On 10/16/2009 11:53 AM, Guillaume Lerouge wrote: > Hi Devs, > right now an user can have edit rights on a page even though he does not > have the view right on that page. > > This sounds weird to me since that user can still access the page's content > by going to the right URL. > > Thus I think it would be better to have the view right inherited from the > edit right (if an user can edit a page he should also be able to view it). > > Is there any drawback to this?
The rights code is already complex as it is, this would only add more if-else branches in a spaghetti code. Plus, it adds another piece of "access rights magic". Although it is logic that users should not be allowed to edit what they can't see, I think that letting the admins set the rights to accomplish this is the right way. -- Sergiu Dumitriu http://purl.org/net/sergiu/ _______________________________________________ devs mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/devs
