Admin right is not deniable and it implies at the other rights except
programming. See
http://extensions.xwiki.org/xwiki/bin/view/Extension/Security+Module#HDefaultrightsbeingpredefined
. So admins should be able to view/edit/delete any page from the wiki
they administer, independent of the rights set on those pages.
A bad user could write though something like this:
{{velocity}}
#if ($hasAdmin)
Nice content
#else
Bad content
#end
{{/velocity}}
To prevent this you can use the watch list to get a mail with the
changes produced in the wiki and review those changes regularly (i.e.
look at the raw content not just at the rendered content) .
Hope this helps,
Marius.
On Fri, Mar 28, 2014 at 6:52 PM, Patrick Masson <mas...@opensource.org> wrote:
> I'm concerned some may be using the MyDashboard feature of their profile
> page to post inappropriate content. What access rights do admins have on
> pages that are located off the MyDashboard or where permissions are set so
> that only some registered users may see them?
>
> Let's say a user was using our site to post/distribute/develop child
> pornography or malware?
>
> Patrick
>
> --
> || | | |||| || || | |||| ||| | |||
> Patrick Masson
> General Manager, Director & Secretary to the Board
> Open Source Initiative
> 855 El Camino Real, Ste 13A, #270
> Palo Alto, CA 94301
> United States
> Skype: massonpj
> sip: mas...@getonsip.com
> <https://www.getonsip.com/call?a=mas...@getonsip.com>
> Ph: (970) 4MASSON
> Em: mas...@opensource.org <mailto:mas...@opensource.org>
> Ws: www.opensource.org <http://www.opensource.org>
> _______________________________________________
> users mailing list
> users@xwiki.org
> http://lists.xwiki.org/mailman/listinfo/users
_______________________________________________
users mailing list
users@xwiki.org
http://lists.xwiki.org/mailman/listinfo/users
