On 06/09/2010 12:24 PM, Ecaterina Valica wrote:
> Another question is why this has been done in the
first place? Can
someone
give a
valid use case when this is more productive than other ways.
I really do not know, and I am curious as well.
It was done because the deny right is stronger than the allow right. How
can I say that for space X only group A has view right, and nobody else?
Attempt 1. Deny to Guest and All, allow to A. Oups, doesn't work, since
everybody in A is also in All, and deny is stronger, so everyone is
denied...
IMO, RegisteredUsers is a special case. Imagine RegisteredUsers as a Wiki,
and GroupA as a Space; and have the same level of appliance for groups
(page-space-wiki, where space rights override wiki rights).
True, but that's not the way it was implemented initially. XWikiAllGroup
was just another group like all others. Now, it is a bit more special,
since it can be completely virtual, it can implicitly contain all
registered users, and it is referenced in the code as the default group
for new users.
So if I deny All and allow A, semantically A will have
allow, because the
tie will be broken by level. Just a thought.
Caty
>
> Attempt 2. Hm, how could this be done? Denying to everybody is not an
> option... So, allow the view right to A, and automagically everybody
> else is denied. Great, XWiki really rocks!
>
> This is not a very valid use case, but more like a necessity. When
> designing the current rights mechanism, a lot of not-entirely-compatible
> use cases had to be balanced, and the outcome doesn't cleanly satisfy
> all use cases, but it tries to make each scenario possible one way or
> another.
>
--
Sergiu Dumitriu
http://purl.org/net/sergiu/