The default policy is to give creators of items full access to the owned item
Some admins don't understand the implications of giving guests "add item / album" / "edit item", "all access" permissions
The guest is shared by everyone. So giving guest some permission to edit something means giving everyone the permission to change things by everyone else.
Therefore we need to make an exception for guest users by giving guests a minimal set of permissions. E.g. not giving the guest user any special permissions even if its the owner / creator of an item / comment.
Measures
Instead of giving full access, give guests by default very restrictive access to items owned by the guest user.
Maybe make this even configurable (site wide default permission rules for guests).
Add a "Security" page in site admin to report the current status and warn about misconfigurations
Implementation
Centralize default permissions (default permissions for albums are still set in different places)
In GalleryItem::save, set the permissions restrictively if guest is the owner
Add a "Security" site admin view to report
Items with public edit/delete permissions
config.php permissions
g2data web-accessible
Base URL settings
etc.
Add some UI to configure default guest permissions for guest-owned items
