> Rather than an "openmediamanager" setting, I think the mediamanager should > only be accessible to visitors with "edit" access, that I believe would > match actual behaviour to reasonable expectation of what the behaviour > should be. Ie. If the "proper" access to mediamanager (via toolbar button) > is prevented by read only access then actual access should attempt to mirror > that. Okay it took me a while to grasp the problem :-) This is something like the dir listing option in webservers. Not exactly a security problem but it's a good idea to switch it off anyway. Now, the problem is there is no such thing as 'visitors with "edit" access' because edit permissions may be given to selected parts of the wiki. The question is do they have edit access *anywhere*. Checking this info isn't easily done with the current ACL functions which will only check a users' permissions on a given namespace... I'm open for ideas. Andi -- splitbrain.org -- DokuWiki mailing list - more info at http://wiki.splitbrain.org/wiki:mailinglist