I'll try to keep this as brief as possible as I'm fairly sure it has a simple
answer. Here's the situation:
I've got a wiki that has some fairly strict permissions:
1. Nothing is viewable unless asserted or authenticated.
2. Nothing is editable unless user is a member of group "Editors".
3. Non-editors belong to 1 of 3 groups (call them A, B, and C)
4. Some pages are viewable by all 3 groups; others are only viewable to 1 of
the 3 groups (via ACLs, e.g.: [{ALLOW view A}].
What I'd like to do (and what I think is impossible) is to allow members of the
"Editors" group to be able to view/edit anything (regardless of whatever ACL a
page might have) but not have AllPermissions (i.e.: they shouldn't be able to
approve new users, delete pages, etc...).
In my .policy, the Editors group has modify and rename for PagePermissions but
I still get the "You're not allowed to do that" message when trying to view any
page with an "ALLOW view [A|B|C]" ACL.
I *think* that the only way to override page ACLs is to give the group
AllPermission in the .policy. Is this correct? If so, is there anyway to
achieve the "Editors can edit anything but aren't admins" goal other than
adding "Editors" to every view ACL?
Thanks for your help.
