YAFLogo

Posted by: Pau - Friday, 23 September 2011 19:50:06
I've a forum and I want to allow guests to comments... However, I've noticed that any guest user can delete anothers guests comments... This seems a very serious issue, don't you think? Or am I doing something wrong? I am using by YAF 1.9.6 BETA 1 (4b3c9eb7e948)

Posted by: Pau - Friday, 23 September 2011 19:51:31
A guest user can even edit another people's comments!

Posted by: Zero2Cool - Friday, 23 September 2011 20:48:17
On the forums individual role permissions, it appears you may have given Guest the role of Admin. Host > Settings > Forums > Edit (on any forum) Towards the bottom of the page, you'll see "Edit Forum:" Under "Group" you'll see "Guests" make sure in the drop down menu on the right, they have "Read Only Access" or "Member Only Access" and not "Admin Access".

Posted by: Pau - Friday, 23 September 2011 20:56:55
[quote=Zero2Cool;51300]On the forums individual role permissions, it appears you may have given Guest the role of Admin. Host > Settings > Forums > Edit (on any forum) Towards the bottom of the page, you'll see "Edit Forum:" Under "Group" you'll see "Guests" make sure in the drop down menu on the right, they have "Read Only Access" or "Member Only Access" and not "Admin Access". [/quote] It says "Member Access". Here you can see an screenshot: [img=http://dl.dropbox.com/u/6286874/temp/guest.png]Guests access[/img]

Posted by: Zero2Cool - Friday, 23 September 2011 20:58:26
Is the Guest removing other Guests or Members posts? Also, do you have Members role defined to allow deleting of others posts?

Posted by: Pau - Friday, 23 September 2011 21:06:47
[quote=Zero2Cool;51302]Is the Guest removing other Guests or Members posts? [/quote] Only other guests posts. [quote=Zero2Cool;51302] Also, do you have Members role defined to allow deleting of others posts?[/quote] I don't understand your question. I don't see any "Members role". I see "Administrators", "Guests", or "Registered".

Posted by: Pau - Friday, 23 September 2011 21:09:03
If it helps, you can see roles definition here: http://dl.dropbox.com/u/6286874/temp/guest2.png

Posted by: Pau - Friday, 23 September 2011 21:25:24
I think I have founded and fixed the issue. Right now, I've edited access masks this way: [img=http://dl.dropbox.com/u/6286874/temp/guest3.png]Access masks[/img] And I've assigned "Read only access" to guest's users. [b]It works![/b] Is this the expected way? I think it is not obvious for newbies... I think a guest user shouldnot be able to eliminate posts under ay circunstances...

Posted by: Zero2Cool - Friday, 23 September 2011 21:55:03
I'm not sure if that's intended. Sorry, I should have said Mask, not Role I think. I've only allowed Guests read access so my experience is limited on that area.

Posted by: tha_watcha - Friday, 23 September 2011 22:03:19
Ok here is the problem: if you set the access mask for guest user roles to member, every guest can edit/delete/ create by default, because a guest user is basically in yaf one user. The problem is also here in that forum. if you want to allow guests to post message but not delete or edit the only solution is to create a new access mask with post allowes and edit and delete, and assaign that mask to the guest role.

Posted by: Pau - Friday, 23 September 2011 22:15:56
Thanks anyway. You guided me in the right direction. :-)