Hi all-
A new XWiki user / admin here.
Question 1.
I’m trying some simple Velocity scripts that I would think any users with “scripting” rights should be able to create or edit.
HOWEVER, trying to edit a page containing just this bone-simple macro causes a warning about “programming” rights being needed to not break the page:
{{velocity}}
#if (1)
Basic if function test - hard coded to “1” - and no history of anything else on this page.
#end
{{/velocity}}
Question 2.
I am not finding documentation on velocity or the API that is clear on when “programming right” is required.
Example questions I’m trying to work out:
a. does a simple “#if / #end” block require it?
b. does using $xwiki require it?
c. does using $xwiki.getUser() require it?
d. does using $xwiki.getUser().isUserInGroup(‘XWiki.some-group-name’) require it?
Where are these questions definitively answered?
(And yes, I have installed the " XWiki Scripting API Reference" extension…)
Thanks much in advance for any help you can offer!
A follow-up:
The page with the above test code was a child page of a parent.
I created a new “test” page, at the very root of my wiki, with the same exact sample code. On this new page, a user with only scripting rights (and not “programming” rights) can edit it without warning.
I need to see if they’re some kind issue with how permissions act on hierarchies of pages. Perhaps there is a mismatch of permissions on the parent page and permissions on the child page.
You don’t need programming rights to use Velocity if the APIs you’re calling don’t require it. A simple IF certainly doesn’t require programming rights, just scripting rights.
No
No
No
No
That doc should tell you if PR is needed but it’s possible that there are gaps in the doc.
OK, I have determined what is happening. It has lead to important lessons learned about the impact of simple page editing by users with the XWiki Programming Right:
The lesson seems to be:
If a page contains velocity scripts, even bone simple “if conditional” scripts…
…no matter who created the page…
…then once a user with Programming Right edits it…
…even if they don’t do any script work whatsoever…
…the page now gains an invisible “can execute programs” property.
Any attempt for a user with “scripting right but not programming right” to edit the page…
…will result in an ominous warning (enclosed) about possibly breaking the page’s functionality…
…as a “force-edit” and subsequent saving of the page will strip it of the “can execute programs” property.
The aforementioned user is now in a quandary:
- What velocity code in the page will break if they edit the page at all?
- Will any velocity code in the page break if they edit the page at all?
- Or, is this a false warning that they can ignore?
The XWiki warning gives them no guidance. XWiki documentation on this is hard to find, and “has holes”.
Now, why is this important to me, and is something I must create work-arounds for?
I anticipated roughly three levels of users of my XWiki implementation:
-
Wiki Admin - a super-user that can do anything, and as a result,
a. may do a lot of initial set-up,
b. leads the way in creating scripting solutions, and
c. cleans up anything needed clean up - for all users - on all wiki pages.
By default, this user has “programming” right - even if they don’t create advanced scripts requiring that right.
-
Advanced users - leaders who try the advanced functionality of XWiki - like basic scripting - to create useful, dynamic pages.
-
Normal users. Mostly reads wiki pages, occasionally creates basic text pages.
Now, since any page with a script that Wiki Admin edits automatically gets assigned the “can execute programs” property…
…this makes it MUCH more problematic to use that account to do initial setup and clean-up of pages.
“Whoops, that page contained a script, now everyone else gets an ominous dialog box when they go to edit it!”
Feature request to clear up this problematic and/or confusing behavior:
- Make the “can execute programs” page property visible and explicitly settable…
…rather than the current “invisible” nature of this property, and the current policy of “always turn ‘can execute programs’ on, if the page has scripts and the last person to edit & save has Programming Right.”
- Make the default setting on this property to be “off”, no matter who edits and saves the page.
- Only allow users with “Programming Right” to turn that property “on”.
By doing this:
- It allows for the PR-enabled Wiki Admin user to do initial set-up and clean-up of any and all wiki pages, without needlessly creating permissions confusion on any pages containing non-privledged scripts;
- It makes the addition of “privledged scripts” to a page a more, ah, “definitive” choice by a user. Not only do they write the script that requires the privileged code, they have to affirm that “yes, this page has privileged code, I realize that, and all the implications of that”.
- It makes visible an important setting that is currently invisible. That is always good.
How do I file this as a feature request?
It is unfortunately not really possible to automatically analyze if a Velocity script requires programming right (it would be possible in simple cases, but this would still require a lot of work).
Regarding what you suggest, I’m very happy to inform you that I’ve spent quite some time in the past 1.5 years implementing this feature. The warnings that you saw were basically an interim solution that also laid the foundation for analyzing which rights a page requires. The feature is called required rights and is available with a UI in XWiki 17.4.0 that has been released yesterday (the underlying APIs have already been available since XWiki 16.10.0). When you enforce required rights on a page, XWiki should basically behave as you suggest. These warnings will disappear, at least as long as the previous author actually has the rights (which is enforced at edit time, but you could remove the rights of the user later).
It is a long road to rolling out this feature, for the next months I plan to gradually enable enforcing required rights for all pages that are included in XWiki, also to see if there is still anything to fix. Once we’re more confident that the feature really works as expected, the idea is to turn the enforcing of required rights on by default for new pages and then hopefully also provide a tool to mass-migrate existing pages.
Let me know if this feature matches your expectations, if there is anything missing, or if you have any suggestions for improving it.
