Details
-
Bug
-
Resolution: Fixed
-
Blocker
-
14.2, 13.10.4
-
Unit
-
Unknown
-
N/A
-
N/A
-
Description
XWIKI-14088 already covers extensively why edit rights and view rights need to be separated. However, this leads to a side effect on the UI to edit rights on documents:
As a user with edit rights, go to the Access Rights UI, switch to Users, and click at least twice on the View right for Unregistered Users.
The original document has now been overwritten with an empty one, which was unlikely to be what the user expected.
This bug is due to the fact that denying view rights does not affect edit rights, but prevents the user from viewing the content of the document. Thus, the document ends up saved by a user that cannot access the original content.
Note that this does not happen while editing the rights of any other user on this UI, since the requests usually go through a `view` endpoint. `Unregistered Users` is the only exception, using the `edit` endpoint with Flamingo: https://github.com/xwiki/xwiki-platform/blob/master/xwiki-platform-core/xwiki-platform-flamingo/xwiki-platform-flamingo-skin/xwiki-platform-flamingo-skin-resources/src/main/resources/flamingo/rightsUI.vm#L111
Attachments
Issue Links
- is caused by
-
-
- Closed
-
- links to