From: jmtd <jmtd@web>
Date: Thu, 30 Sep 2021 13:59:32 +0000 (-0400)
Subject: describe unexpected situation where a logged-in user can delete other comments
X-Git-Url: http://git.vanrenterghem.biz/git.ikiwiki.info.git/commitdiff_plain/7b71cc3636b45354fc6c8006d6b05c542a00ff7d

describe unexpected situation where a logged-in user can delete other comments
---

diff --git a/doc/bugs/logged_in_users_can_remove_any_comments.mdwn b/doc/bugs/logged_in_users_can_remove_any_comments.mdwn
new file mode 100644
index 000000000..e4bd44e9b
--- /dev/null
+++ b/doc/bugs/logged_in_users_can_remove_any_comments.mdwn
@@ -0,0 +1,6 @@
+[ the precise circumstances around which this can happen are still being nailed down ]
+
+[[plugins/remove]] says:
+> Users can only remove things that they are allowed to edit or upload.
+
+This permits a logged-in user to remove comments by other users, which might be unexpected. *&mdash; [[Jon]], 2021-09-30*