Submitted by : 127.0.0.1 at: 2005-07-08T04:28:06+00:00 (12 years ago)
Name :
Category : Severity : Status :
Optional subject :  
Optional comment :

Access policy and permissions problems at http://zopewiki.org .

Desired policy

The site is intended to be completely anonymously editable.. but some restrictions have been imposed to discourage spam. The current access policy is:

anonymous visitors can: -- browse; vote; comment or edit adding at most one link to another site; revert edits; reparent pages

identified users (with the username option set) can: -- add unlimited links to other sites; rename pages; delete pages

authenticated managers can: -- access the ZMI; configure the wiki; etc.

Current issues

  • <s>identified users can't delete</s> granted anonymous Delete objects permission
  • <s>anonymous users see the rename & delete buttons, which they shouldn't (?)</s> rename & delete buttons now appear only when username is configured
  • when anonymous users try to rename, delete or (especially) add multiple external links, they get an unclear login dialog. <s>They need better guidance towards configuring a username to get full access to features.</s> more prominent help added to front page
  • anonymous votes can be changed by the next anonymous voter, only identified votes are permanent

property change --Fri, 08 Jul 2005 09:12:29 -0700 reply

Severity: serious => normal

... --simon, Tue, 15 May 2007 21:36:38 -0700 reply

Status: open => closed