You are here: Foswiki>Tasks Web>Item12531 (13 Aug 2013, MichaelDaum)Edit Attach

Item12531: disable anonymous commenting by default

pencil
Priority: Normal
Current State: Closed
Released In: n/a
Target Release:
Applies To: Extension
Component: MetaCommentPlugin
Branches: trunk
Reported By: SvenDowideit
Waiting For:
Last Change By: MichaelDaum
I was just browsing a site as guest where SKIN=metacomment,pattern and every topic has the comment editbox stuff on it.

when guest types and clicks submit, they get the 'submitting' modal, and behind it they see the templatelogin ui

so a user gets the ui, even on docco topics in System web - which we really don't want to have the .txt files modified on - clearly, this breaks the topic ACL's as the .txt file is modified - which imo really just needs to be spelt out very clearly in the plugin docco.

how do you like the irony of:
<!-- Do _not_ attempt to edit this topic; it is auto-generated. -->

META:COMMENT{name="1.1371130184" author="WikiGuest" date="1371130184" fingerPrint="f96cc30f3e6e13d3a4d02d947843c246" modified="1371130184" ref="" state="new, approved" text="testing" title="testing"}

-- SvenDowideit - 13 Jun 2013

See Extensions.MetaCommentPlugin#Permissions

-- MichaelDaum - 13 Jun 2013

indeed, I did read that, and it does not indicate that by default, adding MetaCommentPlugin to your site enables the guest user to modify any topic.

-- SvenDowideit - 13 Jun 2013

I'll add a

$Foswiki::cfg{MetaCommentPlugin}{AnonymousCommenting} = 0;

... which extends the allow-comment check in case the user isn't authenticated yet. If switched off (default), anonymous commenting is disabled. So you explicitly have to switch it on to open the site in that respect. Normal acl checks for 'COMMENT' still apply as expected.

Means:

  • you can't have anonymous commenting using acls unless you switch on the {AnonymousCommenting} flag
  • when {AnonymousCommenting} is switched on, you still can deny anonymous commenting using acls

-- MichaelDaum - 13 Aug 2013
 
Topic revision: r5 - 13 Aug 2013, MichaelDaum
The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License    Legal Imprint    Privacy Policy