Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

Comment Permissions - a user cannot edit / delete his own comments and cannot edit / delete the comments of other users if given the permission to do so

Description

Users are unable to edit or delete their own comments. Additionally, if the user is given permission to edit and delete comments, the user will only be able to edit and delete his or her own comment and not the comments of other users. This also prevents admins from being able to create a discussion moderator that can edit or delete the comments of other users.

Steps to reproduce:

  1. Create a role that allows a user to edit and delete comments

    • Navigate to Control Panel > Roles

    • Click Add > Regular Role

    • Enter Member in the Name field and click Save

    • Click Actions > Define Permissions for the Member

    • Select Site Content > Web Content in the drop down

      • Under Web Content, flag Add Discussion and View

    • Click Save

  2. Create a user and assign that user to the Member role

  3. Add a web content display portlet and add a web content article to it

  4. Configure the portlet to allow comments

  5. Add a comment

  6. Sign out, and then sign in as the user created in Step 2

  7. Navigate to the web content article.

  8. Add a comment

    • Note that the user will be unable to edit or delete the comment he or she posted

  9. Sign out, and sign in as the Admin user

  10. Add the delete and update discussion permissions to the Member role

    • Navigate to Control Panel > Roles

    • Click on Actions > Define Permissions for the Member role

    • Select Site Content > Web Content under the drop down

      • Under Web Content, flag Delete Discussion and Update Discussion

    • Click Save

  11. Sign out, and sign in as the user created in Step 2

  12. Navigate to the web content article

    • Now, the user will have permission to edit his or her own comment. However, the user will not have the ability to edit the Admin user's comment.

Environment

Tomcat 7.0.23 + MySQL 5. 6.1.x GIT ID: 345193895dfe4cab689db540c7238881877845f5. Tomcat 7.0.23 + MySQL 5. 6.2.x GIT ID: 65450046dcbb21c793742e9d0cdc0942d7b6f5a1.

Activity

Show:

Cynthia Wilburn March 12, 2012 at 2:03 PM

Reopening to add 6.1.1 CE GA2. Close as Fixed.

Luyang Tan February 13, 2012 at 7:16 PM
Edited

PASSED Manual Testing following the steps in the description.

Fixed on:
Tomcat 7.0 + MySQL 5. 6.1.x GIT ID: 9fbc284ff2c4b5102647c3640c4ddbff2736f30d.
Tomcat 7.0 + MySQL 5. 6.2.x GIT ID: e07a2491960097d02536348d65c9dfe1460335f1.

The user is able to edit the Admin user's comment.

Luyang Tan January 10, 2012 at 11:26 PM
Edited

FAILED Manual Testing following the steps in the description.

Reproduced on:
Tomcat 7.0 + MySQL 5. 6.1.x GIT ID: e81e7944d8368d9b998e1bbd2aa438d05d5936b9.

The user is not able to edit the Admin user's comment.

Failed on:
Tomcat 7.0 + MySQL 5. 6.1.x GIT ID: 5a4911b544ecc7639661c365572dde1ed07049d6.
Tomcat 7.0 + MySQL 5. 6.2.x GIT ID: b0200b1f1ea5d788d825afa9b3bd9a4a26f79915.

The user is not able to edit the Admin user's comment.

Michael Saechang January 10, 2012 at 2:56 PM

Committed on:
6.1.x GIT ID: 4b5904dd826465e99a70b3a27df137c0eb6d607e.
6.2.x GIT ID: 6eb2d0ea6b9826ad149b5d90cfc41d932f5ad452.

Fixed

Details

Assignee

Reporter

Labels

Fix Priority

4

Bug Type

Regression Bug

Components

Fix versions

Affects versions

Priority

Zendesk Support

Created January 6, 2012 at 5:23 PM
Updated June 24, 2023 at 3:42 PM
Resolved March 12, 2012 at 2:39 PM
Loading...