9 Jun
2010
9 Jun
'10
2:04 p.m.
On 06/09/2010 12:24 PM, Ecaterina Valica wrote:
It was done because the deny right is stronger than the allow right. How
can I say that for space X only group A has view right, and nobody else?
Attempt 1. Deny to Guest and All, allow to A. Oups, doesn't work, since
everybody in A is also in All, and deny is stronger, so everyone is
denied...
IMO, RegisteredUsers is a special case. Imagine RegisteredUsers as a Wiki,
and GroupA as a Space; and have the same level of appliance for groups
(page-space-wiki, where space rights override wiki rights).
True, but that's not the way it was implemented initially. XWikiAllGroup
was just another group like all others. Now, it is a bit more special,
since it can be completely virtual, it can implicitly contain all
registered users, and it is referenced in the code as the default group
for new users.
> Another question is why this has been done in the
first place? Can
someone
give a
valid use case when this is more productive than other ways.
I really do not know, and I am curious as well. So if I deny All and allow A, semantically A will have
allow, because the
tie will be broken by level. Just a thought.
Caty
>
> Attempt 2. Hm, how could this be done? Denying to everybody is not an
> option... So, allow the view right to A, and automagically everybody
> else is denied. Great, XWiki really rocks!
>
> This is not a very valid use case, but more like a necessity. When
> designing the current rights mechanism, a lot of not-entirely-compatible
> use cases had to be balanced, and the outcome doesn't cleanly satisfy
> all use cases, but it tries to make each scenario possible one way or
> another.
>
--
Sergiu Dumitriu
http://purl.org/net/sergiu/