Context Navigation

Modify ↓

#8873 closed defect (worksforme)

Can attachment delete be part of WIKI_MODIFY?

Reported by:	anonymous	Owned by:
Priority:	normal	Milestone:
Component:	wiki system	Version:	none
Severity:	normal	Keywords:	permissions needinfo
Cc:		Branch:
Release Notes:
API Changes:
Internal Changes:

Description

Deleting attachments is more like page edit (WIKI_MODIFY) than page delete (WIKI DELETE) - it's part of the content of a page, not a sibling to the page. While editing a page I may decide that more, less or different attachments are appropriate.

For example, I've attached "Protocol Diagram 1.0.png". Now the spec has been updated to 1.5. I can attach the new file yet the old file is there and is confusingly available, meaning people can read the wrong attachment because I can't narrow their focus to the right ones.

I'm not sure if this is a defect or a feature because the permissions feature already exists, I just think that the permission check for attachment delete should be WIKI_MODIFY :)

Thanks!

Rob

Attachments (0)

Change History (3)

comment:1 by Rob S. <rob@…>, 15 years ago

A little more background - this is motivated in part due to the number of times the "How do I delete an attachment?" question has come up around the office. We're all looking for a "Delete" link on the attachment inspection page; something of that sort :)

The WIKI_DELETE permission is also something we're not comfortable giving to everyone, hence our desire to 'downgrade' the attachment permission required to WIKI_MODIFY.

Thanks again,

Rob

in reply to: description comment:2 by Christian Boos, 15 years ago

Keywords:	permissions needinfo added

Replying to anonymous:

… For example, I've attached "Protocol Diagram 1.0.png". Now the spec has been updated to 1.5. I can attach the new file yet the old file is there and is confusingly available, meaning people can read the wrong attachment because I can't narrow their focus to the right ones.

Note that the Attachment section on Wiki pages is now folded by default, so this will effectively help to narrow their focus to the attachment linked to from the Wiki page (hopefully the 1.5 one ;-) ).

But your points about permissions are valid and need further evaluation.

Have you tried to see if you could make use of the TracFineGrainedPermissions? Using the permissions related to the parent resource are only a fallback, legacy compatibility mode.

comment:3 by Christian Boos, 14 years ago

Resolution:	→ worksforme
Status:	new → closed

As explained above.

Modify Ticket

Change Properties

Summary:
Description:	Deleting attachments is more like page edit (WIKI_MODIFY) than page delete (WIKI DELETE) - it's part of the content of a page, not a sibling to the page. While editing a page I may decide that more, less or different attachments are appropriate. For example, I've attached "Protocol Diagram 1.0.png". Now the spec has been updated to 1.5. I can attach the new file yet the old file is there and is confusingly available, meaning people can read the wrong attachment because I can't narrow their focus to the right ones. I'm not sure if this is a defect or a feature because the permissions feature already exists, I just think that the permission check for attachment delete should be WIKI_MODIFY :) Thanks! Rob You may use WikiFormatting here.
Type:		Priority:
Milestone:		Component:
Version:		Severity:
Keywords:		Cc:	Set your email in Preferences
Branch:
Release Notes:
API Changes:
Internal Changes:

Action

leave as closed The ticket will remain with no owner.

reopen The resolution will be deleted. Next status will be 'reopened'.

change ownership to The owner will be changed from (none) to the specified user.

Add Comment

Your email or username:

E-mail address and name can be saved in the Preferences .

You may use WikiFormatting here.

Attachments ↑ Description ↑

Note: See TracTickets for help on using tickets.

Download in other formats: