#2074 closed defect (fixed)
Edit message feature : permission problem
| Reported by: | Owned by: | Radek Bartoň | |
|---|---|---|---|
| Priority: | normal | Component: | DiscussionPlugin |
| Severity: | normal | Keywords: | |
| Cc: | Trac Release: | 0.11 |
Description
It seems that anyone with the DISCUSSION_APPEND permission is able to edit any message, even those not authored by the user.
Strange behaviour, in my opinion.
Is this normal ?
Anyway, it's a very useful plugin, good job!
Attachments (0)
Change History (4)
comment:1 Changed 17 years ago by
| Status: | new → assigned |
|---|
comment:2 Changed 17 years ago by
Well I made some more tests.
Actually the problem is, a user registered as the a moderator can edit any message in his forum even if he has not DISSCUSSION_MODERATE permission.
So we get to this scheme for an existing message (by typing moderator, I mean moderator of the forum the post belongs to):
| user with DISCUSSION_APPEND but is not moderator | Can only quote or reply to the message |
| user with DISCUSSION_APPEND and is moderator but don't have DISCUSSION_MODERATOR permission | Can quote, reply to, and edit the message |
| user with DISCUSSION_APPEND and DISCUSSION_MODERATE and is moderator | Can quote, reply to, edit and delete the message |
I hope this is clear enough. I didn't test all cases though.
Sorry for the lack of accuracy in the first description.
comment:3 Changed 17 years ago by
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Checkout r2656. It should fix second line of your table, the others are normal behavior. I missed DISCUSSION_MODERATE check during port of 0.10 templates to 0.11.
It shouldn't. I just tested it on 0.11 branch and it don't behave like you described for me. Could you be more specific, like what users has what permissions what user appended a message which can be edited and which user can do that?.