2008/6/11 Janne Jalkanen <[EMAIL PROTECTED]>: >> This is convenient but causes a problem: any member of staff can edit >> this ACL (say, by mistake) to break the access control policy. > > That isn't necessarily a bad thing - wikis are based largely on trust. > >> In the preSave method, if the current editor has the special role that >> allows him to handle ACL, the to-be-saved content is saved directly. >> Otherwise, any ACL in the to-be-saved content is ignored, and the >> current (official) ACLs are read from the current version of the page >> and appended to the to-be-saved content, before it is saved. > > This should work. It's probably easier to simply reject edits which are > trying to mess your ACLs; then you don't have to parse/fix things too much. > How to reject edits in the preSave method?
Cheers, Weijian > /Janne >
