Timo Stollenwerk wrote:
> Hi,
>
> Elizabeth came across a problem with p.a.discussion during her PLIP
> review: Authenticated users are currently not able to post a comment,
> they need the "Member" role to do so.
>
> Do we also want authenticated users to be able to post comments? Shall
> we just check for the "Reply to Item" permission? I would like to hear
> other opinions before I start to refactor the code.
>
A general note here: I've always been under the impression
that guards for actions like the one here should be based
on permission rather than role. That's what counts in the
end. The role permission mapping is site policy and can
be anything in principle.
> What kind of message should users without the appropriate permission
> see? The log-in button is kind of silly if the user has a login, but not
> the appropriate permissions to post a comment.
>
That's somewhat tricky as there is no way to predict the
privileges an anonymous user would have should (s)he
log in. So something like the current behavior is probably
as good as it gets
- no button/message if discussion is disabled
- a login button if discussion is allowed but user
is anonymous
- for authenticated check the 'Reply to item' permission
That leaves room indeed for the case there you offer people
to login to comment and then they might still not be allowed
to do so. In such a case we could state explicitly that the
current user does not have the rights needed and maybe
include a link to contact site administration asking to consider
changing this.
Just my 2 cents,
Raphael
> Cheers,
> timo
>
> -------- Original-Nachricht --------
> Betreff: Re: [Plone] #9288: Improved commenting infrastructure
> Datum: Wed, 08 Dec 2010 04:30:48 -0000
> Von: Plone <[email protected]>
> Antwort an: [email protected]
> CC: [email protected]
>
> #9288: Improved commenting infrastructure
> ----------------------------+-----------------------------------------------
> Reporter: timo | Owner: timo
> Type: PLIP | Status: reopened
> Priority: minor | Milestone: 4.1
> Component: Infrastructure | Resolution:
> Keywords: |
> ----------------------------+-----------------------------------------------
>
> Comment(by eleddy):
>
> Replying to [comment:50 timo]:
> Nice work! I am super gung ho about authenticated being able to comment.
> In default installs you will rarely see authenticated users who aren't
> members and in custom environments using the member role is unlikely.
> Curious what others think.
>
> Thanks!
> _______________________________________________
> Framework-Team mailing list
> [email protected]
> http://lists.plone.org/mailman/listinfo/framework-team
>
_______________________________________________
Framework-Team mailing list
[email protected]
http://lists.plone.org/mailman/listinfo/framework-team
