Skip to content

Commit

Permalink
XWIKI-17533: Allow to set custom rights in administration (#1644)
Browse files Browse the repository at this point in the history 
  * Provide a new API to retrieve all rights names in
    SecurityAuthorizationScriptService
  * Provide a new administration section to configure the custom rights
  * Edit rightsUI.vm to allow customize custom rights, without breaking
    the existing rights and UIs mechanisms
  • Loading branch information
@surli
surli committed Jun 17, 2021
1 parent 2e2aa37 commit f5ba791
Show file tree
Hide file tree
Showing 4 changed files with 341 additions and 10 deletions.
301 changes: 301 additions & 0 deletions ...n/xwiki-platform-administration-ui/src/main/resources/XWiki/AdminExtensionRightsSheet.xml
View file
@@ -0,0 +1,301 @@
<?xml version="1.1" encoding="UTF-8"?>

<!--
* See the NOTICE file distributed with this work for additional
* information regarding copyright ownership.
*
* This is free software; you can redistribute it and/or modify it
* under the terms of the GNU Lesser General Public License as
* published by the Free Software Foundation; either version 2.1 of
* the License, or (at your option) any later version.
*
* This software is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this software; if not, write to the Free
* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
-->

<xwikidoc version="1.4" reference="XWiki.AdminExtensionRightsSheet" locale="">
<web>XWiki</web>
<name>AdminExtensionRightsSheet</name>
<language/>
<defaultLanguage/>
<translation>0</translation>
<creator>xwiki:XWiki.Admin</creator>
<parent>Main.WebHome</parent>
<author>xwiki:XWiki.Admin</author>
<contentAuthor>xwiki:XWiki.Admin</contentAuthor>
<version>1.1</version>
<title>AdminExtensionRightsSheet</title>
<comment/>
<minorEdit>false</minorEdit>
<syntaxId>xwiki/2.1</syntaxId>
<hidden>true</hidden>
<content>{{velocity}}
### Sheet used to generically display the XWikiPreferences object fields in the administration sheets.
{{html}}
&lt;form method="post" action="$xwiki.getURL($currentDoc, 'saveandcontinue')" class="xform"&gt;
############################################################################################
## RIGHTS
############################################################################################
&lt;fieldset&gt;
#template('rightsUI.vm')
&lt;/fieldset&gt;
&lt;/form&gt;
{{/html}}
{{/velocity}}</content>
<object>
<name>XWiki.AdminExtensionRightsSheet</name>
<number>0</number>
<className>XWiki.ConfigurableClass</className>
<guid>bad3af00-4a01-48b8-94ca-2111b758d219</guid>
<class>
<name>XWiki.ConfigurableClass</name>
<customClass/>
<customMapping/>
<defaultViewSheet/>
<defaultEditSheet/>
<defaultWeb/>
<nameField/>
<validationScript/>
<categoryIcon>
<customDisplay/>
<disabled>0</disabled>
<hint/>
<name>categoryIcon</name>
<number>11</number>
<picker>0</picker>
<prettyName>categoryIcon</prettyName>
<size>30</size>
<unmodifiable>0</unmodifiable>
<validationMessage/>
<validationRegExp/>
<classType>com.xpn.xwiki.objects.classes.StringClass</classType>
</categoryIcon>
<codeToExecute>
<contenttype>VelocityWiki</contenttype>
<customDisplay/>
<disabled>0</disabled>
<editor>---</editor>
<hint/>
<name>codeToExecute</name>
<number>7</number>
<picker>0</picker>
<prettyName>codeToExecute</prettyName>
<rows>5</rows>
<size>40</size>
<unmodifiable>0</unmodifiable>
<validationMessage/>
<validationRegExp/>
<classType>com.xpn.xwiki.objects.classes.TextAreaClass</classType>
</codeToExecute>
<configurationClass>
<cache>0</cache>
<classname/>
<customDisplay/>
<defaultValue/>
<disabled>0</disabled>
<displayType>input</displayType>
<freeText/>
<hint/>
<idField/>
<largeStorage>0</largeStorage>
<multiSelect>0</multiSelect>
<name>configurationClass</name>
<number>3</number>
<picker>1</picker>
<prettyName>configurationClass</prettyName>
<relationalStorage>0</relationalStorage>
<separator> </separator>
<separators/>
<size>30</size>
<sort>none</sort>
<sql/>
<unmodifiable>0</unmodifiable>
<validationMessage/>
<validationRegExp/>
<valueField/>
<classType>com.xpn.xwiki.objects.classes.PageClass</classType>
</configurationClass>
<configureGlobally>
<customDisplay/>
<defaultValue/>
<disabled>0</disabled>
<displayFormType>checkbox</displayFormType>
<displayType/>
<hint/>
<name>configureGlobally</name>
<number>4</number>
<prettyName>configureGlobally</prettyName>
<unmodifiable>0</unmodifiable>
