Re: Comments Framework and Authentication

2009-01-06 Thread Tim 

OK - this was more or less resolved by following the advice here:
http://tinyurl.com/63rd76 This allowed me to essentially check for
valid comment deletion permissions before forwarding to the main
comment delete view. The only difference was my wrapper view; I
checked if the currently-logged-in user was the commenter, commentee
or staff before forwarding to the view.

On Jan 5, 11:01 am, Tim  wrote:
> Maybe a little brevity is in order - how do I grant temporary
> privileges to a user to delete a comment rather than keeping that
> power fully in the hands of a comments moderator?
>
> - Tim
>
> On Jan 3, 7:23 pm, Tim  wrote:
>
> > Hi all -
>
> > I am having a bit of difficulty with the Django comments framework -
> > more specifically, dealing with comment modifications by site users as
> > well as moderators.
>
> > Basically, I have a site in which users can post comments (using the
> > out-of-the-box commenting framework). I'd like to have a flexible
> > comment deletion environment in which comments could be deleted by the
> > user associated with the model attached to the comment or the original
> > poster of the comment - e.g., for a blog posting, I'd like the blog
> > writer to be able to delete inappropriate or offensive comments, but
> > I'd also like the commenter to be able to delete a comment they made
> > if they had second thoughts about it.
>
> > The commenting framework supports basic permissions for a user to
> > moderate comments via the "perms.comment.can_delete" value. However, I
> > obviously don't want to grant this permission to every user; this
> > would mean a malicious user could just delete comments at will whether
> > they belonged to them or not. I believe it's possible to do all the
> > logic to find out if a user is allowed to delete a comment in a custom
> > view and then forward the request to the official deletion view - but
> > then I still run into the check if the user is authorized to delete
> > comments or not. I am really loath to change the core commenting code
> > itself. Is there a better way to do it?
>
> > Here's a quickly hacked together template that kind of shows what I'm
> > trying to do (along with all my debugging junk):
>
> > 
> >     {% if perms.comment.can_delete %}
> >         You can delete comments.
> >     {% else %}
> >         You cannot delete comments.
> >     {% endif %}
> >     {% ifequal comment.user_id user_profile_id %}
> >         ...display a button to delete...
> >     {% endifequal %}
> >     {% if my_page %}
> >         ...display a button to delete...
> >     {% endif %}
> > 
>
> > - Tim
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en
-~--~~~~--~~--~--~---

Re: Comments Framework and Authentication

2009-01-05 Thread Tim 

Maybe a little brevity is in order - how do I grant temporary
privileges to a user to delete a comment rather than keeping that
power fully in the hands of a comments moderator?

- Tim

On Jan 3, 7:23 pm, Tim  wrote:
> Hi all -
>
> I am having a bit of difficulty with the Django comments framework -
> more specifically, dealing with comment modifications by site users as
> well as moderators.
>
> Basically, I have a site in which users can post comments (using the
> out-of-the-box commenting framework). I'd like to have a flexible
> comment deletion environment in which comments could be deleted by the
> user associated with the model attached to the comment or the original
> poster of the comment - e.g., for a blog posting, I'd like the blog
> writer to be able to delete inappropriate or offensive comments, but
> I'd also like the commenter to be able to delete a comment they made
> if they had second thoughts about it.
>
> The commenting framework supports basic permissions for a user to
> moderate comments via the "perms.comment.can_delete" value. However, I
> obviously don't want to grant this permission to every user; this
> would mean a malicious user could just delete comments at will whether
> they belonged to them or not. I believe it's possible to do all the
> logic to find out if a user is allowed to delete a comment in a custom
> view and then forward the request to the official deletion view - but
> then I still run into the check if the user is authorized to delete
> comments or not. I am really loath to change the core commenting code
> itself. Is there a better way to do it?
>
> Here's a quickly hacked together template that kind of shows what I'm
> trying to do (along with all my debugging junk):
>
> 
>     {% if perms.comment.can_delete %}
>         You can delete comments.
>     {% else %}
>         You cannot delete comments.
>     {% endif %}
>     {% ifequal comment.user_id user_profile_id %}
>         ...display a button to delete...
>     {% endifequal %}
>     {% if my_page %}
>         ...display a button to delete...
>     {% endif %}
> 
>
> - Tim
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en
-~--~~~~--~~--~--~---

Comments Framework and Authentication

2009-01-03 Thread Tim 

Hi all -

I am having a bit of difficulty with the Django comments framework -
more specifically, dealing with comment modifications by site users as
well as moderators.

Basically, I have a site in which users can post comments (using the
out-of-the-box commenting framework). I'd like to have a flexible
comment deletion environment in which comments could be deleted by the
user associated with the model attached to the comment or the original
poster of the comment - e.g., for a blog posting, I'd like the blog
writer to be able to delete inappropriate or offensive comments, but
I'd also like the commenter to be able to delete a comment they made
if they had second thoughts about it.

The commenting framework supports basic permissions for a user to
moderate comments via the "perms.comment.can_delete" value. However, I
obviously don't want to grant this permission to every user; this
would mean a malicious user could just delete comments at will whether
they belonged to them or not. I believe it's possible to do all the
logic to find out if a user is allowed to delete a comment in a custom
view and then forward the request to the official deletion view - but
then I still run into the check if the user is authorized to delete
comments or not. I am really loath to change the core commenting code
itself. Is there a better way to do it?

Here's a quickly hacked together template that kind of shows what I'm
trying to do (along with all my debugging junk):


{% if perms.comment.can_delete %}
You can delete comments.
{% else %}
You cannot delete comments.
{% endif %}
{% ifequal comment.user_id user_profile_id %}
...display a button to delete...
{% endifequal %}
{% if my_page %}
...display a button to delete...
{% endif %}


- Tim
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en
-~--~~~~--~~--~--~---