On Fri, 3 Jun 2005 23:09:57 +0200 Andreas Gohr <andi@xxxxxxxxxxxxxx> wrote: > I think such things should be checked at the server side. I thought about it > and extended the ACL mechanism a little bit. > > We now have UPLOAD and DELETE permissions (the latter one includes the former > as always). Now only users with DELETE permission are allowed to overwrite > existing mediafiles (and as additon they can delete them as well). Overwrite > protection was added with a simple checkbox. Nice. :-) I like it. It is more in line with DokuWiki design than my patch. But no light without shadow: To allow a user to overwrite media files is dangerous enough, but also to allow them to _delete_ media files is like to commit suicide. Particular because the references to the media file are not checked first. There are two options to solve this dilemma: 1. to split the DELETE permission up into two: OVERWRITE : media files might be overwritten DELETE : media files may also be deleted (usually for admins only). and make the admin responsible for checking references or 2. automatically check existing references to the media file and deny to delete it if there are still some. This could be done with the built-in search function. This function could also be used to show the user where these references are. Please tell me which one do you prefer. Best Regrads Matthias -- DokuWiki mailing list - more info at http://wiki.splitbrain.org/wiki:mailinglist