<validationMessage/>
<validationRegExp/>
<classType>com.xpn.xwiki.objects.classes.BooleanClass</classType>
</configureGlobally>
<displayBeforeCategory>
<customDisplay/>
<disabled>0</disabled>
<hint/>
<name>displayBeforeCategory</name>
<number>10</number>
<picker>0</picker>
<prettyName>displayBeforeCategory</prettyName>
<size>30</size>
<unmodifiable>0</unmodifiable>
<validationMessage/>
<validationRegExp/>
<classType>com.xpn.xwiki.objects.classes.StringClass</classType>
</displayBeforeCategory>
<displayInCategory>
<customDisplay/>
<disabled>0</disabled>
<hint/>
<name>displayInCategory</name>
<number>9</number>
<picker>0</picker>
<prettyName>displayInCategory</prettyName>
<size>30</size>
<unmodifiable>0</unmodifiable>
<validationMessage/>
<validationRegExp/>
<classType>com.xpn.xwiki.objects.classes.StringClass</classType>
</displayInCategory>
<displayInSection>
<customDisplay/>
<disabled>0</disabled>
<hint/>
<name>displayInSection</name>
<number>1</number>
<picker>0</picker>
<prettyName>displayInSection</prettyName>
<size>30</size>
<unmodifiable>0</unmodifiable>
<validationMessage/>
<validationRegExp/>
<classType>com.xpn.xwiki.objects.classes.StringClass</classType>
</displayInSection>
<heading>
<customDisplay/>
<disabled>0</disabled>
<hint/>
<name>heading</name>
<number>2</number>
<picker>0</picker>
<prettyName>heading</prettyName>
<size>30</size>
<unmodifiable>0</unmodifiable>
<validationMessage/>
<validationRegExp/>
<classType>com.xpn.xwiki.objects.classes.StringClass</classType>
</heading>
<iconAttachment>
<customDisplay/>
<disabled>0</disabled>
<hint/>
<name>iconAttachment</name>
<number>8</number>
<picker>0</picker>
<prettyName>iconAttachment</prettyName>
<size>30</size>
<unmodifiable>0</unmodifiable>
<validationMessage/>
<validationRegExp/>
<classType>com.xpn.xwiki.objects.classes.StringClass</classType>
</iconAttachment>
<linkPrefix>
<customDisplay/>
<disabled>0</disabled>
<hint/>
<name>linkPrefix</name>
<number>5</number>
<picker>0</picker>
<prettyName>linkPrefix</prettyName>
<size>30</size>
<unmodifiable>0</unmodifiable>
<validationMessage/>
<validationRegExp/>
<classType>com.xpn.xwiki.objects.classes.StringClass</classType>
</linkPrefix>
<propertiesToShow>
<cache>0</cache>
<customDisplay/>
<defaultValue/>
<disabled>0</disabled>
<displayType>input</displayType>
<freeText/>
<hint/>
<largeStorage>0</largeStorage>
<multiSelect>1</multiSelect>
<name>propertiesToShow</name>
<number>6</number>
<picker>0</picker>
<prettyName>propertiesToShow</prettyName>
<relationalStorage>1</relationalStorage>
<separator> </separator>
<separators> ,|</separators>
<size>20</size>
<sort>none</sort>
<unmodifiable>0</unmodifiable>
<validationMessage/>
<validationRegExp/>
<values/>
<classType>com.xpn.xwiki.objects.classes.StaticListClass</classType>
</propertiesToShow>
<sectionOrder>
<customDisplay/>
<disabled>0</disabled>
<hint/>
<name>sectionOrder</name>
<number>12</number>
<numberType>integer</numberType>
<prettyName>sectionOrder</prettyName>
<size>30</size>
<unmodifiable>0</unmodifiable>
<validationMessage/>
<validationRegExp/>
<classType>com.xpn.xwiki.objects.classes.NumberClass</classType>
</sectionOrder>
</class>
<property>
<categoryIcon/>
</property>
<property>
<codeToExecute>{{include reference="XWiki.AdminExtensionRightsSheet" /}}</codeToExecute>
</property>
<property>
<configurationClass/>
</property>
<property>
<configureGlobally>1</configureGlobally>
</property>
<property>
<displayBeforeCategory/>
</property>
<property>
<displayInCategory>usersgroups</displayInCategory>
</property>
<property>
<displayInSection>usersgroups.extensionrights</displayInSection>
</property>
<property>
<heading/>
</property>
<property>
<iconAttachment/>
</property>
<property>
<linkPrefix/>
</property>
<property>
<propertiesToShow/>
</property>
<property>
<sectionOrder>375</sectionOrder>
</property>
</object>
</xwikidoc>
1 change: 1 addition & 0 deletions ...istration/xwiki-platform-administration-ui/src/main/resources/XWiki/AdminTranslations.xml
View file
Expand Up @@ -140,6 +140,7 @@ administration.section.users.deleteUser.newAuthor.hint=Select an user that has {
administration.section.users.deleteUser.newAuthor.error=The selected user doesn''t have {0} rights!
administration.section.users.deleteUser.newAuthor.programming=programming
administration.section.users.deleteUser.newAuthor.script=script
admin.usersgroups.extensionrights=Extension Rights

