Restrict script right to the wiki level

Development
#1

Hi everyone,

as already discussed in this proposal, I propose to restrict script right to the wiki level. As I didn’t get much feedback for this important change there, I’m opening this vote to reach a conclusion regarding this breaking change. My proposal is the following:

Remove the possibility to grant (or deny) script right on a page or space level, i.e., implement XWIKI-21275.

This implies that admin right on space level also won’t imply script right anymore. Admin right on wiki level will still imply script right as we first need a better right management UI before I propose implementing such a change that makes it currently way too easy for admins to break the wiki and lock themselves out.

The rationale is that - similar to programming right - scripts aren’t restricted to the current space or page and in general it doesn’t matter where a script is written. Scripts can also be part of the document’s title, and thus executed in many contexts completely unrelated to the current page. Further, as script right is quite dangerous, restricting it to the wiki level makes it easier to control who can write scripts. Further, as mentioned in this reply, giving somebody the ability to manage edit rights on a space level without granting them script right is also an important use case.

The main downside to this change is that scripts, in particular AWM apps because of XWIKI-20190, might stop working as script rights granted on a space level will stop being applied. On the upside, I think we can then revert parts of the fix and grant the creator of an AWM app space admin right on the app’s space.

This vote is open for three (working) days, so until (including) September 4th.

Thank you!

Change admin right to not imply script right, grant script right only on wiki level
#2

I think that for most of the rights schemas that I have setup I did not use the scoping of the script rights at space level, because it could cause some trouble (having a script in a page with rights but then having it evaluate in a different place where there are no rights or something around that) and because it didn’t do anything without the edit right. So I was mostly giving script at wiki level and then restrict it along with edit, as it was before the introduction of the script right.

For this reason, I wouldn’t be bothered by this change, and it would make things easier to explain / understand, as the scoping of this right is not intuitive for the scoping of the access it gives.

So, +0 from me.

P.S. for the original question about the script right being tied to access rights management through the space admin right, we also need to look at Loading... .

Thanks,
Anca

#3

This vote failed as only one committer voted. I therefore won’t implement this for now.