On Thu, Feb 23, 2012 at 16:18, Vincent Massol <vincent(a)massol.net> wrote:
On Feb 23, 2012, at 4:02 PM, Thomas Mortagne wrote:
Right now on an empty wiki you have all the
rights except "delete"
(and register).
So this means that you have "admin" right but you don't have
"delete"
rights...
This does not make much sense and I anyway I don't see why delete has
this special rule.
Any idea ?
Because defaulting allow for delete on the initial template of XE will
allow anyone to delete anything.
We had never set right on delete explicitly.
Here is my +1 to remove the special handling of "delete" default right.
-1 to change that since it will open hole in many existing wikis.
I don't know if there was any good reason but I
can't see it.
There is probably no good reason before it was implemented this way.
So +1 to have delete rights in an empty wiki when not
logged in.
I've created
http://jira.xwiki.org/jira/browse/XWIKI-7581
+0 for this, simply because it would be difficult and tricky to do in the
current implementation.
After we agree on merging the new experimental security module and I got
some time to document it, I will surely open a discussion on how to evolve
the security rights, and why the empty wiki state cause other not so
pleasant issue. It is to early for now.
Thanks
-Vincent
_______________________________________________
devs mailing list
devs(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/devs
--
Denis Gervalle
SOFTEC sa - CEO
eGuilde sarl - CTO