Aller au contenu

Modifications pour le document Sections des configurations personnalisables

Modifié par Florent Charton le 2025/08/19 15:15
Depuis la version 3.1
modifié par Florent Charton
sur 2025/07/04 23:28
Commentaire de modification : Install extension [org.xwiki.platform:xwiki-platform-administration-ui/16.10.9]
À la version 1.1
modifié par superadmin
sur 2022/06/20 08:48
Commentaire de modification : Install extension [org.xwiki.platform:xwiki-platform-administration-ui/13.10.6]

Résumé

Détails

Propriétés de la Page
Auteur du document
... ... @@ -1,1 +1,1 @@
1 -xwiki:XWiki.fcharton
1 +XWiki.superadmin
Syntaxe
... ... @@ -1,1 +1,1 @@
1 -XWiki 2.1
1 +XWiki 2.0
Contenu
... ... @@ -69,8 +69,7 @@
69 69   #foreach($appName in $outputList)
70 70   ##
71 71   ## Make sure the current user has permission to edit the configurable application.
72 - ## Unless we are in the page administration which is never about modifying the application configuration page
73 - #set($userHasAccessToDocument = $level == '.page' || $xcontext.hasAccessLevel('edit', $appName))
72 + #set($userHasAccessToDocument = $xcontext.hasAccessLevel('edit', $appName))
74 74   ##
75 75   ## If the document was not last saved by a user with edit privilege on this page
76 76   ## then we can't safely display the page but we should warn the viewer.
... ... @@ -124,9 +124,6 @@
124 124   {{warning}}{{translation key="xe.admin.configurable.cannotLockNoJavascript"/}}{{/warning}}
125 125  
126 126   </noscript>
127 - {{/html}}
128 -
129 - {{html clean=false}}
130 130   <script>
131 131   document.observe("xwiki:dom:loaded", function() {
132 132   XWiki.DocumentLock && new XWiki.DocumentLock('$escapetool.javascript($app.prefixedFullName)').lock();
... ... @@ -150,8 +150,7 @@
150 150   ## Internal error, not translated.
151 151   #showHeading($appName, $headingShowing)
152 152  
153 - {{error}}Internal error: All objects were filtered out for application:
154 - $services.rendering.escape($appName, 'xwiki/2.1').{{/error}}
149 + {{error}}Internal error: All objects were filtered out for application: $appName.{{/error}}
155 155  
156 156   #else
157 157   #set($formAction = $xwiki.getURL($app.getFullName(), 'save'))
... ... @@ -158,23 +158,26 @@
158 158   #set($formId = "${section.toLowerCase()}_${app.getFullName()}")
159 159   #set($escapedAppName = $escapetool.xml($app.getFullName()))
160 160   #foreach($configurableObj in $configurableObjs)
161 - #set ($heading = $app.getValue('heading', $configurableObj))
162 - #set ($codeToExecute = "$!app.getValue('codeToExecute', $configurableObj)")
163 - ## If linkPrefix is set, then we will make each property label a link which starts with that prefix.
164 - #set ($linkPrefix = "$!app.getValue('linkPrefix', $configurableObj)")
165 - #if (!$app.restricted)
166 - #set ($evaluatedConfigurableObj = $configurableObj.evaluate())
167 - #set ($heading = $evaluatedConfigurableObj.heading)
168 - #set ($linkPrefix = $evaluatedConfigurableObj.linkPrefix)
156 + ## Execute the content code if any
157 + ## FIXME: we have to do that before the title before of the dropPermissions
158 + #set($codeToExecute = "$!app.getValue('codeToExecute', $configurableObj)")
159 + #if($codeToExecute != '')
160 + #set($codeToExecuteResult = $configurableObj.display('codeToExecute', 'view', false))
169 169   #end
170 170   ## Display the header if one exists.
163 + #set($heading = $app.getValue('heading', $configurableObj))
171 171   #if($heading && $heading != '')
172 - == $services.rendering.escape($heading, 'xwiki/2.1') ==
165 + ## This application should not run with programming rights because it evaluates code which may not be trustworthy.
166 + ## Removing the next line will open a security hole.
167 + ## Can't use $configurableObj.display('heading', 'view', false) to have proper heading id (because of the html macro)
168 + ## FIXME: find a cleaner solution
169 + #set($void = $doc.dropPermissions())
170 + == #evaluate($heading) ==
173 173   #end
174 174   ## Display code to execute
175 - #if ($codeToExecute != '')
173 + #if($codeToExecute != '')
176 176   (%class="codeToExecute"%)(((##
177 - $configurableObj.display('codeToExecute', 'view', false)
175 + $codeToExecuteResult
178 178   )))
179 179   #end
180 180   ##
... ... @@ -184,6 +184,9 @@
184 184   #set($propertiesToShow = [])
185 185   #end
186 186   ##
185 + ## If linkPrefix is set, then we will make each property label a link which starts with that prefix.
186 + #set($linkPrefix = "$!app.getValue('linkPrefix', $configurableObj)")
187 + ##
187 187   ## If the Configurable object specifies a configuration class, use it,
188 188   ## otherwise assume custom forms are used instead.
189 189   #set($configClassName = "$!app.getValue('configurationClass', $configurableObj)")
... ... @@ -202,12 +202,7 @@
202 202   #showHeading($appName, $headingShowing)
203 203  
204 204   {{error}}
205 - #set($escapedObjClassName =
206 - $services.rendering.escape($escapetool.java($objClass.getName()), 'xwiki/2.1'))
207 - #set($translationEscapedAppName =
208 - $services.rendering.escape($escapetool.java($app.getFullName()), 'xwiki/2.1'))
209 - {{translation key="xe.admin.configurable.noObjectOfConfigurationClassFound"
210 - parameters="~"$escapedObjClassName~", ~"$translationEscapedAppName~""/}}
206 + {{translation key="xe.admin.configurable.noObjectOfConfigurationClassFound" parameters="$objClass.getName(), $app.getFullName()"/}}
211 211   {{/error}}
212 212  
213 213   #else
... ... @@ -358,7 +358,7 @@
358 358   #if($globaladmin)
359 359   #set($queryString = "editor=globaladmin&amp;section=")
360 360   #else
361 - #set($queryString = "space=$escapetool.url($currentSpace)&amp;section=")
357 + #set($queryString = "space=${currentSpace}&amp;section=")
362 362   #if($request.getParameter('editor'))
363 363   #set($queryString = "editor=$escapetool.url($request.getParameter('editor'))&amp;$queryString")
364 364   #end
... ... @@ -400,9 +400,9 @@
400 400  
401 401   ## Finally we display an error message if there are any applications which we were unable to view.
402 402   #if($appsUserCannotView.size() > 0)
403 - {{error}}$services.localization.render('xe.admin.configurable.noViewAccessSomeApplications',
404 - 'xwiki/2.1', [$appsUserCannotView]){{/error}}
405 405  
400 + {{error}}$services.localization.render('xe.admin.configurable.noViewAccessSomeApplications', [$appsUserCannotView]){{/error}}
401 +
406 406   #end
407 407  #end## If we should be looking at the main administration page.
408 408  {{/velocity}}