Forum OpenACS Q&A: Permissions to delete a general comment

Hi all,

I've been trying to figure out this problem.  As the administrator
of the system, I can delete general comments, but when I log in as a
normal user and try to delete, it fails the permission check.

The following piece of code does the check:
ad_require_permission $attach_id delete

I have tried to give admin access to Registered Users on General
comments, the ACS Content Repository, ACS Messaging and ACS Content.

Can someone point me to how I can give registered users delete
access, and give me a brief explanation of what was happening, why
giving admin to General comments didn't work.

Thanks,

Kevin

Collapse
Posted by Titi Ala'ilima on
In all likelihood, the context_id of the comment is the object it's commenting. Therefore, it will only inherit delete permissions through the object it's attached to. You probably don't want to give delete perms on the object, so you will have to edit the commenting procs to grant delete permission on the comment to whomever you wish, be it the user who created it, or to Registered Users (I don't really believe this is what you want).

Take a look at general-comments/www/comment-add-3.tcl and see the part where the permissions are added. That's what you need to fix. If you're really fancy, you can add a parameter to the general comments package so site admins can configure who gets granted the delete permissions.

Collapse
Posted by Kevin Crosbie on
Thanks for that Titi.

I made the change you suggested and it works great.  I altered comment add such that the user who created the comment also gets delete access.  I'm working on setting that up as a parameter now.

Cheers,

Kevin