View Issue Details

IDProjectCategoryView StatusLast Update
0000412WackoWikipage rightspublic2012-03-11 16:45
Reporteradministrator Assigned Toadministrator  
PriorityhighSeveritymajorReproducibilityhave not tried
Status resolvedResolutionfixed 
Product Version4.3.x 
Target Version5.0.0Fixed in Version5.0.0 
Summary0000412: set correct permissions for comments
Description1) comment ACL -> inherit read rights from commented page
2) only comment owner and admin should be able to edit the comment
3) owner of commented page can delete the comment if 'owners_can_remove_comments' => 1, is set via config


read = 'read right of parent page'
write = ''
comment = ''
create = ''
upload = ''

affected handlers / actions
show
search
edit
remove
moderate

Additional Informationaccess

if ($this->user_is_owner() || $this->is_admin() || $this->has_access('write', $this->page['page_id']))


http://wackowiki.hg.sourceforge.net/hgweb/wackowiki/dev/rev/71434127883e
http://wackowiki.hg.sourceforge.net/hgweb/wackowiki/dev/rev/ebe7a1e8a079
-> wacko/handlers/page/acls.php
TagsNo tags attached.

Relationships

related to 0000256 resolvedTann San Comments inherit their ACL settings on subpages like a new page from the level above 

Activities

administrator

2012-02-23 18:49

administrator   ~0000844

reset all non 'read' acls for comments

UPDATE wacko_acl AS acl,
(
SELECT page_id, comment_on_id
FROM wacko_page
) AS pages
SET acl.list = '' WHERE acl.page_id = pages.page_id AND (
acl.privilege <> 'read' AND pages.comment_on_id <> '0'
)

administrator

2012-02-23 19:52

administrator   ~0000845

Last edited: 2012-03-11 16:45

Commits
http://wackowiki.hg.sourceforge.net/hgweb/wackowiki/dev/rev/f2bb9dfff3db
http://wackowiki.hg.sourceforge.net/hgweb/wackowiki/dev/rev/2eff504030c6
http://wackowiki.hg.sourceforge.net/hgweb/wackowiki/dev/rev/9e804bda4a1d

Issue History

Date Modified Username Field Change
2012-02-22 17:05 administrator New Issue
2012-02-22 17:05 administrator Status new => assigned
2012-02-22 17:05 administrator Assigned To => administrator
2012-02-22 17:11 administrator Additional Information Updated
2012-02-22 18:18 administrator Additional Information Updated
2012-02-22 18:20 administrator Relationship added related to 0000256
2012-02-23 03:55 administrator Additional Information Updated
2012-02-23 18:49 administrator Note Added: 0000844
2012-02-23 19:52 administrator Note Added: 0000845
2012-03-11 16:45 administrator Status assigned => resolved
2012-03-11 16:45 administrator Resolution open => fixed
2012-03-11 16:45 administrator Fixed in Version => 5.0.0
2012-03-11 16:45 administrator Note Edited: 0000845