Maybe a little brevity is in order - how do I grant temporary
privileges to a user to delete a comment rather than keeping that
power fully in the hands of a comments moderator?
- Tim
On Jan 3, 7:23 pm, Tim <rubyf...@gmail.com> wrote:
> Hi all -
>
> I am having a bit of difficulty with the Django comments framework -
> more specifically, dealing with comment modifications by site users as
> well as moderators.
>
> Basically, I have a site in which users can post comments (using the
> out-of-the-box commenting framework). I'd like to have a flexible
> comment deletion environment in which comments could be deleted by the
> user associated with the model attached to the comment or the original
> poster of the comment - e.g., for a blog posting, I'd like the blog
> writer to be able to delete inappropriate or offensive comments, but
> I'd also like the commenter to be able to delete a comment they made
> if they had second thoughts about it.
>
> The commenting framework supports basic permissions for a user to
> moderate comments via the "perms.comment.can_delete" value. However, I
> obviously don't want to grant this permission to every user; this
> would mean a malicious user could just delete comments at will whether
> they belonged to them or not. I believe it's possible to do all the
> logic to find out if a user is allowed to delete a comment in a custom
> view and then forward the request to the official deletion view - but
> then I still run into the check if the user is authorized to delete
> comments or not. I am really loath to change the core commenting code
> itself. Is there a better way to do it?
>
> Here's a quickly hacked together template that kind of shows what I'm
> trying to do (along with all my debugging junk):
>
> <form action="/comments/delete/{{ comment.id }}/" method="POST">
> {% if perms.comment.can_delete %}
> You can delete comments.<br />
> {% else %}
> You cannot delete comments.<br />
> {% endif %}
> {% ifequal comment.user_id user_profile_id %}
> ...display a button to delete...
> {% endifequal %}
> {% if my_page %}
> ...display a button to delete...
> {% endif %}
> </form>
>
> - Tim
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to
django-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en
-~----------~----~----~----~------~----~------~--~---
