Skip to:

Opened 11 years ago

Closed 11 years ago

#2348 closed defect (bug) (fixed)

Make Open/Close permissions consistently use 'edit_topic' instead of 'moderate'

Reported by: jondavidjohn's profile jondavidjohn Owned by:
Milestone: 2.4 Priority: normal
Severity: normal Version: 2.1
Component: Component - Topics Keywords: reporter-feedback


This patch aims to make the Open/Close functionality consistently require 'edit_topic' capability.

There were a few places that required the 'moderate' capability, but here you only require the 'edit_topic' capability, which seems to be the most correct requirement.

Attachments (1)

toggle_topic_capability.diff (1.1 KB) - added by jondavidjohn 11 years ago.
Patch to only require 'edit_topic' for topic toggle actions.

Download all attachments as: .zip

Change History (5)

11 years ago

Patch to only require 'edit_topic' for topic toggle actions.

#1 @johnjamesjacoby
11 years ago

  • Milestone changed from Awaiting Review to 2.4

#2 @johnjamesjacoby
11 years ago

  • Keywords reporter-feedback added; has-patch removed

It's possible there is a bug in this logic, since there appear to be some nested capability checks.

Though... the two checks you're pointing out here seem exclusive to moderators, since you'd likely not want a topic author to be able to close their own topic, and leave that up to conversation moderators to decide.

Leaving this open, to review these quickly in 2.4. Any other thoughts on this?

Last edited 11 years ago by johnjamesjacoby (previous) (diff)

#3 @johnjamesjacoby
11 years ago

In 4985:

Remove capability pre-check from admin links functions. Remove duplicate trash-removal logic that's done inside the respective trash-link generating functions. Fixes inconsistent nested capability checks within admin link functions. See #2348.

#4 @johnjamesjacoby
11 years ago

  • Resolution set to fixed
  • Status changed from new to closed

Closing as fixed. Nested cap checks should be its own ticket.

Note: See TracTickets for help on using tickets.