Opened 11 years ago
Last modified 4 years ago
#11244 closed defect
Permissions: setting a Wiki page "read-only" does not restrict adding attachments — at Initial Version
Reported by: | Owned by: | ||
---|---|---|---|
Priority: | normal | Milestone: | 1.1.2 |
Component: | wiki system | Version: | 0.12.5 |
Severity: | normal | Keywords: | permissions attachment wiki read-only TRAC_ADMIN ATTACHMENT_CREATE |
Cc: | Branch: | ||
Release Notes: | |||
API Changes: | |||
Internal Changes: |
Description
Observed behaviour:
I edit a Wiki page and set it to "read-only". As expected, only users with the TRAC_ADMIN permission can edit it or set it back to read/write. However, there is no change in the permission required to add attachments (ATTACHMENT_CREATE) for that page.
Expected behaviour:
Either TRAC_ADMIN is required to add attachments to a read-only page, or there is some other permission distinct from ATTACHMENT_CREATE that is needed to add attachments to read-only pages. Other pages continue to require only ATTACHMENT_CREATE.
Rationale: this is needed to discourage spam on high-visibility pages.