Opened 11 years ago
Last modified 4 years ago
#11244 closed defect
Permissions: setting a Wiki page "read-only" does not restrict adding attachments — at Initial Version
| Reported by: | Owned by: | ||
|---|---|---|---|
| Priority: | normal | Milestone: | 1.1.2 |
| Component: | wiki system | Version: | 0.12.5 |
| Severity: | normal | Keywords: | permissions attachment wiki read-only TRAC_ADMIN ATTACHMENT_CREATE |
| Cc: | Branch: | ||
| Release Notes: | |||
| API Changes: | |||
| Internal Changes: | |||
Description
Observed behaviour:
I edit a Wiki page and set it to "read-only". As expected, only users with the TRAC_ADMIN permission can edit it or set it back to read/write. However, there is no change in the permission required to add attachments (ATTACHMENT_CREATE) for that page.
Expected behaviour:
Either TRAC_ADMIN is required to add attachments to a read-only page, or there is some other permission distinct from ATTACHMENT_CREATE that is needed to add attachments to read-only pages. Other pages continue to require only ATTACHMENT_CREATE.
Rationale: this is needed to discourage spam on high-visibility pages.
Note:
See TracTickets
for help on using tickets.
