#1637 Wiki: tiki_p_edit, tiki_p_view and tiki_p_admin_wiki

All_versions
closed-wont-fix
teedog
None
5
2004-09-07
2004-09-03
crequill
No

A page has as permissions, tiki_p_admin_wiki for group
"Editeurs".

Problem : a user from Editeurs group cannot edit the page.

If you add permission tiki_p_edit to Editeurs group,
the problem is still here : the user from Editeurs
group cannot edit the page.

The user can edit the page only if the Editeurs group
has permissions tiki_p_view AND tiki_p_edit. For me
this is a bug: permissions tiki_p_edit OR
tiki_p_admin_wiki are sufficient.

I have take a look at the code and for me the problem
is at the line 429 of file tiki-editpage.php :

"// check for both edit and view perm; no view perm
means no edit perm either
if (!$userlib->object_has_permission($user, $page,
'wiki page', 'tiki_p_edit') or
!$userlib->object_has_permission($user, $page,
'wiki page', 'tiki_p_view')) { ..."

Why do you want to test tiki_p_view ? Test just
tiki_p_edit or tiki_p_admin_wiki and reverse the
condition: this is not a OR but a AND :

"if(!$userlib->object_has_permission($user, $page,
'wiki page', 'tiki_p_edit') and
!$userlib->object_has_permission($user, $page, 'wiki
page', 'tiki_p_admin_wiki')) {"

Discussion

  • Philippe Cloutier

    Logged In: YES
    user_id=738765

    This behavior comes from revision 1.62.2.9 by teedog, I'm
    not sure why he requested tiki_p_view. Let's ask him.

     
  • Philippe Cloutier

    • milestone: 420333 --> All_versions
    • assigned_to: nobody --> teedog
    • labels: 579491 -->
     
  • teedog

    teedog - 2004-09-03

    Logged In: YES
    user_id=807810

    A user that does not have tiki_p_view should not be allowed
    to edit a page because the wiki edit page allows users to
    view the wiki page source as well as the rendered content
    (through the preview function). To me, tiki_p_edit without
    tiki_p_view is a contradiction. That's my reasoning. I
    forget if it was prompted by a bug report which said
    something similar.

     
  • teedog

    teedog - 2004-09-03

    Logged In: YES
    user_id=807810

    Sorry I missed the first point in your bug report. It is a
    bug that users with tiki_p_admin_wiki cannot edit. Someone
    with tiki_p_admin_wiki should have the power to view and
    edit, so the contradiction I mentioned below doesn't apply.

     
  • Philippe Cloutier

    • status: open --> pending-wont-fix
     
  • Philippe Cloutier

    Logged In: YES
    user_id=738765

    OK so no point for keeping this open...this Won't fix.
    Note that I presume that Christophe didn't actually
    experience the refuse to edit with only tiki_p_admin_wiki,
    which should work since tiki_p_admin_wiki implies
    tiki_p_edit in tiki-pagesetup.php.
    One thing confusing is that we do have permissions that
    imply other permissions (admin permissions), and the right
    to edit seems to imply the right to view. Well :|

     
  • crequill

    crequill - 2004-09-06

    Logged In: YES
    user_id=369816

    Philippe, I test with only tiki_p_admin_wiki and it doesn't
    work.
    Perhaps there is some bugs in tiki-pagesetup.php ?

    If edit implies view, please write it in the docs :)

     
  • crequill

    crequill - 2004-09-06
    • status: pending-wont-fix --> open-wont-fix
     
  • Philippe Cloutier

    • status: open-wont-fix --> closed-wont-fix
     
  • Philippe Cloutier

    Logged In: YES
    user_id=738765

    Sorry, tiki_p_admin_wiki will only imply the rest from 1.9
    if you have custom permissions set on the target page. Do
    you? Do you have this problem on all pages? If yes I think
    something's wrong, tiki-setup_base.php should attribute
    other permissions.

    About the documentation of the "permissions hierarchy", I'm
    not familiar with it so please fix it yourself if you think
    something's wrong.

     

Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

JavaScript is required for this form.





No, thanks