Required Rights Application

Last modified by Admin on 2024/12/11 01:02

cogDefault implementation of the Required Rights API
TypeJAR
CategoryApplication
Developed by

XWiki Development Team

Active Installs1
Rating
0 Votes
LicenseGNU Lesser General Public License 2.1
Bundled With

XWiki Standard (XWiki 15.9RC1+)

Compatibility

XWiki 15.9RC1+

Installable with the Extension Manager

Description

The Required right Application is currently used to warn users when editing a document would either break macros or objects or when additional rights would be granted that a document or object currently doesn't have.
A warning is, for instance, raised if a page authored by an user with Script right contains velocity script in its title (e.g., to translate the title), is edited by an user without Script right. Without this warning, the user would break the title, and the velocity script of the title would be displayed in plain text instead of the translation.

See also the corresponding API.

Users

Admins

Configuration

#-# [Since 15.9RC1]
#-# Indicates how documents are protected by required rights.
#-#
#-# The possible choices are:
#-# * none: no required rights check
#-# * warning (the default): a warning is presented to the user when trying to edit a document with required rights
#-# issues
# security.requiredRights.protection=warning

XWiki <15.10 The required rights protection was disabled by default.

Developers

Existing Analyzers

  • Macros
    • default: Recurses into the macro content if it is wiki syntax
    • script: Analyze script macros
    • XWiki 15.10+ context: Analyzes the context macro, disables scanning of restricted content
    • XWiki 15.10+ cache: Analyzes the cache macro, making sure that the id parameter is analyzed
    • XWiki 15.10+ raw: Analyzes the raw macro, reporting script right for raw HTML content
    • XWiki 15.10+ HTML: Analyzes the HTML macro, reporting script right when filtering is disabled, wiki content is enabled (then also analyzing the wiki syntax) or HTML elements, attributes or comments are used that would be affected by restricted filtering.
  • XObjects
    • default: Analyzes text area properties with Velocity or wiki syntax content
    • XWiki.RequiredRightClass: Analyzer that checks if the document has the rights indicated in the RequiredRights object
    • XWiki.JavaScriptExtension/XWiki.StyleSheetExtension: Required right analyzer for skin extensions
    • XWiki 15.10+ XWiki.UIExtensionClass: Analyzes rights for UI extensions, taking scope, content, parameters (may contain Velocity), and extension point (some require wiki admin right) into account.
    • XWiki 15.10+ XWiki.TranslationDocumentClass: Required rights analyzer for content and metadata of translation documents, taking the scope into account.
    • XWiki 15.10+ XWiki.GadgetClass: Required rights analyzer for gadgets, checking for scripts in the gadget title and analyzing the content
    • XWiki 15.10+ IconThemesCode.IconThemeClass: Required rights analyzer for icon themes, reporting script and programming right with manual review required for metadata and content.
    • XWiki 15.10+ XWiki.ConfigurableClass: Required rights analyzer for configurable sections, analyzing the heading that may contain Velocity and the content.
    • XWiki 15.10.5+, 16.0.0+ XWiki.PDFClass: Required rights analyzer for PDF and office export customizations that can contain Velocity code.
    • XWiki 15.10.12+, 16.4.3+, 16.8.0+ XWiki.ComponentClass: Required rights analyzers for wiki components, they need programming right.

       

  • XDOM
    • default: Analyzes all macros in the content
  • XWikiDocument
    • default Analyzes the title and calls the other analyzers to analyze content and XObjects.

Prerequisites & Installation Instructions

We recommend using the Extension Manager to install this extension (Make sure that the text "Installable with the Extension Manager" is displayed at the top right location on this page to know if this extension can be installed with the Extension Manager).

You can also use the manual method which involves dropping the JAR file and all its dependencies into the WEB-INF/lib folder and restarting XWiki.

Dependencies

Dependencies for this extension (org.xwiki.platform:xwiki-platform-security-requiredrights-default 16.10.1):

Get Connected