History | Log In     View a printable version of the current page.  
   HOME       BROWSE PROJECT       FIND ISSUES   
    QUICK SEARCH:  
Issue Details (XML | Word | Printable)

Key: SCAFF-196
Type: Improvement Improvement
Status: Closed Closed
Resolution: Fixed
Priority: Major Major
Assignee: David Peterson
Reporter: Bob Swift
Votes: 0
Watchers: 0
Operations

If you were logged in you would be able to see more operations.
Confluence Extension: Scaffolding Plugin

Provide macros the ability to determine if their rendering is part of a live-template

Created: 13/Feb/08 03:27 AM   Updated: 20/Mar/08 05:34 PM
Component/s: {live-template}
Affects Version/s: None
Fix Version/s: 2.7-dr9

Time Tracking:
Not Specified


 Description  « Hide
The use case is:
  1. Admin or space admin puts a security restricted macro (like sql macro for instance) is part of a live template.
  2. User of live-template cannot render the restricted macro on the page using the live-template unless the page has an appropriate edit page restriction
  3. User is unlikely to have the right permission to run an arbitrary instance of the macro
  4. Admin should be able to allow the macro to be executed anyway, since the admin is in control of the content and usage of the macro

Once this change is made, the corresponding change will need to be made to the macro security code to recognize this circumstance and act appropriately.



 All   Comments   Work Log   Change History      Sort Order: Ascending order - Click to sort in descending order
[ Permlink | « Hide ]
Bob Swift - 13/Feb/08 03:29 AM
Here is an excerpt of the dialog we had on the topic:
(8:55:16 PM) David Peterson: "net.customware.confluence.scaffolding.live-template" will be either null or a Stack containing a string, either "space" or "global".
(8:55:22 PM) David Peterson: Yes.
(8:56:00 PM) David Peterson: Containing one or more strings, rather.
(8:56:20 PM) David Peterson: The top item on the stack will be the most recent template type to be executed.
(8:56:36 PM) Bob@home: ok, get the stack and check if not null, then check (perhaps) that they are all global if only global are allowed
(8:56:57 PM) David Peterson: Right
(8:57:08 PM) David Peterson: Although you may only want to check that the top-level one is global.
(8:57:12 PM) David Peterson: Depends on your paranoia.
(8:57:18 PM) Bob@home: hmm... in fact would just have to check the last one on stack
(8:57:21 PM) David Peterson: Yes
(8:57:24 PM) Bob@home: ok, agree
(8:57:30 PM) David Peterson: The only reason it's a stack is for technical reasons
(8:58:22 PM) Bob@home: I think that would work fine.

[ Permlink | « Hide ]
David Peterson - 01/Mar/08 12:40 PM
To confirm, checking if the current code is being executed by a live-template macro, check if the following value is not null:

HttpServletRequest.getAttribute( "net.customware.confluence.scaffold.live-template" )

It will be a Stack of words which are either "space" or "global" depending on the type of template being executed. Generally, security macros will only be interested in the top entry.


[ Permlink | « Hide ]
Bob Swift - 20/Mar/08 02:16 PM
I guess I don't have authority to close this item - so here is an update. Things seem to be working fine . I am supporting both global and space templates. We are running dr9 in our production environment with the corresponding macro security change (beta). Will take it out of beta and release it soon based on our testing. Thanks for doing this so quickly.


Powered by Atlassian JIRA the Professional Issue Tracker. (Professional Edition, Version: 3.12.3-#302) - Bug/feature request - Atlassian news - Contact Administrators