OK - this was more or less resolved by following the advice here:
http://tinyurl.com/63rd76 This allowed me to essentially check for
valid comment deletion permissions before forwarding to the main
comment delete view. The only difference was my wrapper view; I
checked if the currently-logged-in user was the commenter, commentee
or staff before forwarding to the view.
On Jan 5, 11:01 am, Tim <rubyf...@gmail.com> wrote:
> Maybe a little brevity is in order - how do I grant temporary
> privileges to a user to delete a comment rather than keeping that
> power fully in the hands of a comments moderator?
>
> - Tim
>
> On Jan 3, 7:23 pm, Tim <rubyf...@gmail.com> wrote:
>
> > Hi all -
>
> > I am having a bit of difficulty with the Django comments framework -
> > more specifically, dealing with comment modifications by site users as
> > well as moderators.
>
> > Basically, I have a site in which users can post comments (using the
> > out-of-the-box commenting framework). I'd like to have a flexible
> > comment deletion environment in which comments could be deleted by the
> > user associated with the model attached to the comment or the original
> > poster of the comment - e.g., for a blog posting, I'd like the blog
> > writer to be able to delete inappropriate or offensive comments, but
> > I'd also like the commenter to be able to delete a comment they made
> > if they had second thoughts about it.
>
> > The commenting framework supports basic permissions for a user to
> > moderate comments via the "perms.comment.can_delete" value. However, I
> > obviously don't want to grant this permission to every user; this
> > would mean a malicious user could just delete comments at will whether
> > they belonged to them or not. I believe it's possible to do all the
> > logic to find out if a user is allowed to delete a comment in a custom
> > view and then forward the request to the official deletion view - but
> > then I still run into the check if the user is authorized to delete
> > comments or not. I am really loath to change the core commenting code
> > itself. Is there a better way to do it?
>
> > Here's a quickly hacked together template that kind of shows what I'm
> > trying to do (along with all my debugging junk):
>
> > <form action="/comments/delete/{{ comment.id }}/" method="POST">
> > {% if perms.comment.can_delete %}
> > You can delete comments.<br />
> > {% else %}
> > You cannot delete comments.<br />
> > {% endif %}
> > {% ifequal comment.user_id user_profile_id %}
> > ...display a button to delete...
> > {% endifequal %}
> > {% if my_page %}
> > ...display a button to delete...
> > {% endif %}
> > </form>
>
> > - Tim
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to
django-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en
-~----------~----~----~----~------~----~------~--~---
