On Thu, Feb 23, 2012 at 4:49 PM, Vincent Massol <[email protected]> wrote: > > On Feb 23, 2012, at 4:46 PM, Denis Gervalle wrote: > >> On Thu, Feb 23, 2012 at 16:18, Vincent Massol <[email protected]> wrote: >> >>> >>> On Feb 23, 2012, at 4:02 PM, Thomas Mortagne wrote: >>> >>>> Right now on an empty wiki you have all the rights except "delete" >>>> (and register). >>>> >>>> So this means that you have "admin" right but you don't have "delete" >>> rights... >>>> >>>> This does not make much sense and I anyway I don't see why delete has >>>> this special rule. >>> >>> >>>> Any idea ? >>> >> >> Because defaulting allow for delete on the initial template of XE will >> allow anyone to delete anything. >> We had never set right on delete explicitly. >> >> >>>> >>>> Here is my +1 to remove the special handling of "delete" default right. >>> >> >> -1 to change that since it will open hole in many existing wikis. > > Can you explain that? > > The guest user has admin permissions so I don't see what could be worse than > that. > > Am I missing something?
Denis just mean that a lot of wikis don't set the delete right expecting it to be false by default (that's the case in standard XE for example). > > Thanks > -Vincent > >>> I don't know if there was any good reason but I can't see it. >>> >> >> There is probably no good reason before it was implemented this way. >> >> >>> So +1 to have delete rights in an empty wiki when not logged in. >>> >>> I've created http://jira.xwiki.org/jira/browse/XWIKI-7581 >>> >> >> +0 for this, simply because it would be difficult and tricky to do in the >> current implementation. >> After we agree on merging the new experimental security module and I got >> some time to document it, I will surely open a discussion on how to evolve >> the security rights, and why the empty wiki state cause other not so >> pleasant issue. It is to early for now. >> >> >>> Thanks >>> -Vincent >>> >>> _______________________________________________ >>> devs mailing list >>> [email protected] >>> http://lists.xwiki.org/mailman/listinfo/devs >>> >> >> >> >> -- >> Denis Gervalle >> SOFTEC sa - CEO >> eGuilde sarl - CTO >> _______________________________________________ >> devs mailing list >> [email protected] >> http://lists.xwiki.org/mailman/listinfo/devs > > _______________________________________________ > devs mailing list > [email protected] > http://lists.xwiki.org/mailman/listinfo/devs -- Thomas Mortagne _______________________________________________ devs mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/devs
