Modify

Opened 7 years ago

Closed 7 years ago

Last modified 7 years ago

#2074 closed defect (fixed)

Edit message feature : permission problem

Reported by: ltn.razak@… Owned by: Blackhex
Priority: normal Component: DiscussionPlugin
Severity: normal Keywords:
Cc: Trac Release: 0.11

Description

It seems that anyone with the DISCUSSION_APPEND permission is able to edit any message, even those not authored by the user.

Strange behaviour, in my opinion.

Is this normal ?

Anyway, it's a very useful plugin, good job!

Attachments (0)

Change History (4)

comment:1 Changed 7 years ago by Blackhex

  • Status changed from new to assigned

It shouldn't. I just tested it on 0.11 branch and it don't behave like you described for me. Could you be more specific, like what users has what permissions what user appended a message which can be edited and which user can do that?.

comment:2 Changed 7 years ago by anonymous

Well I made some more tests.

Actually the problem is, a user registered as the a moderator can edit any message in his forum even if he has not DISSCUSSION_MODERATE permission.

So we get to this scheme for an existing message (by typing moderator, I mean moderator of the forum the post belongs to):

user with DISCUSSION_APPEND but is not moderator Can only quote or reply to the message
user with DISCUSSION_APPEND and is moderator but don't have DISCUSSION_MODERATOR permission Can quote, reply to, and edit the message
user with DISCUSSION_APPEND and DISCUSSION_MODERATE and is moderator Can quote, reply to, edit and delete the message

I hope this is clear enough. I didn't test all cases though.

Sorry for the lack of accuracy in the first description.

comment:3 Changed 7 years ago by Blackhex

  • Resolution set to fixed
  • Status changed from assigned to closed

Checkout r2656. It should fix second line of your table, the others are normal behavior. I missed DISCUSSION_MODERATE check during port of 0.10 templates to 0.11.

comment:4 Changed 7 years ago by ltn.razak@…

okay it's fixed, thanks.

Add Comment

Modify Ticket

Action
as closed The owner will remain Blackhex.
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.