Forum OpenACS Q&A: News and general_comments_create permissions

Collapse
1: News and general_comments_create permissions
Posted by Chris Davies on 09/06/03 10:08 PM
Debian/Sid
AOLServer 3.5.6-2
PostgreSQL 7.3.4-2
OpenACS 4.6.3

In News/item.tcl, the following line seems to determine whether permission to display the comments and the appropriate comment link should be displayed.

    if { [ad_parameter SolicitCommentsP "news" 0] &&
        [ad_permission_p $item_id general_comments_create] } {

However, I want to give anonymous users the ability to add comments.

If I comment out the section where it checks the permissions, things display as expected. But, that doesn't appear to be the 'correct' method.  If I leave the permission checks in place, adding direct permissions to the news or general comments module doesn't seem to make a difference.

Two questions:

1) Permissions
Inherited Permissions

    * Registered Users, general_comments_create
    * Registered Users, news_create
    * The Public, news_read
    * The Public, read

Direct Permissions

    Unregistered Visitor, news_create
    Unregistered Visitor, general_comments_create
    The Public, general_comments_create
    The Public, news_create

With the above permissions, comments do not display, nor is the public able to comment.  What am I missing in terms of permissions to allow anyone to create comments?

2) If I read the if statement correctly, one that doesn't have permission to post a comment, also cannot see the comments posted by those that do have the correct permissions.

Code block involved:

    if { [ad_parameter SolicitCommentsP "news" 0] &&
        [ad_permission_p $item_id general_comments_create] } {
        set comment_link [general_comments_create_link $item_id "[ad_conn package_url]item?item_id=$item_id"]
        set comments [general_comments_get_comments -print_content_p 1 -print_attachments_p 1 \
                $item_id "[ad_conn package_url]item?item_id=$item_id"]
    } else {
        set comment_link "$item_id"
        set comments ""
    }

In this case, even with solicit comments turned on, any permission failure would seem to not set comments properly.

Perhaps something like:

    set comments ""
    set comment_link ""
    if { [ad_parameter SolicitCommentsP "news" 0] } {
        set comments [general_comments_get_comments -print_content_p 1 -print_attachments_p 1 \
                $item_id "[ad_conn package_url]item?item_id=$item_id"]
        if { [ad_permission_p $item_id general_comments_create] } {
          set comment_link [general_comments_create_link $item_id "[ad_conn package_url]item?item_id=$item_id"]
        }
    }

My coding style might not match those of whomever is maintaining the package.

Even with the code change, my original permissions problem still exists.

Collapse
2: Re: News and general_comments_create permissions (response to 1)
Posted by Jeff Lu on 10/02/03 02:40 PM
Hi Chris,
It seems im also having the same problem as well. When a non admin user adds a comment to any news item whether or not it was created by an admin.
Ive tried to check the permission with ad_permission_p and it returns 0.
The Permissions are as follows:

Inherited Permissions
    * Registered Users, general_comments_create
    * Registered Users, news_create
    * The Public, news_read
    * The Public, read
    * me, admin
Direct Permissions
    Registered Users, general_comments_create

Can other people verify this error so it can be put in bug-tracker?