From: jmtd Date: Thu, 30 Sep 2021 13:59:32 +0000 (-0400) Subject: describe unexpected situation where a logged-in user can delete other comments X-Git-Url: http://git.vanrenterghem.biz/git.ikiwiki.info.git/commitdiff_plain/7b71cc3636b45354fc6c8006d6b05c542a00ff7d describe unexpected situation where a logged-in user can delete other comments --- diff --git a/doc/bugs/logged_in_users_can_remove_any_comments.mdwn b/doc/bugs/logged_in_users_can_remove_any_comments.mdwn new file mode 100644 index 000000000..e4bd44e9b --- /dev/null +++ b/doc/bugs/logged_in_users_can_remove_any_comments.mdwn @@ -0,0 +1,6 @@ +[ the precise circumstances around which this can happen are still being nailed down ] + +[[plugins/remove]] says: +> Users can only remove things that they are allowed to edit or upload. + +This permits a logged-in user to remove comments by other users, which might be unexpected. *— [[Jon]], 2021-09-30*