23 Feb
2012
23 Feb
'12
4:49 p.m.
On Feb 23, 2012, at 4:46 PM, Denis Gervalle wrote:
On Thu, Feb 23, 2012 at 16:18, Vincent Massol
<vincent(a)massol.net> wrote:
-1 to change that since it will open hole in many existing wikis.
Can you explain that?
The guest user has admin permissions so I don't see what could be worse than that.
Am I missing something?
Thanks
-Vincent
On Feb 23, 2012, at 4:02 PM, Thomas Mortagne wrote:
Because defaulting allow for delete on the initial template of XE will
allow anyone to delete anything.
We had never set right on delete explicitly.
Right now on an empty wiki you have all the
rights except "delete"
(and register).
So this means that you have "admin" right but you don't have
"delete"
rights...
This does not make much sense and I anyway I don't see why delete has
this special rule.
Any idea ?
Here is my +1 to remove the special handling of "delete" default right.
I don't
know if there was any good reason but I can't see it.
There is probably no good reason before it was implemented this way.
So +1 to have delete rights in an empty wiki when
not logged in.
I've created http://jira.xwiki.org/jira/browse/XWIKI-7581
+0 for this, simply because it would be difficult and tricky to do in the
current implementation.
After we agree on merging the new experimental security module and I got
some time to document it, I will surely open a discussion on how to evolve
the security rights, and why the empty wiki state cause other not so
pleasant issue. It is to early for now.
Thanks
-Vincent
_______________________________________________
devs mailing list
devs(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/devs
--
Denis Gervalle
SOFTEC sa - CEO
eGuilde sarl - CTO
_______________________________________________
devs mailing list
devs(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/devs