Details
-
Bug
-
Resolution: Unresolved
-
Major
-
None
-
9.8
-
None
-
Unknown
-
Description
Steps to reproduce are rather complex as they'd imply using a custom authorization manager that could block some right (the delete right) on a page of the wiki for a global admin - the global admin in the standard XWiki authorization manager has all the rights everywhere but it may not in all authorization managers.
Basically this check here
https://github.com/xwiki/xwiki-platform/commit/dc704c0db6702fb18790b55df31e11678720c1c7 , which checks whether the current user can delete a page from the recycle bin is only checking rights at the location of the page on the wiki.
To me, this logic doesn't make sense: all operations that impact only the recycle bin (such as deleting from the recycle bin) should be subject to a "recycle bin manipulation" authorization, which should be different from the authorizations on the actual resources of the wiki the way they are setup at the moment when the delete is made. This is because the pages in the recycle bin are not actually running content on the wiki, but more like a "backup" kind of thing, just in case. As long as it's not running content on the wiki, the rights of the wiki don't really have a reason to be the only ones that apply.
Since we don't have a "recycle bin manipulation" right and we probably don't want to have it, this should fallback on global admin or programming rights.
It doesn't mean that we shouldn't also allow rights on recycle bin for users that have rights on the actual location of the page (although this may be arguably a good idea), but it means that there should be a logic of authorization of the manipulation of the whole recycle bin and global admin should probably have it.
Attachments
Issue Links
- is duplicated by
-
-
- Closed
-