Modifications pour le document Sections des configurations personnalisables

Modifié par Florent Charton le 2025/08/19 15:15

Gérer
- Copier
Actions
- Exporter
- Aperçu avant impression
Affichage

From 3.1 to 4.1

Depuis la version 1.1

modifié par superadmin
sur 2022/06/20 08:48

Commentaire de modification : Install extension [org.xwiki.platform:xwiki-platform-administration-ui/13.10.6]

À la version 3.1

modifié par Florent Charton
sur 2025/07/04 23:28

Commentaire de modification : Install extension [org.xwiki.platform:xwiki-platform-administration-ui/16.10.9]

Source
Rendu

Résumé

Propriétés de la Page (3 modifications, 0 ajouts, 0 suppressions)

Détails

Propriétés de la Page

Auteur du document

@@ -1,1 +1,1 @@
--XWiki.superadmin
++xwiki:XWiki.fcharton

Syntaxe

@@ -1,1 +1,1 @@
--XWiki 2.0
++XWiki 2.1

Contenu

@@ -69,7 +69,8 @@
    #foreach($appName in $outputList)
      ##
      ## Make sure the current user has permission to edit the configurable application.
--    #set($userHasAccessToDocument = $xcontext.hasAccessLevel('edit', $appName))
++    ## Unless we are in the page administration which is never about modifying the application configuration page
++    #set($userHasAccessToDocument = $level == '.page' || $xcontext.hasAccessLevel('edit', $appName))
      ##
      ## If the document was not last saved by a user with edit privilege on this page
      ## then we can't safely display the page but we should warn the viewer.
@@ -123,6 +123,9 @@
              {{warning}}{{translation key="xe.admin.configurable.cannotLockNoJavascript"/}}{{/warning}}
            </noscript>
++        {{/html}}
++
++        {{html clean=false}}
            <script>
              document.observe("xwiki:dom:loaded", function() {
                XWiki.DocumentLock && new XWiki.DocumentLock('$escapetool.javascript($app.prefixedFullName)').lock();
@@ -146,7 +146,8 @@
          ## Internal error, not translated.
          #showHeading($appName, $headingShowing)
--        {{error}}Internal error: All objects were filtered out for application: $appName.{{/error}}
++        {{error}}Internal error: All objects were filtered out for application:
++        $services.rendering.escape($appName, 'xwiki/2.1').{{/error}}
        #else
          #set($formAction = $xwiki.getURL($app.getFullName(), 'save'))
@@ -153,26 +153,23 @@
          #set($formId = "${section.toLowerCase()}_${app.getFullName()}")
          #set($escapedAppName = $escapetool.xml($app.getFullName()))
          #foreach($configurableObj in $configurableObjs)
--          ## Execute the content code if any
--          ## FIXME: we have to do that before the title before of the dropPermissions
--          #set($codeToExecute = "$!app.getValue('codeToExecute', $configurableObj)")
--          #if($codeToExecute != '')
--            #set($codeToExecuteResult = $configurableObj.display('codeToExecute', 'view', false))
++          #set ($heading = $app.getValue('heading', $configurableObj))
++          #set ($codeToExecute = "$!app.getValue('codeToExecute', $configurableObj)")
++          ## If linkPrefix is set, then we will make each property label a link which starts with that prefix.
++          #set ($linkPrefix = "$!app.getValue('linkPrefix', $configurableObj)")
++          #if (!$app.restricted)
++            #set ($evaluatedConfigurableObj = $configurableObj.evaluate())
++            #set ($heading = $evaluatedConfigurableObj.heading)
++            #set ($linkPrefix = $evaluatedConfigurableObj.linkPrefix)
            #end
            ## Display the header if one exists.
--          #set($heading = $app.getValue('heading', $configurableObj))
            #if($heading && $heading != '')
--            ## This application should not run with programming rights because it evaluates code which may not be trustworthy.
--            ## Removing the next line will open a security hole.
--            ## Can't use $configurableObj.display('heading', 'view', false) to have proper heading id (because of the html macro)
--            ## FIXME: find a cleaner solution
--            #set($void = $doc.dropPermissions())
--            == #evaluate($heading) ==
++            == $services.rendering.escape($heading, 'xwiki/2.1') ==
            #end
            ## Display code to execute
--          #if($codeToExecute != '')
++          #if ($codeToExecute != '')
              (%class="codeToExecute"%)(((##
--              $codeToExecuteResult
++              $configurableObj.display('codeToExecute', 'view', false)
              )))
            #end
            ##
@@ -182,9 +182,6 @@
              #set($propertiesToShow = [])
            #end
            ##
--          ## If linkPrefix is set, then we will make each property label a link which starts with that prefix.
--          #set($linkPrefix = "$!app.getValue('linkPrefix', $configurableObj)")
--          ##
            ## If the Configurable object specifies a configuration class, use it,
            ## otherwise assume custom forms are used instead.
            #set($configClassName = "$!app.getValue('configurationClass', $configurableObj)")
@@ -203,7 +203,12 @@
                  #showHeading($appName, $headingShowing)
                  {{error}}
--                  {{translation key="xe.admin.configurable.noObjectOfConfigurationClassFound" parameters="$objClass.getName(), $app.getFullName()"/}}
++                  #set($escapedObjClassName =
++                    $services.rendering.escape($escapetool.java($objClass.getName()), 'xwiki/2.1'))
++                  #set($translationEscapedAppName =
++                    $services.rendering.escape($escapetool.java($app.getFullName()), 'xwiki/2.1'))
++                  {{translation key="xe.admin.configurable.noObjectOfConfigurationClassFound"
++                    parameters="~"$escapedObjClassName~", ~"$translationEscapedAppName~""/}}
                  {{/error}}
                #else
@@ -354,7 +354,7 @@
    #if($globaladmin)
      #set($queryString = "editor=globaladmin&amp;section=")
    #else
--    #set($queryString = "space=${currentSpace}&amp;section=")
++    #set($queryString = "space=$escapetool.url($currentSpace)&amp;section=")
      #if($request.getParameter('editor'))
        #set($queryString = "editor=$escapetool.url($request.getParameter('editor'))&amp;$queryString")
      #end
@@ -396,9 +396,9 @@
    ## Finally we display an error message if there are any applications which we were unable to view.
    #if($appsUserCannotView.size() > 0)
++    {{error}}$services.localization.render('xe.admin.configurable.noViewAccessSomeApplications',
++      'xwiki/2.1', [$appsUserCannotView]){{/error}}
--    {{error}}$services.localization.render('xe.admin.configurable.noViewAccessSomeApplications', [$appsUserCannotView]){{/error}}
--
    #end
  #end## If we should be looking at the main administration page.
  {{/velocity}}