Resolution: Won't Fix
Affects Version/s: 3.1
Fix Version/s: None
Component/s: Old Core
keywords:rights, rights management
XWIKI-2410 Ability to filter users/groups by granted rights in the new Rights Management UI XWIKI-1915 The new user, groups and rights management has some bugs in Firefox 3.0 beta1 XWIKI-13255 Manage the Access Rights for a page creator XWIKI-1963 Various bugs in the new Rights Management UI XWIKI-8 Revamping of the Rights Management XWIKI-2016 User rights management - ClassCastException with Oracle XWIKI-12171 Add a script right to manage script macro execution permissions XWIKI-2403 No error/warning displayed in the rights management UI when the user has forbid himself from editing XWIKI-2636 Make inherited rights visible in the Rights Management UI XWIKI-2068 Rights Manager does not clean deleted user/group in all wikis
Two Default groups: XWikiAllGroup and XWikiAdminGroup
Admin gives rigths to XWikiAllGroup to view pages - no problem.
Admin gives rigths to XWikiAllGroup to EDIT pages.
User With Edit rights has possibiity to manage access rights.
I even tried to prohibit to XWikiAllGroup users Administration rights, nothing changed.
If "smart user" (e.g. "Test" in XWikiAllGroup) with edit rights will:
- prohibit access to pages to whole XWikiAllGroup OR
- grant VIEW rights ONLY to XWikiAdminGroup
Then page becomes inaccessible to non-admin users. Test User can easily grant any right to admin group. It gives an error, but actually sets right.
So, Test User can even grant himself delete rights on page, then delete page successfully even if delete right is BLOCKED for XWikiAllGroup.