[xwiki-devs] [xwiki-notifications] r35698 - platform/web/trunk/standard/src/main/webapp/templates

Vincent Massol vincent at massol.net
Fri Mar 18 06:58:13 UTC 2011


Hi Sergiu,

I would have thought that users would only need the delete (or edit but I prefer delete) rights to remove comments.

Could you explain the rationale?

BTW for logged in users, what do they need now?

Thanks
-Vincent

On Mar 18, 2011, at 12:36 AM, sdumitriu (SVN) wrote:

> Author: sdumitriu
> Date: 2011-03-18 00:36:44 +0100 (Fri, 18 Mar 2011)
> New Revision: 35698
> 
> Modified:
>   platform/web/trunk/standard/src/main/webapp/templates/commentsinline.vm
> Log:
> XWIKI-4842: Issues on Preview/Edit Comments for Unregistered Users
> Guests should not be allowed to delete comments unless they have admin rights.
> 
> Modified: platform/web/trunk/standard/src/main/webapp/templates/commentsinline.vm
> ===================================================================
> --- platform/web/trunk/standard/src/main/webapp/templates/commentsinline.vm	2011-03-17 23:29:08 UTC (rev 35697)
> +++ platform/web/trunk/standard/src/main/webapp/templates/commentsinline.vm	2011-03-17 23:36:44 UTC (rev 35698)
> @@ -151,7 +151,7 @@
>           <span class="commenttool commentedit"><a class="edit" href="$doc.getURL('view', "viewer=comments&number=${comment.number}&xredirect=$xredirect")" title="$msg.get('core.viewers.comments.edit')">$msg.get('core.viewers.comments.edit')</a></span>
>         #end
>       #end
> -      #if ($hasEdit)
> +      #if ($hasAdmin || (!$isGuest && $hasEdit && $comment.author == $xcontext.user))
>         <span class="commenttool commentdelete"><a class="delete" href="$doc.getURL('objectremove', "form_token=$!{services.csrf.getToken()}&classname=${xCommentClass}&classid=${comment.number}&xredirect=$xredirect")" title="$msg.get('core.viewers.comments.delete')">$msg.get('core.viewers.comments.delete')</a></span>
>       #end
>       </span>## commenttools




More information about the devs mailing list