On Feb 23, 2012, at 4:46 PM, Denis Gervalle wrote:
On Thu, Feb 23, 2012 at 16:18, Vincent Massol <[email protected]> wrote:
On Feb 23, 2012, at 4:02 PM, Thomas Mortagne wrote:
Right now on an empty wiki you have all the rights except "delete" (and register).
So this means that you have "admin" right but you don't have "delete" rights...
This does not make much sense and I anyway I don't see why delete has this special rule.
Any idea ?
Because defaulting allow for delete on the initial template of XE will allow anyone to delete anything. We had never set right on delete explicitly.
Here is my +1 to remove the special handling of "delete" default right.
-1 to change that since it will open hole in many existing wikis.
Can you explain that? The guest user has admin permissions so I don't see what could be worse than that. Am I missing something? Thanks -Vincent
I don't know if there was any good reason but I can't see it.
There is probably no good reason before it was implemented this way.
So +1 to have delete rights in an empty wiki when not logged in.
I've created http://jira.xwiki.org/jira/browse/XWIKI-7581
+0 for this, simply because it would be difficult and tricky to do in the current implementation. After we agree on merging the new experimental security module and I got some time to document it, I will surely open a discussion on how to evolve the security rights, and why the empty wiki state cause other not so pleasant issue. It is to early for now.
Thanks -Vincent
_______________________________________________ devs mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/devs
-- Denis Gervalle SOFTEC sa - CEO eGuilde sarl - CTO _______________________________________________ devs mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/devs