# Other Category
admin.other=Other
Expand Down
37 changes: 27 additions & 10 deletions ...mingo-skin/xwiki-platform-flamingo-skin-resources/src/main/resources/flamingo/rightsUI.vm
View file
Expand Up @@ -40,23 +40,37 @@ $xwiki.ssfx.use('js/xwiki/usersandgroups/usersandgroups.css', true)
$xwiki.jsfx.use('js/xwiki/table/livetable.js', true)
$xwiki.ssfx.use('js/xwiki/table/livetable.css', true)
## for admin, register, programming and createwiki, allow preceedes over deny
#if("$!request.section"=='wikis.rights')
#set ($standardRights = ['view', 'comment', 'edit', 'script', 'delete', 'admin', 'register', 'programming', 'login',
'createwiki'])
#set ($sectionWikiRights = 'wikis.rights')
#set ($sectionExtensionRights = 'usersgroups.extensionrights')
#set ($isStandardRights = false)
#if("$!request.section"==$sectionWikiRights)
#set ($rightsLevels = {'createwiki': 0})
#set ($allowWins = [0])
## This should be changed in the future to include dynamically registered rights.
#elseif ($services.security.authorization.isRightRegistered('like'))
#set ($rightsLevels = {'view': 0, 'like': 1, 'comment': 2, 'edit': 3, 'script': 4, 'delete': 5, 'admin': 6, 'register': 7, 'programming': 8})
#set ($allowWins = [5, 6, 7])
#elseif ("$!request.section"==$sectionExtensionRights)
#set ($allRights = $services.security.authorization.allRightsNames)
#set ($rightsLevels = {})
#set ($allowWins = [])
#set ($index = 0)
#foreach ($right in $allRights)
#if (!$standardRights.contains($right))
#set ($discard = $rightsLevels.put($right, $index))
#set ($discard = $allowWins.add($index))
#set ($index = $index + 1)
#end
#end
#else
#set ($rightsLevels = {'view': 0, 'comment': 1, 'edit': 2, 'script': 3, 'delete': 4, 'admin': 5, 'register': 6, 'programming': 7})
#set ($allowWins = [5, 6, 7])
#set ($isStandardRights = true)
#end
#set ($levelsRights = {})
#foreach ($r in $rightsLevels.keySet())
#set ($discard = $levelsRights.put($rightsLevels.get($r), $r))
#end
#set ($maxlevel = $rightsLevels.get('delete')) ## Default: view, comment, edit, script, delete
#if("$!request.section"=='wikis.rights')
#if("$!request.section"==$sectionWikiRights)
#set ($maxlevel = $rightsLevels.get('createwiki'))
#set ($clsname = 'XWiki.XWikiGlobalRights')
#else
Expand All @@ -82,7 +96,9 @@ $xwiki.ssfx.use('js/xwiki/table/livetable.css', true)
#set ($clsname = 'XWiki.XWikiRights')
#end
#end

