You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@allura.apache.org by Dave Brondsema <br...@users.sf.net> on 2014/01/14 23:40:02 UTC

[allura:tickets] Re: #6273 Add permission to handle editing comments

Done in [fedb1ec] with the `is_meta` flag


---

** [tickets:#6273] Add permission to handle editing comments**

**Status:** open
**Labels:** support p3 
**Created:** Thu May 23, 2013 07:45 PM UTC by Chris Tsai
**Last Updated:** Wed Jun 26, 2013 01:59 PM UTC
**Owner:** nobody

* Users can edit history. This is very very bad, and can lead to disjointed
  conversations and deleted details. It should be sufficient if admins
  can edit history to remove any sensitive details / insults / spam.

* Metadata update posts can be edited. We don't see the point of this at all,
  while it can be very confusing, and downright dangerous if permissions
  are wrong.

----

(irrelevant statements clipped)

`[3:25pm]` brondsem: for editing history & metadata, I do agree.  I don't think we have a ticket for those yet
`[3:34pm]` cory_fu: Actually, I'm wrong.  it's not the UPDATE permission that controls it, after all.  It's the MODERATE permission (and possibly the UNMODERATED_POST as well)
`[3:35pm]` cory_fu: Nope, just MODERATE
`[3:35pm]` cory_fu: That's a strange permission choice
`[3:36pm]` ctsai-sf: Ah yeah, that was it. So, if I'm getting this right,  if you want users to be able to post (without moderating), they'll have edit on their own comments.
`[3:36pm]` cory_fu: Oh, gosh.  It's even stranger than that.  If you have UNMODERATED_POST when you create the post, you will get MODERATE permission to *just* that one post, so you can edit it.
`[3:37pm]` cory_fu: That's completely dumb.  We need a ticket to fix that
`[3:37pm]` cory_fu: I know we don't want to add too many permissions, but editing your own comments seems like a reasonable one to be separate.
`[3:39pm]` brondsem: adding more permissions would be better if the UI for it was cleaner and we had descriptions of each permission
`[3:39pm]` cory_fu: We do have a better UI design already mostly done, we just need to implement it
`[3:39pm]` cory_fu: :-)

Full log: https://sourceforge.net/p/allura/chat/2013/05/23/


---

Sent from sourceforge.net because allura-dev@incubator.apache.org is subscribed to https://sourceforge.net/p/allura/tickets/

To unsubscribe from further messages, a project admin can change settings at https://sourceforge.net/p/allura/admin/tickets/options.  Or, if this is a mailing list, you can unsubscribe from the mailing list.