Re: [xwiki-devs] [xwiki-notifications] r35698 - platform/web/trunk/standard/src/main/webapp/templates

Fri, 18 Mar 2011 00:49:31 -0700 

Hi Sergiu,

I would have thought that users would only need the delete (or edit but I 
prefer delete) rights to remove comments.

Could you explain the rationale?

BTW for logged in users, what do they need now?

Thanks
-Vincent

On Mar 18, 2011, at 12:36 AM, sdumitriu (SVN) wrote:

> Author: sdumitriu
> Date: 2011-03-18 00:36:44 +0100 (Fri, 18 Mar 2011)
> New Revision: 35698
> 
> Modified:
>   platform/web/trunk/standard/src/main/webapp/templates/commentsinline.vm
> Log:
> XWIKI-4842: Issues on Preview/Edit Comments for Unregistered Users
> Guests should not be allowed to delete comments unless they have admin rights.
> 
> Modified: 
> platform/web/trunk/standard/src/main/webapp/templates/commentsinline.vm
> ===================================================================
> --- platform/web/trunk/standard/src/main/webapp/templates/commentsinline.vm   
> 2011-03-17 23:29:08 UTC (rev 35697)
> +++ platform/web/trunk/standard/src/main/webapp/templates/commentsinline.vm   
> 2011-03-17 23:36:44 UTC (rev 35698)
> @@ -151,7 +151,7 @@
>           <span class="commenttool commentedit"><a class="edit" 
> href="$doc.getURL('view', 
> "viewer=comments&amp;number=${comment.number}&amp;xredirect=$xredirect")" 
> title="$msg.get('core.viewers.comments.edit')">$msg.get('core.viewers.comments.edit')</a></span>
>         #end
>       #end
> -      #if ($hasEdit)
> +      #if ($hasAdmin || (!$isGuest && $hasEdit && $comment.author == 
> $xcontext.user))
>         <span class="commenttool commentdelete"><a class="delete" 
> href="$doc.getURL('objectremove', 
> "form_token=$!{services.csrf.getToken()}&amp;classname=${xCommentClass}&amp;classid=${comment.number}&amp;xredirect=$xredirect")"
>  
> title="$msg.get('core.viewers.comments.delete')">$msg.get('core.viewers.comments.delete')</a></span>
>       #end
>       </span>## commenttools

_______________________________________________
devs mailing list
[email protected]
http://lists.xwiki.org/mailman/listinfo/devs

Reply via email to