This question about Using an extension: Asked
By default, normal users are allowed to change and delete comments of other users. I want to restrict this, so that only moderators or the original authors may change or delete comments.
I added the following statements in lib/Foswiki/Plugins/MetaCommentPlugin/core.pm in jsonRpcUpdateComment and jsonRpcDeleteComment:
throw Foswiki::Contrib::JsonRpcContrib::Error(401, "Access denied (only moderator or original author may change)")
unless $comment->{author} eq $wikiName ||
isModerator($wikiName, $web, $topic);
In
WebPreferences I added the following line, so that only members of the admin group are moderators (without a preference setting for MODERATE, all users would be moderators):
Set ALLOWWEBMODERATE = %USERSWEB%.AdminGroup
Is there a better way to do this without having to modify the source code of the plugin?
Two problems remain:
1. No error message is displayed when a user tries to delete a comment and the server program sends 401 "Access denied".
2. The permission check for updating a comment should be made earlier when the user clicks the "edit" button and the popup is opened, and not only after the user tries to save the modified comment.
--
ChristianDHeureuse - 07 Sep 2011