as already discussed in this proposal, I propose to restrict script right to the wiki level. As I didn’t get much feedback for this important change there, I’m opening this vote to reach a conclusion regarding this breaking change. My proposal is the following:
Remove the possibility to grant (or deny) script right on a page or space level, i.e., implement XWIKI-21275.
This implies that admin right on space level also won’t imply script right anymore. Admin right on wiki level will still imply script right as we first need a better right management UI before I propose implementing such a change that makes it currently way too easy for admins to break the wiki and lock themselves out.
The rationale is that - similar to programming right - scripts aren’t restricted to the current space or page and in general it doesn’t matter where a script is written. Scripts can also be part of the document’s title, and thus executed in many contexts completely unrelated to the current page. Further, as script right is quite dangerous, restricting it to the wiki level makes it easier to control who can write scripts. Further, as mentioned in this reply, giving somebody the ability to manage edit rights on a space level without granting them script right is also an important use case.
The main downside to this change is that scripts, in particular AWM apps because of XWIKI-20190, might stop working as script rights granted on a space level will stop being applied. On the upside, I think we can then revert parts of the fix and grant the creator of an AWM app space admin right on the app’s space.
This vote is open for three (working) days, so until (including) September 4th.