Hi everyone,
I’m tying to implement a feature to my XWiki 16.10.9 instance where non-elevated users can trigger a page copy into a space where they don’t have edit rights.
The copy has to include content, objects, attachments and full history.
The goal is to make this as simple as possible for the end user, like a button or an action they can trigger.
I have tested the Refactoring API (services.refactoring.copy which works great), but it enforces rights checks for the triggering user even if the script page has Programming Rights, so it fails when the user doesn’t have rights in the target space.
From what I understand, the only way to fully use the Refactoring API in my case, is to create a custom Java extension (REST endpoint or Script Service) that runs under a service account with rights in the target space.
However, I have zero experience with Java, so this would be the last thing I want to try unless there’s no other option.
Is there any existing extension or app that already solves this?
If not, what would be the best approach to implement a secure elevated copy feature?
Thanks for any advice or pointers!