From 00b8e3f97714bc69e576b3f989ff6a5534b0aad1 Mon Sep 17 00:00:00 2001
From: Eduard Moraru <Enygma2002@gmail.com>
Date: Fri, 10 Jul 2015 20:05:35 +0300
Subject: [PATCH] XWIKI-12171: Add a script right to manage script macro
 execution permissions - Checking script rights on the content author of the
 document where the title comes from instead of the current security document.

---
 .../display/internal/AbstractDocumentTitleDisplayer.java | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/xwiki-platform-core/xwiki-platform-display/xwiki-platform-display-api/src/main/java/org/xwiki/display/internal/AbstractDocumentTitleDisplayer.java b/xwiki-platform-core/xwiki-platform-display/xwiki-platform-display-api/src/main/java/org/xwiki/display/internal/AbstractDocumentTitleDisplayer.java
index 3c392a55838..2034c0abc24 100644
--- a/xwiki-platform-core/xwiki-platform-display/xwiki-platform-display-api/src/main/java/org/xwiki/display/internal/AbstractDocumentTitleDisplayer.java
+++ b/xwiki-platform-core/xwiki-platform-display/xwiki-platform-display-api/src/main/java/org/xwiki/display/internal/AbstractDocumentTitleDisplayer.java
@@ -42,7 +42,7 @@
 import org.xwiki.rendering.parser.ParseException;
 import org.xwiki.rendering.parser.Parser;
 import org.xwiki.rendering.util.ParserUtils;
-import org.xwiki.security.authorization.ContextualAuthorizationManager;
+import org.xwiki.security.authorization.AuthorizationManager;
 import org.xwiki.security.authorization.Right;
 import org.xwiki.velocity.VelocityEngine;
 import org.xwiki.velocity.VelocityManager;
@@ -107,11 +107,11 @@ public abstract class AbstractDocumentTitleDisplayer implements DocumentDisplaye
     private ConfigurationSource xwikicfg;
 
     @Inject
-    private ContextualAuthorizationManager authorizationManager;
+    private AuthorizationManager authorizationManager;
 
     /**
      * Used to get the default document reference, which normally is used to represent the home page of a space.
-     * 
+     *
      * @see #getStaticTitle(DocumentModelBridge)
      */
     @Inject
@@ -156,7 +156,8 @@ private XDOM displayTitle(DocumentModelBridge document, DocumentDisplayerParamet
             try {
                 String title = rawTitle;
                 // Evaluate the title only if the document has script rights, otherwise use the raw title.
-                if (authorizationManager.hasAccess(Right.SCRIPT)) {
+                if (authorizationManager.hasAccess(Right.SCRIPT, document.getContentAuthorReference(),
+                    document.getDocumentReference())) {
                     title = evaluateTitle(rawTitle, document.getDocumentReference(), parameters);
                 }
                 return parseTitle(title);
-- 
GitLab