Change Delete right so that it implies View right

Hi everyone,

right now the scheme of Rights in XWiki is implemented in a way that Delete right doesn’t imply any other right. So it’s possible for a user to have the Delete right on a document but not the View right on the same document: in theory, it means that a user would be to able to delete that document, but not to view it.

On the other hand, the same right scheme we have say that Edit right imply View right. But still Delete does not imply Edit.
So you could have a User able to delete a document, but not able to edit or view it.

This behaviour is not really consistent, and I doubt it could be really considered as a feature, so I propose that we change it so that Delete imply View right.
I feel like we could actually decide that Delete should imply both Edit and View, but maybe it’s a bit less obvious.

Note that the proposal here is to perform this change only in next cycle: 15.x. It’s a major change in our right scheme, so better do it as an experimental improvment first.

wdyt?

1 Like

+1 for VIEW

Not against that either.

+1 for view

No objection for edit as well.

In principle I’m +1 of delete implying view and edit, and thus reducing the possible combinations of view/edit/delete to just three. However, I’m a bit worried about what happens when you explicitly deny view or edit rights while granting delete rights - wouldn’t this create the same strange situation again? So in code, we still cannot be sure that somebody with delete rights also has view rights?

Yes it could.

No you couldn’t by just checking the Delete right. Now we have documented that it’s not recommended to use Deny, so if some features decides to rely on the fact that Delete right is enough to always imply View, I think it’s ok.
In any case, it’s out of the scope of this proposal and should be decided case by case for such features.

I just created a ticket (Loading...) to work on that for 15.0, but don’t hesitate to keep giving feedback here.

Hello @surli ,

for edit it’s less obvious, but for view it’s rather obvious. I would say we can go for delete implies view but I’m not that sure for edit…

Thanks,
Anca

+1 for delete implying view.
-1 for delete implying edit.

Editing and deletion are seperate rights in most programs, and there are situations where people can do cleanup work (deletion) but shouldnt be able to modify the content.

I guess it could make sense to keep them separated, even if in some cases you might be able to use the delete right to perform an edit (e.g. you delete a protected page and create it back with the content you want). So I’ll go to Delete imply View only for now.

Done as part of Loading...

1 Like