Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

User delete ONLY their own post

All is in the title, how can i allow the users to be able to delete their own post (ONLY, not the other's one as well). I can't found it in the permissions :(
Can someone help me ?

Comments

  • hgtonighthgtonight ∞ · New Moderator

    What version number of Vanilla are you running?

    Search first

    Check out the Documentation! We are always looking for new content and pull requests.

    Click on insightful, awesome, and funny reactions to thank community volunteers for their valuable posts.

  • 2.0.18.10

  • hgtonighthgtonight ∞ · New Moderator
    edited February 2014

    Discussions are deleted via the DiscussionController::Delete() method in /applications/vanilla/controllers/class.discussioncontroller.php. You will need to change the permission checking to include a check for owning the discussion.

    This is the current code snippet that performs the checking:

    $Discussion = $this->DiscussionModel->GetID($DiscussionID);
    if ($Discussion && $Session->CheckPermission('Vanilla.Discussions.Delete', TRUE, 'Category', $Discussion->PermissionCategoryID)) {
      if (!$this->DiscussionModel->Delete($DiscussionID))
        $this->Form->AddError('Failed to delete discussion');
      } else {
    

    This is a potential modification:

    $Discussion = $this->DiscussionModel->GetID($DiscussionID);
    if ($Discussion && ($Session->CheckPermission('Vanilla.Discussions.Delete', TRUE, 'Category', $Discussion->PermissionCategoryID) || $Discussion->InsertUserID == $Session->UserID)) {
      if (!$this->DiscussionModel->Delete($DiscussionID))
        $this->Form->AddError('Failed to delete discussion');
      } else {
    

    Do not modify the core files, the above snippet is only for edification purposes

    Search first

    Check out the Documentation! We are always looking for new content and pull requests.

    Click on insightful, awesome, and funny reactions to thank community volunteers for their valuable posts.

  • unfortunately this does not work, users still can delete post/discussions of them AND other users when i put this permission on true.

  • @kridz said:
    unfortunately this does not work, users still can delete post/discussions of them AND other users when i put this permission on true.

    You don't want the permission to be true, you would either need a new permission for that, or $Discussion->InsertUserID == $Session->UserID logic above. However @hgtonight 's code only covers the capability, it don't not handle the display of that option in the menu, etc.

    Also you want to avoid hacking up the core. Perhaps a better way would be through s plugin using Gdn::Session()->SetPermission() on the fly perhaps using a reference permission, which you can then assign to role..

    You wan to control it tightly with logic. I thought I released a plugin that used this, this turns out I forgot.

    grep is your friend.

  • Ok now i know why i didn't release it the client fell of the face off the earth, shame I think other would have appreciated Purchase Anonymous Posts.

    grep is your friend.

  • hgtonighthgtonight ∞ · New Moderator

    @x00 said:
    Also you want to avoid hacking up the core.

    Very true, not sure what I was thinking. Warning added.

    Search first

    Check out the Documentation! We are always looking for new content and pull requests.

    Click on insightful, awesome, and funny reactions to thank community volunteers for their valuable posts.

Sign In or Register to comment.