Tag Archives: javascript

Improving Confluence with Greasemonkey

Here at GetConnected we are using Confluence and Jira since some months and I must admit that I’m really satisfied of both these products. They helped me to easily keep track of the documentation and activities’ progress.

Before adopting Confluence I’ve tried several wikis – most of which opensource – but none really fit our need. These are some of the features of Confluence which I considered important and that other wikis didn’t have or supported only partially:

  1. Pages can be moved to other page, that is a page can abandon its parent page and become child of another page: damn, this is so useful, I don’t know how many times I change my mind about how to organize pages. I don’t really understand why so few wikis support this… This is a must have for me now.
  2. Renaming a page causes links to that page from other pages to be adjusted as well
  3. Minimalist and simple syntax, you can learn it in few minutes and you won’t use the WYSIWYG editor anymore (but will type faster).
  4. That said, the WYSIWYG editor just works: not everyone in a company likes to play with codes just to edit a page.
  5. Confluence has tons of plugins, you can surely find the one that fits your needs.
  6. You can write your own macros and page templates.

Coming back to the topic of this post, only one things disappointed me a bit until now: the navigation bar with the Edit and Add menus are only at the top of the page, if you’re reviewing a long page and want to edit it you need to go up to the top of the page. Of course this is not a big problem actually, but it’s worth the effort of spending some time trying to improve the usability.

So today I wrote my first Greasemonkey script. It took me only few minutes to quickly read a small tutorial and the hack was done.

Greasemonkey is a Firefox plugin that lets you execute custom Javascript code in order to change the appearance and functionality of a certain web page. Many plugins exist that change the overall aspect of GMail and Google, for instance, you can find them here: http://userscripts.org.

My script is very elementary, all it does is adding a new CSS rule that overrides the default settings thus making the navigation bar position fixed:

#navigation {
-moz-border-radius:5px;
background-color:#F1F1F1;
padding-bottom:10px;
padding-right:10px;
position:fixed;
right:15px;
}

The Javascript code could be writte on one single line without losing readability:

document.styleSheets[0].insertRule(
    '#navigation { ' +
    '-moz-border-radius:5px 5px 5px 5px; ' +
    'background-color:#F1F1F1; ' +
    'display:inline; ' +
    'padding-bottom:10px; ' +
    'padding-right:10px; ' +
    'position:fixed; ' +
    'right:15px; ' +
    ' }', 0);

This is how Confluence looks when you open a page:

Confluence-Greasemonkey script 1

How the navigation bar appears when the page is opened

And this is how it looks when you scroll the page down:

Confluence-Greasemonkey script 2

How the navigation bar appears when you scroll the page down

Greasemonkey scripts are distributed through the http://userscripts.org site. If you think that the script I wrote can be useful, install it and drop a line of comment.

Sudo like tool for Alfresco – security aspects

In my first post in this blog I proposed a way to execute some javascript code with the admin privileges within the Alfresco (web)scripts.
As Peter Monks pointed out in his comment, there’re some risks concerning security you’d better be aware of if you intend to use this extension in your projects.
As Peter suggested, if users can author their own scripts then they can potentially submit code that runs with administrator privileges, which is an obvious security flow.
Also, attention must be paid in case the eval statement is used within the sudo argument function: avoid this kind of practice if the eval argument itself depends on some webscript input parameter since this could potentially lead to code injection. So how to cope with these problems?
My solution is to create a “sudoers” group (as in the Unix OSs) so that only users that belong to this group can execute the sudo function. Here is how I would change the Sudo bean:

public class Sudo extends BaseScopableProcessorExtension {
    private AuthorityService authorityService;

    public void sudo(final Function func) throws Exception  {
        final Context cx = Context.getCurrentContext();
        final Scriptable scope = getScope();
        String user = AuthenticationUtil.getRunAsUser();

        Set<String> groups = authorityService.getContainingAuthorities(AuthorityType.GROUP, user, false);
        if (!groups.contains("GROUP_SUDOERS"))
            throw new Exception("User '" + user + "' cannot use sudo");

        RunAsWork<Object> raw = new RunAsWork<Object>() {
            public Object doWork() throws Exception {
                func.call(cx, scope, scope, new Object[] {});
                return null;
            }
        };

        AuthenticationUtil.runAs(raw, AuthenticationUtil.getAdminUserName());
    }
}

We used the authorityService service to get the set of groups the current user belongs to and then we checked that the SUDOERS group is one of those. If you use this version of the Sudo bean, remember to update the Spring bean definition (file sudo-script-services-context.xml):

<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'>
<beans>
    <bean id="Sudo" parent="baseJavaScriptExtension" class="eu.fabiostrozzi.sudo.ws.js.Sudo">
        <property name="extensionName">
            <value>sudoUtils</value>
        </property>
       <property name="authorityService">
             <ref bean="AuthorityService" />
       </property>
    </bean>
</beans>

This is by no means a fully fledged solution but surely reduces risks if, for instance, users that can author scripts are not added to the SUDOERS group.

Sudo like tool for Alfresco webscripts

This year we at GetConnected worked a lot on integration solutions based on Alfresco. Integrating customers’ softwares with Alfresco means, first of all, facingĀ  with different permissions models: the Alfresco’s one and that of the external software. Most of the times they differ and it couldn’t be otherwise: althought Alfresco is an extendable, general purpose product, external softwares target specific problem and have ad-hoc solutions. Continue reading “Sudo like tool for Alfresco webscripts” »