OpenWGA 7.0 - Updating to OpenWGA 7.0

Updating from OpenWGA 6.0 » To consider before updating » Changed behaviour

Changed behaviour of ACL privilege "May access this application directly"

This is a privilege flag on ACL entries of OpenWGA web applications. 

It is used to prevent users from directly accessing resources of the application while it should still be possible to read the applications content data when served via other applications. In that case the privilege, which is enabled by default, had to be removed from the ACL entry.

Up until OpenWGA 6.0 this also prevented users without this flag from reading any file attachment data from content documents or file containers als well as using published CSS/JS script modules. This however proved to be a problem because those resources are always served via separate URLs. So preventing direct access in that case meant preventing access completely.

In OpenwGA 7.0 on the behaviour of this privilege changes in that users without it now are still allowed to retrieve file attachments and CSS/JS scripts via URL directly. The name of the privilege has changed to "Use application directly", to reflect that changed behaviour. It still prevents from using the WebTML interface of the application, but it does no longer exclusively prevent direct access to the applications content resources.

Other interfaces which are influenced by this privilege keep their known behaviour.