#4510 Don't show Edit link / form on ticket comments if not allowed to edit
Editing other users' comments on Tracker tickets requires the MODERATE permission. However, the Edit link and form are shown on the ticket comments even if you do not have that permission, although the edit is rejected when submitted.
The link and form should not be available if the user does not have permission to edit that comment. (May need to verify whether a user should be able to edit their own comments.)
created #108: [#4510] Don't show Edit link / form on ticket comments if not allowed to edit (1cp)
Related
Tickets:
#4510closed #108, see 42cc_4510
A user should be able to edit their own tickets still, even if they don't have MODERATE permission.
Cory, please confirm that a user can not edit their own comments. We check for the MODERATE permission only, but seems that it's set for the owners. I tried with 3 different users on our staging server, and when a user did not have the moderate permission he still could edit his own comments.
Ok, I didn't realize that having UNMODERATED_POST also gives MODERATE on one's own comments, but that is in fact the case. This means that users can't edit their own comments if moderation is required, but that's good anyway since I doubt edits go through moderation (currently).
Closing as it is good.