Modify

Opened 7 years ago

Closed 7 years ago

Last modified 7 years ago

#2074 closed defect (fixed)

Edit message feature : permission problem

Reported by: ltn.razak@… Owned by: Blackhex
Priority: normal Component: DiscussionPlugin
Severity: normal Keywords:
Cc: Trac Release: 0.11

Description

It seems that anyone with the DISCUSSION_APPEND permission is able to edit any message, even those not authored by the user.

Strange behaviour, in my opinion.

Is this normal ?

Anyway, it's a very useful plugin, good job!

Attachments (0)

Change History (4)

comment:1 Changed 7 years ago by Blackhex

  • Status changed from new to assigned

It shouldn't. I just tested it on 0.11 branch and it don't behave like you described for me. Could you be more specific, like what users has what permissions what user appended a message which can be edited and which user can do that?.

comment:2 Changed 7 years ago by anonymous

Well I made some more tests.

Actually the problem is, a user registered as the a moderator can edit any message in his forum even if he has not DISSCUSSION_MODERATE permission.

So we get to this scheme for an existing message (by typing moderator, I mean moderator of the forum the post belongs to):

user with DISCUSSION_APPEND but is not moderator Can only quote or reply to the message
user with DISCUSSION_APPEND and is moderator but don't have DISCUSSION_MODERATOR permission Can quote, reply to, and edit the message
user with DISCUSSION_APPEND and DISCUSSION_MODERATE and is moderator Can quote, reply to, edit and delete the message

I hope this is clear enough. I didn't test all cases though.

Sorry for the lack of accuracy in the first description.

comment:3 Changed 7 years ago by Blackhex

  • Resolution set to fixed
  • Status changed from assigned to closed

Checkout r2656. It should fix second line of your table, the others are normal behavior. I missed DISCUSSION_MODERATE check during port of 0.10 templates to 0.11.

comment:4 Changed 7 years ago by ltn.razak@…

okay it's fixed, thanks.

Add Comment

Modify Ticket

Action
as closed .
as The resolution will be set. Next status will be 'closed'.
to The owner will be changed from Blackhex. Next status will be 'closed'.
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.