Ticket #895 (new defect)
Default page ACLs can be modified without page creator's knowledge
| Reported by: | BrianKoontz | Owned by: | unassigned |
|---|---|---|---|
| Priority: | high | Milestone: | 1.4 |
| Component: | core | Version: | 1.1.6.7 |
| Severity: | major | Keywords: | acls |
| Cc: |
Description
It is possible to set up ACLs for a page that does not exist yet. In fact, this is the only way to set the ACLs for a new page prior to editing. The possibility exists that a default set of ACLs can exist for a page prior to its creation and unknown to the creator. For a wiki that has "read" ACL set to "!*" by default, a registered user could feasibly set read ACL to "*" for any number of pages prior to their creation.
The solution to this problem is to prohibit the creation of page ACLs for pages that do not exist. But this raises another problem: It would then be impossiblee to create a page and set its ACLs prior to saving the page (in which case the page will be accessible via the default ACLs until the page ACLs are modified).
In addition to the above solution, it would be desirable to also provide the opportunity to set page ACLs upon initial edit of a new page.
