On Feb 23, 2012, at 4:46 PM, Denis Gervalle wrote: > On Thu, Feb 23, 2012 at 16:18, Vincent Massol <[email protected]> wrote: > >> >> On Feb 23, 2012, at 4:02 PM, Thomas Mortagne wrote: >> >>> Right now on an empty wiki you have all the rights except "delete" >>> (and register). >>> >>> So this means that you have "admin" right but you don't have "delete" >> rights... >>> >>> This does not make much sense and I anyway I don't see why delete has >>> this special rule. >> >> >>> Any idea ? >> > > Because defaulting allow for delete on the initial template of XE will > allow anyone to delete anything. > We had never set right on delete explicitly. > > >>> >>> Here is my +1 to remove the special handling of "delete" default right. >> > > -1 to change that since it will open hole in many existing wikis.
Can you explain that? The guest user has admin permissions so I don't see what could be worse than that. Am I missing something? Thanks -Vincent >> I don't know if there was any good reason but I can't see it. >> > > There is probably no good reason before it was implemented this way. > > >> So +1 to have delete rights in an empty wiki when not logged in. >> >> I've created http://jira.xwiki.org/jira/browse/XWIKI-7581 >> > > +0 for this, simply because it would be difficult and tricky to do in the > current implementation. > After we agree on merging the new experimental security module and I got > some time to document it, I will surely open a discussion on how to evolve > the security rights, and why the empty wiki state cause other not so > pleasant issue. It is to early for now. > > >> Thanks >> -Vincent >> >> _______________________________________________ >> devs mailing list >> [email protected] >> http://lists.xwiki.org/mailman/listinfo/devs >> > > > > -- > Denis Gervalle > SOFTEC sa - CEO > eGuilde sarl - CTO > _______________________________________________ > devs mailing list > [email protected] > http://lists.xwiki.org/mailman/listinfo/devs _______________________________________________ devs mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/devs
