OK - this was more or less resolved by following the advice here: http://tinyurl.com/63rd76 This allowed me to essentially check for valid comment deletion permissions before forwarding to the main comment delete view. The only difference was my wrapper view; I checked if the currently-logged-in user was the commenter, commentee or staff before forwarding to the view.
On Jan 5, 11:01 am, Tim <rubyf...@gmail.com> wrote: > Maybe a little brevity is in order - how do I grant temporary > privileges to a user to delete a comment rather than keeping that > power fully in the hands of a comments moderator? > > - Tim > > On Jan 3, 7:23 pm, Tim <rubyf...@gmail.com> wrote: > > > Hi all - > > > I am having a bit of difficulty with the Django comments framework - > > more specifically, dealing with comment modifications by site users as > > well as moderators. > > > Basically, I have a site in which users can post comments (using the > > out-of-the-box commenting framework). I'd like to have a flexible > > comment deletion environment in which comments could be deleted by the > > user associated with the model attached to the comment or the original > > poster of the comment - e.g., for a blog posting, I'd like the blog > > writer to be able to delete inappropriate or offensive comments, but > > I'd also like the commenter to be able to delete a comment they made > > if they had second thoughts about it. > > > The commenting framework supports basic permissions for a user to > > moderate comments via the "perms.comment.can_delete" value. However, I > > obviously don't want to grant this permission to every user; this > > would mean a malicious user could just delete comments at will whether > > they belonged to them or not. I believe it's possible to do all the > > logic to find out if a user is allowed to delete a comment in a custom > > view and then forward the request to the official deletion view - but > > then I still run into the check if the user is authorized to delete > > comments or not. I am really loath to change the core commenting code > > itself. Is there a better way to do it? > > > Here's a quickly hacked together template that kind of shows what I'm > > trying to do (along with all my debugging junk): > > > <form action="/comments/delete/{{ comment.id }}/" method="POST"> > > {% if perms.comment.can_delete %} > > You can delete comments.<br /> > > {% else %} > > You cannot delete comments.<br /> > > {% endif %} > > {% ifequal comment.user_id user_profile_id %} > > ...display a button to delete... > > {% endifequal %} > > {% if my_page %} > > ...display a button to delete... > > {% endif %} > > </form> > > > - Tim --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~----------~----~----~----~------~----~------~--~---