. * Restrict edit right to users that have all required rights. * Add a test for DocumentRequiredRightsReader.
* Add the enforce required rights flag to the document merge.
* Add tests to the authorization modules. * Integrate required rights into the authorization integration test frameworks.
* Integrate required rights into the contextual authorization manager.
* Start migrating to DocumentAuthorizationManager where necessary. * Add DocumentAuthorizationManager to MockitoOldcore.
* Use the document authorization manager in wiki UI extensions.
* Fix tests. * Use the document authorization manager in more places. * Adapt tests to the document authorization manager. * ContextualAuthorizationManager: Deny access when required rights cannot be loaded. * Fix checkstyle in WikiUIExtensionComponentBuilder.
* Introduce a helper in XWikiContext to get the secure document.
* AuthServiceScriptService: use the document authorization manager.
* Move DocumentRequiredRightsReader to oldcore so it can be used in oldcore.
* Check rights when modifying documents or objects and when saving documents.
* Remove the analyzer for the required right object as it doesn't make sense to take the object into consideration if this is basically where we store the result of the analysis.
* Change the entity type of programming right in the required rights analysis result to be `null`, i.e., the farm as programming right only exists on the farm level. Adapt the tests that expected a different value.
* Fix page tests by moving DefaultDocumentRequiredRightsManager to oldcore so the implementation is available to tests that use the Document script API. * Replace the XWiki.RequiredRightClass document by a mandatory document initializer.
* Add a method to api.Document to get the required rights * Add a method to convert to RequiredRight to a DocumentRequiredRight.
michitux
force-pushed
the
XWIKI-20907-2
branch
from
4b4ddbc to
74e1f1d
Compare
|
The UI has been postponed to ensure that the API ends up in 16.10.x LTS branch, so extensions can start using the flag to enforce required rights on their extension documents. I created https://jira.xwiki.org/browse/XWIKI-22656 for the UI. The cache that is mentioned in the PR description will be added after the merge. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Jira URL
https://jira.xwiki.org/browse/XWIKI-20907
Changes
Description
TODO:
DocumentRequiredRightsManager)XWiki.RequiredRightClassClarifications
Screenshots & Video
Executed Tests
Ran tests on all modules with code changes without quality profile (coverage is not met currently, this will be fixed).
Expected merging strategy