Needs work
Project:
Abuse
Version:
6.x-1.1-alpha1
Component:
User interface
Priority:
Normal
Category:
Bug report
Assigned:
Unassigned
Reporter:
Created:
2 Sep 2007 at 22:23 UTC
Updated:
25 Nov 2010 at 11:24 UTC
Jump to comment: Most recent file
Comments
Comment #1
jaydub commentedComment #2
jaydub commentedThe abuse_link() function contains a test to check if the user is attempting to flag their own piece of content.
If you have an anonymous user who is viewing a node or comment created by another
anonymous user (or themselves really), then $user->uid == $object->uid will be true
as both will be the value of the anonymous user 0.
There is a quick workaround:
There are other problems with allowing anonymous users to be able to submit abuse
however. Until further module development allows for better controls over anonymous
reporting I think it's advisable to disable permission for anonymous users to report
abuse.
Comment #3
zilverdistel commentedI created a patch for this. It also excludes the admin from hiding the links from the abuse module. Ideally the code should check proper permissions.
Comment #4
jcisio commentedA good step for a 3 year old problem :) To properly fix it:
- If uid==0 and $object->uid==0, then check $object->name with the current anonymous username. AFAIK, there is two anonymous users can't have a same name. If $user->name is empty, then we don't have other choice than accept it.
- Don't introduce uid 1 here. It changes the current behavior.
Comment #5
zilverdistel commentedYou're right about the uid=1. That was only a quickfix that worked in my specific case. Ideally this should be handled as follows ...
There are the permissions 'administer abuse reports' and 'administer all abuse reports'.
administer abuse reports:
A user with this permission should be able to see the link 'View abuse history' if he's viewing his own content.
administer all abuse reports:
A user with this permission should allways be able to see the link 'View abuse history'.
Comment #6
jcisio commentedI don't see why uid 1 needs to report his own content. But yes, there should be a permission to hide own contents. New features will go in 2.x branch. I'm working on it, there could be not many major modification, but I need continous time to work. I hope it will be available soon.
Now we are fixing a bug.