https://bugzilla.wikimedia.org/show_bug.cgi?id=69380
--- Comment #16 from Chris Steipp <[email protected]> --- Being able to edit by deleting then creating is a minor elevation of privilege, although I doubt anyone would assign it a cve. Mysql lets you do it. On the idea that all privileges need to be independent, I don't think that should always be the case-- mysql, and hopefully mediawiki, doesn't allow deletion without the ability to read. That could lead to several problems. But I definitely think it's an ideal, to keep things as simple as possible. For mediawiki, allowing delete (or create) actions without edit rights seems unexpected to me, but I'm honestly happy to let the community come to a consensus on it. I think it would be worth (somewhere) spelling out the dependencies among the rights. And I would be ok with reverting change 153345, if the problem it was trying to address (a user can delete a page that they have been protected against editing) is fixed another way. -- You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
