so I have no proposal here, this is really a question I’m asking myself and it might be interesting to gather different point of view on it.
It’s a bit artificial but I will consider here that we have two categories of rights in XWiki:
- the standard rights that are basically hardcoded (view, edit, comment, delete, admin, etc)
- the extension rights that are registered by extensions (e.g. like in xwiki standard)
Right now by default “Admin” right automatically implies almost all other standard rights (see: this code). This means that you cannot deny those rights to people having admin right: i.e. denying view right to someone who has admin right doesn’t have any impact.
When I worked on extension rights few months ago, I implemented the same logic: i.e. you currently cannot deny the Like right to someone who has Admin right. This implementation has been done here for those interested and as part of https://jira.xwiki.org/browse/XWIKI-17559.
Now that I’m using more and more those extension rights, I’m starting to wonder if it was a good idea and if we want to keep it that way.
From what I see the strongest argument for that behaviour is that it’s consistent with what we have in standard. Now the cons is that it might not be expected by devs. So WDYT?