cross
New Foswiki release 2.1.6 is available with important security fixes.
Sourceforge foswiki email lists being discontinued. Subscribe to the new Foswiki announce and discuss lists at MailingLists
This question about Using an extension: Asked

Restrict update/delete of comments for MetaCommentPlugin

By default, normal users are allowed to change and delete comments of other users. I want to restrict this, so that only moderators or the original authors may change or delete comments.

I added the following statements in lib/Foswiki/Plugins/MetaCommentPlugin/core.pm in jsonRpcUpdateComment and jsonRpcDeleteComment:
  throw Foswiki::Contrib::JsonRpcContrib::Error(401, "Access denied (only moderator or original author may change)")
    unless $comment->{author} eq $wikiName ||
        isModerator($wikiName, $web, $topic); 

In WebPreferences I added the following line, so that only members of the admin group are moderators (without a preference setting for MODERATE, all users would be moderators):
Set ALLOWWEBMODERATE = %USERSWEB%.AdminGroup

Is there a better way to do this without having to modify the source code of the plugin?

Two problems remain:

1. No error message is displayed when a user tries to delete a comment and the server program sends 401 "Access denied".

2. The permission check for updating a comment should be made earlier when the user clicks the "edit" button and the popup is opened, and not only after the user tries to save the modified comment.

-- ChristianDHeureuse - 07 Sep 2011

QuestionForm edit

Subject Using an extension
Extension MetaCommentPlugin
Version
Status Asked
Related Topics
Topic revision: r1 - 07 Sep 2011, ChristianDHeureuse - This page was cached on 17 Aug 2018 - 18:21.

The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License    Legal Imprint    Privacy Policy