From 7b71cc3636b45354fc6c8006d6b05c542a00ff7d Mon Sep 17 00:00:00 2001 From: jmtd Date: Thu, 30 Sep 2021 09:59:32 -0400 Subject: [PATCH] describe unexpected situation where a logged-in user can delete other comments --- doc/bugs/logged_in_users_can_remove_any_comments.mdwn | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 doc/bugs/logged_in_users_can_remove_any_comments.mdwn diff --git a/doc/bugs/logged_in_users_can_remove_any_comments.mdwn b/doc/bugs/logged_in_users_can_remove_any_comments.mdwn new file mode 100644 index 000000000..e4bd44e9b --- /dev/null +++ b/doc/bugs/logged_in_users_can_remove_any_comments.mdwn @@ -0,0 +1,6 @@ +[ the precise circumstances around which this can happen are still being nailed down ] + +[[plugins/remove]] says: +> Users can only remove things that they are allowed to edit or upload. + +This permits a logged-in user to remove comments by other users, which might be unexpected. *— [[Jon]], 2021-09-30* -- 2.39.5