This question about Using an extension: Asked

Restrict update/delete of comments for MetaCommentPlugin

By default, normal users are allowed to change and delete comments of other users. I want to restrict this, so that only moderators or the original authors may change or delete comments.

I added the following statements in lib/Foswiki/Plugins/MetaCommentPlugin/core.pm in jsonRpcUpdateComment and jsonRpcDeleteComment:
  throw Foswiki::Contrib::JsonRpcContrib::Error(401, "Access denied (only moderator or original author may change)")
    unless $comment->{author} eq $wikiName ||
        isModerator($wikiName, $web, $topic); 

In WebPreferences I added the following line, so that only members of the admin group are moderators (without a preference setting for MODERATE, all users would be moderators):
Set ALLOWWEBMODERATE = %USERSWEB%.AdminGroup

Is there a better way to do this without having to modify the source code of the plugin?

Two problems remain:

1. No error message is displayed when a user tries to delete a comment and the server program sends 401 "Access denied".

2. The permission check for updating a comment should be made earlier when the user clicks the "edit" button and the popup is opened, and not only after the user tries to save the modified comment.

-- ChristianDHeureuse - 07 Sep 2011

QuestionForm edit

Subject Using an extension
Extension MetaCommentPlugin
Version
Status Asked
Related Topics
Topic revision: r1 - 07 Sep 2011, ChristianDHeureuse - This page was cached on 18 Oct 2018 - 09:08.

The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License    Legal Imprint    Privacy Policy