Re: Comments Framework and Authentication
OK - this was more or less resolved by following the advice here: http://tinyurl.com/63rd76 This allowed me to essentially check for valid comment deletion permissions before forwarding to the main comment delete view. The only difference was my wrapper view; I checked if the currently-logged-in user was the commenter, commentee or staff before forwarding to the view. On Jan 5, 11:01 am, Tim wrote: > Maybe a little brevity is in order - how do I grant temporary > privileges to a user to delete a comment rather than keeping that > power fully in the hands of a comments moderator? > > - Tim > > On Jan 3, 7:23 pm, Tim wrote: > > > Hi all - > > > I am having a bit of difficulty with the Django comments framework - > > more specifically, dealing with comment modifications by site users as > > well as moderators. > > > Basically, I have a site in which users can post comments (using the > > out-of-the-box commenting framework). I'd like to have a flexible > > comment deletion environment in which comments could be deleted by the > > user associated with the model attached to the comment or the original > > poster of the comment - e.g., for a blog posting, I'd like the blog > > writer to be able to delete inappropriate or offensive comments, but > > I'd also like the commenter to be able to delete a comment they made > > if they had second thoughts about it. > > > The commenting framework supports basic permissions for a user to > > moderate comments via the "perms.comment.can_delete" value. However, I > > obviously don't want to grant this permission to every user; this > > would mean a malicious user could just delete comments at will whether > > they belonged to them or not. I believe it's possible to do all the > > logic to find out if a user is allowed to delete a comment in a custom > > view and then forward the request to the official deletion view - but > > then I still run into the check if the user is authorized to delete > > comments or not. I am really loath to change the core commenting code > > itself. Is there a better way to do it? > > > Here's a quickly hacked together template that kind of shows what I'm > > trying to do (along with all my debugging junk): > > > > > {% if perms.comment.can_delete %} > > You can delete comments. > > {% else %} > > You cannot delete comments. > > {% endif %} > > {% ifequal comment.user_id user_profile_id %} > > ...display a button to delete... > > {% endifequal %} > > {% if my_page %} > > ...display a button to delete... > > {% endif %} > > > > > - Tim --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~--~~~~--~~--~--~---
Re: Comments Framework and Authentication
Maybe a little brevity is in order - how do I grant temporary privileges to a user to delete a comment rather than keeping that power fully in the hands of a comments moderator? - Tim On Jan 3, 7:23 pm, Tim wrote: > Hi all - > > I am having a bit of difficulty with the Django comments framework - > more specifically, dealing with comment modifications by site users as > well as moderators. > > Basically, I have a site in which users can post comments (using the > out-of-the-box commenting framework). I'd like to have a flexible > comment deletion environment in which comments could be deleted by the > user associated with the model attached to the comment or the original > poster of the comment - e.g., for a blog posting, I'd like the blog > writer to be able to delete inappropriate or offensive comments, but > I'd also like the commenter to be able to delete a comment they made > if they had second thoughts about it. > > The commenting framework supports basic permissions for a user to > moderate comments via the "perms.comment.can_delete" value. However, I > obviously don't want to grant this permission to every user; this > would mean a malicious user could just delete comments at will whether > they belonged to them or not. I believe it's possible to do all the > logic to find out if a user is allowed to delete a comment in a custom > view and then forward the request to the official deletion view - but > then I still run into the check if the user is authorized to delete > comments or not. I am really loath to change the core commenting code > itself. Is there a better way to do it? > > Here's a quickly hacked together template that kind of shows what I'm > trying to do (along with all my debugging junk): > > > {% if perms.comment.can_delete %} > You can delete comments. > {% else %} > You cannot delete comments. > {% endif %} > {% ifequal comment.user_id user_profile_id %} > ...display a button to delete... > {% endifequal %} > {% if my_page %} > ...display a button to delete... > {% endif %} > > > - Tim --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~--~~~~--~~--~--~---
Comments Framework and Authentication
Hi all - I am having a bit of difficulty with the Django comments framework - more specifically, dealing with comment modifications by site users as well as moderators. Basically, I have a site in which users can post comments (using the out-of-the-box commenting framework). I'd like to have a flexible comment deletion environment in which comments could be deleted by the user associated with the model attached to the comment or the original poster of the comment - e.g., for a blog posting, I'd like the blog writer to be able to delete inappropriate or offensive comments, but I'd also like the commenter to be able to delete a comment they made if they had second thoughts about it. The commenting framework supports basic permissions for a user to moderate comments via the "perms.comment.can_delete" value. However, I obviously don't want to grant this permission to every user; this would mean a malicious user could just delete comments at will whether they belonged to them or not. I believe it's possible to do all the logic to find out if a user is allowed to delete a comment in a custom view and then forward the request to the official deletion view - but then I still run into the check if the user is authorized to delete comments or not. I am really loath to change the core commenting code itself. Is there a better way to do it? Here's a quickly hacked together template that kind of shows what I'm trying to do (along with all my debugging junk): {% if perms.comment.can_delete %} You can delete comments. {% else %} You cannot delete comments. {% endif %} {% ifequal comment.user_id user_profile_id %} ...display a button to delete... {% endifequal %} {% if my_page %} ...display a button to delete... {% endif %} - Tim --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~--~~~~--~~--~--~---