Last modified by Thomas Mortagne on 2017/03/24

<
From version < 13.1 >
edited by Denis Gervalle
on 2014/06/18
To version < 11.1 >
edited by Vincent Massol
on 2014/06/18
>
Change comment: There is no comment for this version

Summary

Details

Page properties
Author
... ... @@ -1,1 +1,1 @@
1 -XWiki.dgervalle
1 +XWiki.VincentMassol
Content
... ... @@ -33,38 +33,6 @@
33 33  $services.logging.getLogger('My script').info('Hello {}', 'world')
34 34  {{/code}}
35 35  
36 -== New contextual authorization manager role ==
37 -
38 -A new role is now available to ease the replacement of the old Right Service (com.xpn.xwiki.user.api.XWikiRightService).
39 -Compared to the old service, the component does not manage authentication which should have been ensured previously if needed. (No redirection to login is ever done)
40 -The new component has a similar interface to the AuthorizationManager, but it take care of all external context aspects, like the currently executed macro block, the rendering context restrictions, the dropping of rights, etc...
41 -This new role should be used from now on by any component that needs to check rights for the current user, in the current context.
42 -
43 -== New security authorization script service ==
44 -
45 -A new script service is now available to access the default AuthorizationManager and the ContextualAuthorizationManager.
46 -
47 -Here is some sample:
48 -
49 -{{code language="velocity"}}
50 -#if ($services.security.authorization.hasAccess("edit"))
51 -... show some UI that require edit access on the current document by the current user ...
52 -#end
53 -#if ($services.security.authorization.hasAccess("edit", "xwiki:Sandbox.TestPage1")
54 -... show some UI that require edit access on Sandbox.TestPage1 document by the current user ...
55 -#end
56 -#if ($services.security.authorization.hasAccess("edit", "xwiki:XWiki.User1", "xwiki:Sandbox.TestPage1")
57 -... show some UI that require edit access on Sandbox.TestPage1 document by XWiki.User1 ...
58 -#end
59 -{{/code}}
60 -
61 -{{code language="velocity"}}
62 -$services.security.authorization.checkAccess("edit")
63 -... do some task that require edit access ...
64 -{{/code}}
65 -
66 -In this second sample, the macro will fail with an AccessDeniedException if the right is not allowed.
67 -
68 68  == Deprecated and Retired projects ==
69 69  
70 70  <description of deprecated and retired projects>

Get Connected