#if ("$!request.section"==$sectionExtensionRights)
#set ($maxlevel = $index - 1)
#end
## Get rights allowed for the current user
#set ($currentAllowed = {})
#foreach ($i in [0..$maxlevel])
Expand Down Expand Up @@ -235,7 +251,8 @@ $xwiki.ssfx.use('js/xwiki/table/livetable.css', true)
</table>
## Global settings: mandatory authentication for view/edit, captcha
#set ($guest_comment_captcha_prop = $targetDocument.getObject('XWiki.XWikiPreferences').getxWikiClass().get('guest_comment_requires_captcha'))
#if (("$!request.editor" == 'globaladmin' || "$!editor" == 'globaladmin' || $guest_comment_captcha_prop) && $request.section != 'wikis.rights')
#if (("$!request.editor" == 'globaladmin' || "$!editor" == 'globaladmin' || $guest_comment_captcha_prop)
&& $isStandardRights)
<dl class="rights-settings">
#if ("$!request.editor" == 'globaladmin' || "$!editor" == 'globaladmin')
#set ($auth_view = $targetDocument.getObject('XWiki.XWikiPreferences').getProperty('authenticate_view').getValue())
Expand Down Expand Up @@ -342,11 +359,11 @@ $xwiki.ssfx.use('js/xwiki/table/livetable.css', true)
$('unregistered').removeClassName('hidden');
}
});
#if("$!editor" == 'globaladmin' && $request.section != 'wikis.rights')
#if("$!editor" == 'globaladmin' && $isStandardRights)
Event.observe($('authenticate_view'), 'click', setBooleanPropertyFromLiveCheckbox($('authenticate_view'), '$xwiki.getURL('XWiki.XWikiPreferences', 'save', "form_token=$!{services.csrf.getToken()}")', 'XWiki.XWikiPreferences', 0));
Event.observe($('authenticate_edit'), 'click', setBooleanPropertyFromLiveCheckbox($('authenticate_edit'), '$xwiki.getURL('XWiki.XWikiPreferences', 'save', "form_token=$!{services.csrf.getToken()}")', 'XWiki.XWikiPreferences', 0));
#end
#if($guest_comment_captcha_prop && $request.section != 'wikis.rights')
#if($guest_comment_captcha_prop && $isStandardRights)
Event.observe($('guest_comment_requires_captcha'), 'click', setBooleanPropertyFromLiveCheckbox($('guest_comment_requires_captcha'), '$targetDocument.getURL('save', "form_token=$!{services.csrf.getToken()}")', 'XWiki.XWikiPreferences', 0));
#end
return true;
Expand Down

0 comments on commit f5ba791

Please sign in to comment.