i thought the description of coherent access sounded sensible, so i tried it out. but here's a weirdness (from a certain perspective, anyway). let's say X creates a private node. then, he gives editing rights to Y. well, in the default edit interface, Y can go straight in and use the same coherent access input area to offer access to Z, even though X didn't intend to give access to Z. (imagine: X trusts Y but not Z, but Y trusts Z. so, only Z is malicious--but as author of the node, shouldn't X be given say in the matter?)

is this really how it should be?

Comments

jgraham’s picture

I understand your scenario and certainly that could be an issue.

I will see if I can figure out a clean way to let it either be set sitewide or at the node level whether or not "editing users" can grant other users editing privileges.

jgraham’s picture

Status: Active » Fixed

implemented on the 5.x branch. thanks for the idea

Anonymous’s picture

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for two weeks with no activity.