Details
-
New Feature
-
Resolution: Unresolved
-
Minor
-
None
-
7.1.2
-
None
-
Unknown
-
Description
Currently, anyone who has the edit permission on a page can use any editor on that page. Even if some editors are hidden from the user interface, they can still be accessed by adding ?editor=inline, ?editor=wysiwyg, ?editor=wiki, ?editor=object, or ?editor=class to the URL. It would be nice to have more granular permissions so that the site administrator can prohibit use of editors that do not make sense.
For example, I use PhenoTips <https://phenotips.org/>, which is based on XWiki. I want ordinary users to only be able to access the inline form editor (editor=inline). I do not want them to be able to edit the page's class or add arbitrary objects to it.