Can attachment delete be part of WIKI_MODIFY?

[anonymous]

Deleting attachments is more like page edit (WIKI_MODIFY) than page delete (WIKI DELETE) - it's part of the content of a page, not a sibling to the page. While editing a page I may decide that more, less or different attachments are appropriate.

For example, I've attached "Protocol Diagram 1.0.png". Now the spec has been updated to 1.5. I can attach the new file yet the old file is there and is confusingly available, meaning people can read the wrong attachment because I can't narrow their focus to the right ones.

I'm not sure if this is a defect or a feature because the permissions feature already exists, I just think that the permission check for attachment delete should be WIKI_MODIFY :)

Thanks!

Rob

[Rob S. <rob@…>]

A little more background - this is motivated in part due to the number of times the "How do I delete an attachment?" question has come up around the office. We're all looking for a "Delete" link on the attachment inspection page; something of that sort :)

The WIKI_DELETE permission is also something we're not comfortable giving to everyone, hence our desire to 'downgrade' the attachment permission required to WIKI_MODIFY.

Thanks again,

Rob

[cboos]

Replying to anonymous:

...
For example, I've attached "Protocol Diagram 1.0.png". Now the spec has been updated to 1.5. I can attach the new file yet the old file is there and is confusingly available, meaning people can read the wrong attachment because I can't narrow their focus to the right ones.

Note that the Attachment section on Wiki pages is now folded by default, so this will effectively help to narrow their focus to the attachment linked to from the Wiki page (hopefully the 1.5 one ;-) ).

But your points about permissions are valid and need further evaluation.

Have you tried to see if you could make use of the TracFineGrainedPermissions?
Using the permissions related to the parent resource are only a fallback, legacy compatibility mode.

[cboos]

As explained above.