default namespace ACL must include create if other namespace allows create

If wikiconfig.py has ACL for NAMESPACE_USERS:

default='All:read,write,create,destroy,admin',

and ACL for NAMESPACE_DEFAULT:

default='All:read,write',

then a user who is not logged in may read/modify/destroy/admin (change ACL on modify) an item in users namespace. But same user may not create an item in users namespace. Attempts to do so result in:

Item not found

Item 'xxx' does not exist.

Workaround is to change ACL for NAMESPACE_DEFAULT:

default='All:read,write,create',

Thanks, the fix is working fine for the described issue.

There are some more parts in items/__init__.py to check (search for user.may), e.g. if you type '+modify/users/xxx' in your browser URL for a non-existent item. You will run into this check:

moin/src/moin/items/__init__.py

Line 1514 in 60b8a72

    
           if isinstance(self.content, NonExistentContent) and not flaskg.user.may.create(self.name):

I am not sure if edit-locking and conflict checking is working as expected because it also uses self.name.

Thanks. Agree, looking at several other places where self.name s/b self.fqname. Trying to create errors.