rotem@svn.wikimedia.org schreef:
Revision: 28094 Author: rotem Date: 2007-12-03 12:36:22 +0000 (Mon, 03 Dec 2007)
Log Message:
Users without the delete permission but with the deletedhistory one should not be allowed to access the content of deleted revisions.
Why is that? Configurations in which one wants to prevent users from deleting stuff but allow them to view deleted revs are not unthinkable. That's why deletedhistory is a separate right, right?
Roan Kattouw (Catrope)
Roan Kattouw schreef:
Configurations in which one wants to prevent users from deleting stuff but allow them to view deleted revs are not unthinkable. That's why deletedhistory is a separate right, right?
I did a little more research, and it turns out the UI also requires the 'delete' right before showing you deleted revision content. People with deletedrevs but not delete can therefore see comments and timestamps, but not the content. I think the delete right is abused as an undelete right here, and have opened a bug at Bugzilla (bug 12195).
Roan Kattouw (Catrope)
Roan Kattouw schreef:
Configurations in which one wants to prevent users from deleting stuff but allow them to view deleted revs are not unthinkable. That's why deletedhistory is a separate right, right?
I did a little more research, and it turns out the UI also requires the 'delete' right before showing you deleted revision content. People with deletedrevs but not delete can therefore see comments and timestamps, but not the content. I think the delete right is abused as an undelete right here, and have opened a bug at Bugzilla (bug 12195).
Roan Kattouw (Catrope)
wikitech-l@lists.wikimedia.org