Change comment:
There is no comment for this version
Summary
-
Page properties (2 modified, 0 added, 0 removed)
Details
- Page properties
-
- Author
-
... ... @@ -1,1 +1,1 @@ 1 -XWiki. VincentMassol1 +XWiki.dgervalle - Content
-
... ... @@ -33,6 +33,39 @@ 33 33 $services.logging.getLogger('My script').info('Hello {}', 'world') 34 34 {{/code}} 35 35 36 +== New contextual authorization manager role == 37 + 38 +A new role is now available to ease the replacement of the old Right Service (com.xpn.xwiki.user.api.XWikiRightService). 39 +Compared to the old service, the component does not manage authentication which should have been ensured previously if needed. (No redirection to login is ever done) 40 +The new component has a similar interface to the AuthorizationManager, but it take care of all external context aspects, like the currently executed macro block, the rendering context restrictions, the dropping of rights, etc... 41 +This new role should be used from now on by any component that needs to check rights for the current user, in the current context. 42 + 43 +== New security authorization script service == 44 + 45 +A new script service is now available to access the default AuthorizationManager and the ContextualAuthorizationManager. 46 + 47 +Here is some sample: 48 + 49 +{{code language="velocity"}} 50 +#if ($services.security.authorization.hasAccess("edit")) 51 +... show some UI that require edit access on the current document by the current user ... 52 +#end 53 +#if ($services.security.authorization.hasAccess("edit", "xwiki:Sandbox.TestPage1") 54 +... show some UI that require edit access on Sandbox.TestPage1 document by the current user ... 55 +#end 56 +#if ($services.security.authorization.hasAccess("edit", "xwiki:XWiki.User1", "xwiki:Sandbox.TestPage1") 57 +... show some UI that require edit access on Sandbox.TestPage1 document by XWiki.User1 ... 58 +#end 59 +{{/code}} 60 + 61 +{{code language="velocity"}} 62 +$services.security.authorization.checkAccess("edit") 63 +... do some task that require edit access ... 64 +#end 65 +{{/code}} 66 + 67 +In this second sample, the macro will fail with an AccessDeniedException if the right is not allowed. 68 + 36 36 == Deprecated and Retired projects == 37 37 38 38 <description of deprecated and retired projects>