mflorea
commented
1 year ago For the modal of a macro to appear and call the displayer for a specific macro parameter, the user needs to be in edit mode and thus have the edit right over the current document. Given this, another call to check if the user has edit right is not necessary.
The macro wizard can be used outside edit mode when the WYSIWYG editor is used to add / edit comments. You can comment to a wiki page without having edit right to that page, but you can upload a file to that wiki page only if you have edit right. This means you do need to check for edit rights, but for the source document which should be included in the editor parameters (available in edit.vm). For instance TextArea properties have it set from https://github.com/xwiki/xwiki-platform/blob/master/xwiki-platform-core/xwiki-platform-oldcore/src/main/java/com/xpn/xwiki/objects/classes/TextAreaClass.java#L397 . If it's not set you can assume it's the current document.
trrenty
The
edit.vmfile linked to the attachment macro parameter determines whether the user had the right to upload a file or not by calling:$services.security.authorization.hasAccess('edit'). This call checks if the current user has theeditright overCKEditor.MacroServicedocument, rather than the document that he is currently editing. The default setting for a freshly installed XWiki, is thatXWikiAllGrouphas edit rights globally. In this issue, that right was revoked and thus, the aforementioned check would returnfalsebecause, indeed, the user does not have the edit right overCKEditor.MacroServiceanymore.The fix is to replace the line in edit.vm from this:
to this:
For the modal of a macro to appear and call the displayer for a specific macro parameter, the user needs to be in edit mode and thus have the edit right over the current document. Given this, another call to check if the user has edit right is not necessary.