Required rights of a page
When a page contains a script macro, is a UI extension, or contains something else that needs rights to be executed/active, we say that a page requires these rights. In XWiki, to check if some script can be executed or a page can be a UI extension, the rights of the last content or effective metadata author of a page are checked. The content author is used for scripts in the content and page title, the effective metadata author is used for XObjects and their content. This has three important implications:
- When a page is edited, new scripts might be executed when the new author has more rights than the previous authors, or scripts might break when the new author is missing a right that is required by the page. XWiki executes required rights checks before a page is edited to warn users about these consequences.
- When the rights of a user are changed, pages might gain or lose rights.
- When a user is deleted, pages might lose rights. The administration application allows replacing the author when deleting a user who had script, admin, or programming right to avoid this.
XWiki 17.4.0+
You can specify and enforce the required rights of a page. This makes it more obvious which rights are required and ensures that a page has those rights and not more rights by:
- Denying edit right to users who don't have the required right(s), thereby preventing users from breaking the page.
- Denying script, wiki admin, or programming right when it is not explicitly granted. This avoids that when users with more rights edit a page they grant rights to content they didn't want to grant, and it can also avoid the exploitation of some security vulnerabilities.
Additionally, this makes it easier to find pages who got broken by changing rights or deleting a user.
Seeing the configured required rights
You can see if required rights are enforced, and which rights are configured to be enforced, in the information tab or viewer that is accessible at the bottom of the page or via the document menu.
The information tab with required rights not being enforced
The required rights in the information tab with script right enforced
Enabling the enforcing of required rights
Any user with edit right on a page who is either advanced or has script right can enable required rights. These users see a "Review required rights" button that opens a modal.
The information tab showing the message that invites the user to enforce required rights and the "Review required rights" button.
This modal offers two selections:
- If required rights shall be enforced
The required rights modal with required rights not enforced. - When required rights are enforced, which right shall be enforced.
The required rights modal with the selection which right shall be enforced.
To provide some guidance which rights a page needs, an analysis of the page and all its translations is performed. This analysis scans the page for any macros or objects that might require a right. In some cases, this analysis can only say that a right might be required but not definitely determine if it is actually required. An example for this is the Velocity macro which definitely requires script right but the code in it might require programming right. The results of this analysis are presented in two ways:
- A visual and textual indication of the highest right that is definitely required and any rights above it that might be required. This provides a quick guidance if a page requires any rights, and if yes, which rights.
Required rights recommendations in the modal. - Expandable analysis details at the bottom of the dialog that allow reviewing all elements on the page that might require a right. This includes all scripts that could be executed to provide a way to review their content for security and to determine the actually required rights in unclear cases like script vs. programming right for the Velocity macro.
Partially expanded required rights analysis details that show the content of a script macro as an example.
After saving the required rights, the content and WYSIWYG editor, when open, are reloaded automatically to reflect the enforced rights.
Changing the enforced required rights
When required rights are enforced, it might be necessary to update the enforced rights after the content of a page has been updated. This can be to add additional rights that the new content requires, or to remove rights that are no longer required such that users without these rights can edit the page again.
As the page might be seriously broken when a right is missing, a warning is displayed above the page when the required rights analysis determines that a right is definitely missing. This warning is only displayed for users who have the missing right.
The warning displayed above a document that is missing required rights (and thus Velocity macros and the title aren't executed).
In the page information, a message is displayed about suggested operations for any user who has the right to perform that operation. There are four possibilities for which appropriate messages are displayed:
- A right is definitely missing, this is the case where also the warning is displayed above the content.
- A right might be missing, for example a Velocity macro that has script right might be missing programming right.
- A right might not be needed, for example a Velocity macro that has programming right might not need it.
- A right is definitely not needed. For example, when the only required right was script right for a script macro, after removing that script macro, script is definitely not needed anymore.
The page information that informs about a right that might be missing.
As in all cases at least script is required to perform such an operation (otherwise, the user would either not have edit right when script right is currently required, or the user needs script right to enforce script right), regular users without script won't see these messages.
In all cases, the modal described in the previous section can be used to review and update the required rights.
