[Framework-Team] Fwd: Re: [Plone] #9288: Improved commenting infrastructure
Hi, Elizabeth came across a problem with p.a.discussion during her PLIP review: Authenticated users are currently not able to post a comment, they need the Member role to do so. Do we also want authenticated users to be able to post comments? Shall we just check for the Reply to Item permission? I would like to hear other opinions before I start to refactor the code. What kind of message should users without the appropriate permission see? The log-in button is kind of silly if the user has a login, but not the appropriate permissions to post a comment. Cheers, timo Original-Nachricht Betreff: Re: [Plone] #9288: Improved commenting infrastructure Datum: Wed, 08 Dec 2010 04:30:48 - Von: Plone disc...@antiloop.plone.org Antwort an: disc...@antiloop.plone.org CC: plone-collec...@objectrealms.net #9288: Improved commenting infrastructure +--- Reporter: timo|Owner: timo Type: PLIP| Status: reopened Priority: minor |Milestone: 4.1 Component: Infrastructure | Resolution: Keywords: | +--- Comment(by eleddy): Replying to [comment:50 timo]: Nice work! I am super gung ho about authenticated being able to comment. In default installs you will rarely see authenticated users who aren't members and in custom environments using the member role is unlikely. Curious what others think. Thanks! ___ Framework-Team mailing list Framework-Team@lists.plone.org http://lists.plone.org/mailman/listinfo/framework-team
Re: [Framework-Team] Fwd: Re: [Plone] #9288: Improved commenting infrastructure
Timo Stollenwerk li...@zmag.de writes: Hi, Elizabeth came across a problem with p.a.discussion during her PLIP review: Authenticated users are currently not able to post a comment, they need the Member role to do so. Do we also want authenticated users to be able to post comments? Shall we just check for the Reply to Item permission? I would like to hear other opinions before I start to refactor the code. Don't Open ID logins have only Authenticated and not Member? At any rate, I think it's generally a bad idea to check roles, one should always check permissions. So it should probably be protected with a permission that should be given to Authenticated by default. Ross What kind of message should users without the appropriate permission see? The log-in button is kind of silly if the user has a login, but not the appropriate permissions to post a comment. Cheers, timo Original-Nachricht Betreff: Re: [Plone] #9288: Improved commenting infrastructure Datum: Wed, 08 Dec 2010 04:30:48 - Von: Plone disc...@antiloop.plone.org Antwort an: disc...@antiloop.plone.org CC: plone-collec...@objectrealms.net #9288: Improved commenting infrastructure +--- Reporter: timo|Owner: timo Type: PLIP| Status: reopened Priority: minor |Milestone: 4.1 Component: Infrastructure | Resolution: Keywords: | +--- Comment(by eleddy): Replying to [comment:50 timo]: Nice work! I am super gung ho about authenticated being able to comment. In default installs you will rarely see authenticated users who aren't members and in custom environments using the member role is unlikely. Curious what others think. Thanks! ___ Framework-Team mailing list Framework-Team@lists.plone.org http://lists.plone.org/mailman/listinfo/framework-team
Re: [Framework-Team] Fwd: Re: [Plone] #9288: Improved commenting infrastructure
Timo Stollenwerk wrote: Hi, Elizabeth came across a problem with p.a.discussion during her PLIP review: Authenticated users are currently not able to post a comment, they need the Member role to do so. Do we also want authenticated users to be able to post comments? Shall we just check for the Reply to Item permission? I would like to hear other opinions before I start to refactor the code. A general note here: I've always been under the impression that guards for actions like the one here should be based on permission rather than role. That's what counts in the end. The role permission mapping is site policy and can be anything in principle. What kind of message should users without the appropriate permission see? The log-in button is kind of silly if the user has a login, but not the appropriate permissions to post a comment. That's somewhat tricky as there is no way to predict the privileges an anonymous user would have should (s)he log in. So something like the current behavior is probably as good as it gets - no button/message if discussion is disabled - a login button if discussion is allowed but user is anonymous - for authenticated check the 'Reply to item' permission That leaves room indeed for the case there you offer people to login to comment and then they might still not be allowed to do so. In such a case we could state explicitly that the current user does not have the rights needed and maybe include a link to contact site administration asking to consider changing this. Just my 2 cents, Raphael Cheers, timo Original-Nachricht Betreff: Re: [Plone] #9288: Improved commenting infrastructure Datum: Wed, 08 Dec 2010 04:30:48 - Von: Plone disc...@antiloop.plone.org Antwort an: disc...@antiloop.plone.org CC: plone-collec...@objectrealms.net #9288: Improved commenting infrastructure +--- Reporter: timo|Owner: timo Type: PLIP| Status: reopened Priority: minor |Milestone: 4.1 Component: Infrastructure | Resolution: Keywords: | +--- Comment(by eleddy): Replying to [comment:50 timo]: Nice work! I am super gung ho about authenticated being able to comment. In default installs you will rarely see authenticated users who aren't members and in custom environments using the member role is unlikely. Curious what others think. Thanks! ___ Framework-Team mailing list Framework-Team@lists.plone.org http://lists.plone.org/mailman/listinfo/framework-team ___ Framework-Team mailing list Framework-Team@lists.plone.org http://lists.plone.org/mailman/listinfo/framework-team