Hi all -
I am having a bit of difficulty with the Django comments framework -
more specifically, dealing with comment modifications by site users as
well as moderators.
Basically, I have a site in which users can post comments (using the
out-of-the-box commenting framework). I'd like to have a flexible
comment deletion environment in which comments could be deleted by the
user associated with the model attached to the comment or the original
poster of the comment - e.g., for a blog posting, I'd like the blog
writer to be able to delete inappropriate or offensive comments, but
I'd also like the commenter to be able to delete a comment they made
if they had second thoughts about it.
The commenting framework supports basic permissions for a user to
moderate comments via the "perms.comment.can_delete" value. However, I
obviously don't want to grant this permission to every user; this
would mean a malicious user could just delete comments at will whether
they belonged to them or not. I believe it's possible to do all the
logic to find out if a user is allowed to delete a comment in a custom
view and then forward the request to the official deletion view - but
then I still run into the check if the user is authorized to delete
comments or not. I am really loath to change the core commenting code
itself. Is there a better way to do it?
Here's a quickly hacked together template that kind of shows what I'm
trying to do (along with all my debugging junk):
<form action="/comments/delete/{{ comment.id }}/" method="POST">
{% if perms.comment.can_delete %}
You can delete comments.<br />
{% else %}
You cannot delete comments.<br />
{% endif %}
{% ifequal comment.user_id user_profile_id %}
...display a button to delete...
{% endifequal %}
{% if my_page %}
...display a button to delete...
{% endif %}
</form>
- Tim
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to
django-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en
-~----------~----~----~----~------~----~------~--~---
